diff --git a/docs/cce/umn/ALL_META.TXT.json b/docs/cce/umn/ALL_META.TXT.json index 1d24509ed..2270b6fdc 100644 --- a/docs/cce/umn/ALL_META.TXT.json +++ b/docs/cce/umn/ALL_META.TXT.json @@ -27,14 +27,14 @@ "node_id":"cce_productdesc_0001.xml", "product_code":"cce", "code":"2", - "des":"Cloud Container Engine (CCE) is a Kubernetes cluster hosting service for enterprises. It manages the enter lifecycle of containerized applications and delivers scalable, ", + "des":"Cloud Container Engine (CCE) is a Kubernetes cluster hosting service for enterprises. It manages the entire lifecycle of containerized applications and delivers scalable,", "doc_type":"usermanual2", "kw":"What Is CCE?,Service Overview,User Guide", "search_title":"", "metedata":[ { - "documenttype":"usermanual", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], "title":"What Is CCE?", @@ -51,8 +51,8 @@ "search_title":"", "metedata":[ { - "documenttype":"usermanual", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], "title":"Product Advantages", @@ -69,8 +69,8 @@ "search_title":"", "metedata":[ { - "documenttype":"usermanual", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], "title":"Application Scenarios", @@ -87,8 +87,8 @@ "search_title":"", "metedata":[ { - "documenttype":"usermanual", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], "title":"Containerized Application Management", @@ -105,8 +105,8 @@ "search_title":"", "metedata":[ { - "documenttype":"usermanual", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], "title":"Auto Scaling in Seconds", @@ -123,8 +123,8 @@ "search_title":"", "metedata":[ { - "documenttype":"usermanual", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], "title":"DevOps and CI/CD", @@ -135,14 +135,14 @@ "node_id":"cce_productdesc_0018.xml", "product_code":"cce", "code":"8", - "des":"Multi-cloud deployment and disaster recoveryRunning apps in containers on different clouds can ensure high availability. When a cloud is down, other clouds respond and se", + "des":"Multi-cloud deployment and disaster recoveryTo ensure high service availability, services need to be deployed on container services of multiple clouds. When a cloud is fa", "doc_type":"usermanual2", "kw":"Hybrid Cloud,Application Scenarios,User Guide", "search_title":"", "metedata":[ { - "documenttype":"usermanual", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], "title":"Hybrid Cloud", @@ -159,8 +159,8 @@ "search_title":"", "metedata":[ { - "documenttype":"usermanual", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], "title":"Permissions", @@ -177,8 +177,8 @@ "search_title":"", "metedata":[ { - "documenttype":"usermanual", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], "title":"Notes and Constraints", @@ -195,8 +195,8 @@ "search_title":"", "metedata":[ { - "documenttype":"usermanual", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], "title":"Related Services", @@ -213,8 +213,8 @@ "search_title":"", "metedata":[ { - "documenttype":"usermanual", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], "title":"Regions and AZs", @@ -240,30 +240,11 @@ "title":"Product Bulletin", "githuburl":"" }, - { - "uri":"cce_bulletin_0033.html", - "node_id":"cce_bulletin_0033.xml", - "product_code":"cce", - "code":"14", - "des":"CCE provides highly scalable, high-performance, enterprise-class Kubernetes clusters. This section describes the Kubernetes version policy of CCE clusters.The CCE console", - "doc_type":"usermanual2", - "kw":"Kubernetes Version Policy,Product Bulletin,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "opensource":"true", - "documenttype":"usermanual" - } - ], - "title":"Kubernetes Version Policy", - "githuburl":"" - }, { "uri":"cce_bulletin_0098.html", "node_id":"cce_bulletin_0098.xml", "product_code":"cce", - "code":"15", + "code":"14", "des":"Released: Oct 23, 2024CentOS has reached its end of maintenance (EOM) date, which means it will no longer receive updates or support. The CentOS public images on CCE are ", "doc_type":"usermanual2", "kw":"EOM of CentOS,Product Bulletin,User Guide", @@ -280,7 +261,7 @@ "uri":"cce_bulletin_0169.html", "node_id":"cce_bulletin_0169.xml", "product_code":"cce", - "code":"16", + "code":"15", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Security Vulnerability Responses", @@ -300,7 +281,7 @@ "uri":"cce_bulletin_0011.html", "node_id":"cce_bulletin_0011.xml", "product_code":"cce", - "code":"17", + "code":"16", "des":"High-risk vulnerabilities:CCE fixes vulnerabilities as soon as possible after the Kubernetes community detects them and releases fixing solutions. The fixing policies are", "doc_type":"usermanual2", "kw":"Vulnerability Fixing Policies,Security Vulnerability Responses,User Guide", @@ -319,7 +300,7 @@ "uri":"CVE-2021-4034.html", "node_id":"cve-2021-4034.xml", "product_code":"cce", - "code":"18", + "code":"17", "des":"Recently, a security research team disclosed a privilege escalation vulnerability (CVE-2021-4034, also dubbed PwnKit) in PolKit's pkexec. Unprivileged users can gain full", "doc_type":"usermanual2", "kw":"Linux Polkit Privilege Escalation Vulnerability (CVE-2021-4034),Security Vulnerability Responses,Use", @@ -339,7 +320,7 @@ "uri":"cce_bulletin_0206.html", "node_id":"cce_bulletin_0206.xml", "product_code":"cce", - "code":"19", + "code":"18", "des":"The Linux Kernel SACK vulnerabilities have been fixed. This section describes the solution to these vulnerabilities.On June 18, 2019, Red Hat released a security notice, ", "doc_type":"usermanual2", "kw":"Notice on Fixing Linux Kernel SACK Vulnerabilities,Security Vulnerability Responses,User Guide", @@ -359,7 +340,7 @@ "uri":"cce_qs_0000.html", "node_id":"cce_qs_0000.xml", "product_code":"cce", - "code":"20", + "code":"19", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Getting Started", @@ -379,15 +360,15 @@ "uri":"cce_qs_0001.html", "node_id":"cce_qs_0001.xml", "product_code":"cce", - "code":"21", + "code":"20", "des":"This section describes how to use Cloud Container Engine (CCE) and provides frequently asked questions (FAQs) to help you quickly get started with CCE.Complete the follow", "doc_type":"usermanual2", "kw":"Introduction,Getting Started,User Guide", "search_title":"", "metedata":[ { - "documenttype":"usermanual2", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], "title":"Introduction", @@ -397,15 +378,15 @@ "uri":"cce_qs_0006.html", "node_id":"cce_qs_0006.xml", "product_code":"cce", - "code":"22", + "code":"21", "des":"Before using CCE, make the following preparations:Creating an IAM userObtaining Resource Permissions(Optional) Creating a VPC(Optional) Creating a Key PairIf you want to ", "doc_type":"usermanual2", "kw":"VPC,Preparations,Getting Started,User Guide", "search_title":"", "metedata":[ { - "documenttype":"usermanual2", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], "title":"Preparations", @@ -415,15 +396,15 @@ "uri":"cce_qs_0008.html", "node_id":"cce_qs_0008.xml", "product_code":"cce", - "code":"23", - "des":"This section describes how to quickly create a CCE cluster. In this example, the default or simple configurations are in use.If you have no clusters, click Create CCE Sta", + "code":"22", + "des":"This section describes how to quickly create a CCE cluster. In this example, the default or simple configurations are in use.If you have no clusters, click Create Cluster", "doc_type":"usermanual2", "kw":"Creating a Kubernetes Cluster,Getting Started,User Guide", "search_title":"", "metedata":[ { - "documenttype":"usermanual2", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], "title":"Creating a Kubernetes Cluster", @@ -433,33 +414,33 @@ "uri":"cce_qs_0003.html", "node_id":"cce_qs_0003.xml", "product_code":"cce", - "code":"24", + "code":"23", "des":"You can use images to quickly create a single-pod workload that can be accessed from public networks. This section describes how to use CCE to quickly deploy an Nginx app", "doc_type":"usermanual2", - "kw":"Creating a Deployment (Nginx),Getting Started,User Guide", + "kw":"Deploying a Deployment (Nginx),Getting Started,User Guide", "search_title":"", "metedata":[ { - "documenttype":"usermanual2", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], - "title":"Creating a Deployment (Nginx)", + "title":"Deploying a Deployment (Nginx)", "githuburl":"" }, { "uri":"cce_qs_0007.html", "node_id":"cce_qs_0007.xml", "product_code":"cce", - "code":"25", + "code":"24", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Deploying WordPress and MySQL That Depend on Each Other", "search_title":"", "metedata":[ { - "documenttype":"usermanual2", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], "title":"Deploying WordPress and MySQL That Depend on Each Other", @@ -469,15 +450,15 @@ "uri":"cce_qs_0009.html", "node_id":"cce_qs_0009.xml", "product_code":"cce", - "code":"26", + "code":"25", "des":"WordPress was originally a blog platform based on PHP and MySQL. It is gradually evolved into a content management system. You can set up your own blog website on any ser", "doc_type":"usermanual2", "kw":"Overview,Deploying WordPress and MySQL That Depend on Each Other,User Guide", "search_title":"", "metedata":[ { - "documenttype":"usermanual2", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], "title":"Overview", @@ -487,46 +468,46 @@ "uri":"cce_qs_0004.html", "node_id":"cce_qs_0004.xml", "product_code":"cce", - "code":"27", + "code":"26", "des":"WordPress must be used together with MySQL. WordPress runs the content management program while MySQL serves as a database to store data.You have created a CCE cluster th", "doc_type":"usermanual2", - "kw":"Creating a MySQL Workload,Deploying WordPress and MySQL That Depend on Each Other,User Guide", + "kw":"Step 1: Deploying MySQL,Deploying WordPress and MySQL That Depend on Each Other,User Guide", "search_title":"", "metedata":[ { - "documenttype":"usermanual2", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], - "title":"Creating a MySQL Workload", + "title":"Step 1: Deploying MySQL", "githuburl":"" }, { "uri":"cce_qs_0005.html", "node_id":"cce_qs_0005.xml", "product_code":"cce", - "code":"28", + "code":"27", "des":"WordPress was originally a blog platform based on PHP and MySQL. It is gradually evolved into a content management system. You can set up your own blog website on any ser", "doc_type":"usermanual2", - "kw":"Creating a WordPress Workload,Deploying WordPress and MySQL That Depend on Each Other,User Guide", + "kw":"Step 2: Deploying WordPress,Deploying WordPress and MySQL That Depend on Each Other,User Guide", "search_title":"", "metedata":[ { - "documenttype":"usermanual2", - "prodname":"cce" + "prodname":"cce", + "documenttype":"usermanual" } ], - "title":"Creating a WordPress Workload", + "title":"Step 2: Deploying WordPress", "githuburl":"" }, { "uri":"cce_10_0054.html", "node_id":"cce_10_0054.xml", "product_code":"cce", - "code":"29", + "code":"28", "des":"During service deployment or running, you may trigger high-risk operations at different levels, causing service faults or interruption. To help you better estimate and av", "doc_type":"usermanual2", - "kw":"High-Risk Operations,User Guide", + "kw":"network-attachment-definitions,High-Risk Operations,User Guide", "search_title":"", "metedata":[ { @@ -541,7 +522,7 @@ "uri":"cce_10_0091.html", "node_id":"cce_10_0091.xml", "product_code":"cce", - "code":"30", + "code":"29", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Clusters", @@ -556,13 +537,13 @@ "githuburl":"" }, { - "uri":"cce_10_0002.html", - "node_id":"cce_10_0002.xml", + "uri":"cce_10_0430.html", + "node_id":"cce_10_0430.xml", "product_code":"cce", - "code":"31", - "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "code":"30", + "des":"Cloud Container Engine (CCE) is a Kubernetes cluster hosting service for enterprises. It manages the entire lifecycle of containerized applications and delivers scalable,", "doc_type":"usermanual2", - "kw":"Cluster Overview", + "kw":"Number of Master Nodes in a Cluster,Cluster Overview,Clusters,User Guide", "search_title":"", "metedata":[ { @@ -574,13 +555,13 @@ "githuburl":"" }, { - "uri":"cce_10_0430.html", - "node_id":"cce_10_0430.xml", + "uri":"cce_10_0002.html", + "node_id":"cce_10_0002.xml", "product_code":"cce", - "code":"32", - "des":"Kubernetes is an open source container orchestration engine for automating deployment, scaling, and management of containerized applications.For developers, Kubernetes is", + "code":"31", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", - "kw":"Master Nodes,Basic Cluster Information,Cluster Overview,User Guide", + "kw":"Cluster Version Release Notes", "search_title":"", "metedata":[ { @@ -588,14 +569,14 @@ "documenttype":"usermanual" } ], - "title":"Basic Cluster Information", + "title":"Cluster Version Release Notes", "githuburl":"" }, { "uri":"cce_10_0068.html", "node_id":"cce_10_0068.xml", "product_code":"cce", - "code":"33", + "code":"32", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Kubernetes Version Release Notes", @@ -609,6 +590,24 @@ "title":"Kubernetes Version Release Notes", "githuburl":"" }, + { + "uri":"cce_bulletin_0099.html", + "node_id":"cce_bulletin_0099.xml", + "product_code":"cce", + "code":"33", + "des":"CCE allows you to create Kubernetes clusters 1.31. This section describes the changes made in Kubernetes 1.31.New and Enhanced FeaturesAPI Changes and RemovalsEnhanced Ku", + "doc_type":"usermanual2", + "kw":"Kubernetes 1.31 Release Notes,Kubernetes Version Release Notes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Kubernetes 1.31 Release Notes", + "githuburl":"" + }, { "uri":"cce_bulletin_0095.html", "node_id":"cce_bulletin_0095.xml", @@ -668,7 +667,7 @@ "node_id":"cce_bulletin_0059.xml", "product_code":"cce", "code":"37", - "des":"CCE allows you to create clusters of Kubernetes 1.27. This section describes the changes made in Kubernetes 1.27 compared with Kubernetes 1.25.New FeaturesDeprecations an", + "des":"CCE allows you to create Kubernetes clusters 1.27. This section describes the changes made in Kubernetes 1.27 compared with Kubernetes 1.25.New FeaturesDeprecations and R", "doc_type":"usermanual2", "kw":"Kubernetes 1.27 Release Notes,Kubernetes Version Release Notes,User Guide", "search_title":"", @@ -704,7 +703,7 @@ "node_id":"cce_bulletin_0027.xml", "product_code":"cce", "code":"39", - "des":"This section describes the updates in CCE Kubernetes 1.23.Kubernetes 1.23 Release NotesFlexVolume is deprecated. Use CSI.HorizontalPodAutoscaler v2 is promoted to GA, and", + "des":"This section describes the updates in CCE Kubernetes 1.23.Kubernetes v1.23 Release NotesFlexVolume is deprecated. Use CSI.HorizontalPodAutoscaler v2 is promoted to GA, an", "doc_type":"usermanual2", "kw":"Kubernetes 1.23 Release Notes,Kubernetes Version Release Notes,User Guide", "search_title":"", @@ -722,7 +721,7 @@ "node_id":"cce_bulletin_0026.xml", "product_code":"cce", "code":"40", - "des":"This section describes the updates in CCE Kubernetes 1.21.Kubernetes 1.21 Release NotesCronJob is now in the stable state, and the version number changes to batch/v1.The ", + "des":"This section describes the updates in CCE Kubernetes 1.21.Kubernetes v1.21 Release NotesCronJob is now in the stable state, and the version number changes to batch/v1.The", "doc_type":"usermanual2", "kw":"Kubernetes 1.21 (EOM) Release Notes,Kubernetes Version Release Notes,User Guide", "search_title":"", @@ -776,9 +775,9 @@ "node_id":"cce_10_0405.xml", "product_code":"cce", "code":"43", - "des":"dockershim has been removed since Kubernetes v1.24, and Docker is not supported in v1.24 and later versions by default. Use containerd.All nodes in the CCE clusters of ve", + "des":"In CCE clusters of v1.25, containerd is the default runtime for nodes, except for nodes running EulerOS 2.5. In addition, clusters of v1.25 or later no longer support Eul", "doc_type":"usermanual2", - "kw":"Patch Version Release Notes,Cluster Overview,User Guide", + "kw":"Patch Version Release Notes,Cluster Version Release Notes,User Guide", "search_title":"", "metedata":[ { @@ -884,9 +883,9 @@ "node_id":"cce_10_0107.xml", "product_code":"cce", "code":"49", - "des":"This section uses a CCE standard cluster as an example to describe how to access a CCE cluster using kubectl.When you access a cluster using kubectl, CCE uses kubeconfig ", + "des":"kubectl is a command-line tool provided by Kubernetes, enabling you to manage cluster resources, view cluster status, deploy applications, and debug issues through the CL", "doc_type":"usermanual2", - "kw":"kubectl,Intranet access,Two-Way Authentication for Domain Names,Error from server Forbidden,The conn", + "kw":"Intranet access,Internet access,kubectl,intranet access,Internet access,Two-Way Authentication for D", "search_title":"", "metedata":[ { @@ -894,7 +893,7 @@ "documenttype":"usermanual" } ], - "title":"Connecting to a Cluster Using kubectl", + "title":"Accessing a Cluster Using kubectl", "githuburl":"" }, { @@ -902,7 +901,7 @@ "node_id":"cce_10_0175.xml", "product_code":"cce", "code":"50", - "des":"This section describes how to obtain the cluster certificate from the console and use it to access Kubernetes clusters.The downloaded certificate contains three files: cl", + "des":"X.509 certificates are essential for verifying identities and encrypting communication within CCE clusters. These certificates enable authorized clients to access target ", "doc_type":"usermanual2", "kw":"X.509 certificate,Accessing a Cluster Using an X.509 Certificate,Connecting to a Cluster,User Guide", "search_title":"", @@ -920,7 +919,7 @@ "node_id":"cce_10_0367.xml", "product_code":"cce", "code":"51", - "des":"Subject Alternative Name (SAN) allows multiple values (including IP addresses, domain names, and so on) to be associated with certificates. A SAN is usually used by the c", + "des":"Subject Alternative Name (SAN) enables certificates to be associated with multiple values, including IP addresses and domain names. A SAN is usually used by the client to", "doc_type":"usermanual2", "kw":"SAN,X.509 certificate,Accessing a Cluster Using a Custom Domain Name,Connecting to a Cluster,User Gu", "search_title":"", @@ -956,7 +955,7 @@ "node_id":"cce_10_0744.xml", "product_code":"cce", "code":"53", - "des":"In multi-tenant scenarios, CCE generates a credential (kubeconfig or X.509 certificate) for you to access the corresponding cluster. The credential contains user identity", + "des":"In multi-tenant scenarios, CCE generates a unique credential (such as a kubeconfig file or an X.509 certificate) for each user to access their designated cluster. These c", "doc_type":"usermanual2", "kw":"Revoking a Cluster Access Credential,Connecting to a Cluster,User Guide", "search_title":"", @@ -992,9 +991,9 @@ "node_id":"cce_10_0213.xml", "product_code":"cce", "code":"55", - "des":"CCE allows you to manage cluster parameters, through which you can let core components work under your requirements.kube-apiserverkube-controller-managerkube-scheduler", + "des":"Cluster configuration parameters are underlying rules that define node behavior, resource allocation, communication rules, and scaling policies in a distributed system. T", "doc_type":"usermanual2", - "kw":"cluster parameters,kube-apiserver,kube-controller-manager,Modifying Cluster Configurations,Managing ", + "kw":"Cluster configuration parameters,cluster configuration parameters,Cluster configuration parameters,C", "search_title":"", "metedata":[ { @@ -1010,9 +1009,9 @@ "node_id":"cce_10_0602.xml", "product_code":"cce", "code":"56", - "des":"After overload control is enabled, the number of simultaneous requests is dynamically regulated according to the resource pressure on the master nodes. This ensures that ", + "des":"Cluster overload occurs when system load such as request volume or resource usage exceeds the system's processing capacity, leading to degraded performance or system fail", "doc_type":"usermanual2", - "kw":"overload control,Enabling Overload Control for a Cluster,Managing a Cluster,User Guide", + "kw":"Enabling Overload Control for a Cluster,Managing a Cluster,User Guide", "search_title":"", "metedata":[ { @@ -1028,9 +1027,9 @@ "node_id":"cce_10_0403.xml", "product_code":"cce", "code":"57", - "des":"CCE allows you to change the number of nodes managed in a cluster.A cluster that has only one master node supports fewer than 1000 worker nodes.The number of master nodes", + "des":"A cluster scale specifies the maximum number of nodes a cluster can manage. If the current cluster scale cannot meet your requirements, you can scale it out.A cluster tha", "doc_type":"usermanual2", - "kw":"Changing Cluster Scale,Managing a Cluster,User Guide", + "kw":"scale it out,Changing a Cluster Scale,Managing a Cluster,User Guide", "search_title":"", "metedata":[ { @@ -1038,7 +1037,7 @@ "documenttype":"usermanual" } ], - "title":"Changing Cluster Scale", + "title":"Changing a Cluster Scale", "githuburl":"" }, { @@ -1138,7 +1137,7 @@ "code":"63", "des":"CCE strictly complies with community consistency authentication. It releases three Kubernetes versions each year and offers a maintenance period of at least 24 months aft", "doc_type":"usermanual2", - "kw":"cluster upgrade process,Node Priority,In-place upgrade,Process and Method of Upgrading a Cluster,Upg", + "kw":"cluster upgrade process,Node Priority,In-place upgrade,Cluster Upgrade Overview,Upgrading a Cluster,", "search_title":"", "metedata":[ { @@ -1146,7 +1145,7 @@ "documenttype":"usermanual" } ], - "title":"Process and Method of Upgrading a Cluster", + "title":"Cluster Upgrade Overview", "githuburl":"" }, { @@ -1154,7 +1153,7 @@ "node_id":"cce_10_0302.xml", "product_code":"cce", "code":"64", - "des":"Before the upgrade, you can check whether your cluster can be upgraded and which versions are available on the CCE console. For details, see Process and Method of Upgradi", + "des":"Before the upgrade, you can check whether your cluster can be upgraded and which versions are available on the CCE console. For details, see Cluster Upgrade Overview.Befo", "doc_type":"usermanual2", "kw":"Deprecated APIs,Before You Start,Upgrading a Cluster,User Guide", "search_title":"", @@ -1460,7 +1459,7 @@ "node_id":"cce_10_0437.xml", "product_code":"cce", "code":"81", - "des":"Check whether the Protocol & Port of the worker node security groups is set to ICMP: All and whether the security group with the source IP address set to the master node ", + "des":"Check whether the Protocol & Port of the worker node security groups is set to ICMP: All and whether the security group rule with the source IP address set to the master ", "doc_type":"usermanual2", "kw":"Security Groups,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", "search_title":"", @@ -1532,7 +1531,7 @@ "node_id":"cce_10_0442.xml", "product_code":"cce", "code":"85", - "des":"Check whether cce-agent on the current node is of the latest version.Scenario 1: The error message \"you cce-agent no update, please restart it\" is displayed.cce-agent doe", + "des":"Check whether cce-agent on the current node is of the latest version.Scenario 1: The error message \"you cce-agent no update, please restart it\" is displayed.This issue oc", "doc_type":"usermanual2", "kw":"CCE Agent Versions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", "search_title":"", @@ -1640,7 +1639,7 @@ "node_id":"cce_10_0448.xml", "product_code":"cce", "code":"91", - "des":"Check whether the kubelet on the node is running properly.Scenario 1: The kubelet status is abnormal.If the kubelet malfunctions, the node is unavailable. Restore the nod", + "des":"Check whether the kubelet on the node is running properly.Scenario 1: The kubelet status is abnormal.If the kubelet malfunctions, the node will be unavailable. Restore th", "doc_type":"usermanual2", "kw":"kubelet,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", "search_title":"", @@ -1712,7 +1711,7 @@ "node_id":"cce_10_0452.xml", "product_code":"cce", "code":"95", - "des":"Check and make sure that the master nodes in your cluster have more than 2 CPU cores.The number of CPU cores on the master nodes is 2, which may lead to a cluster upgrade", + "des":"Verify that the master nodes in your cluster have more than 2 CPU cores.The master nodes have only 2 CPU cores, which may lead to a cluster upgrade failure.Contact techni", "doc_type":"usermanual2", "kw":"Node CPU Cores,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", "search_title":"", @@ -2252,9 +2251,9 @@ "node_id":"cce_10_0503.xml", "product_code":"cce", "code":"125", - "des":"The GPU add-on is involved in the upgrade, which may affect the GPU driver installation during the creation of a GPU node.The GPU add-on driver needs to be configured by ", + "des":"CCE AI Suite (NVIDIA GPU) is involved in the upgrade, which may affect the GPU driver installation during the creation of a GPU node.The driver of CCE AI Suite (NVIDIA GP", "doc_type":"usermanual2", - "kw":"GPU Add-on,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "kw":"CCE AI Suite (NVIDIA GPU),Troubleshooting for Pre-upgrade Check Exceptions,User Guide", "search_title":"", "metedata":[ { @@ -2262,7 +2261,7 @@ "documenttype":"usermanual" } ], - "title":"GPU Add-on", + "title":"CCE AI Suite (NVIDIA GPU)", "githuburl":"" }, { @@ -2344,7 +2343,7 @@ "code":"130", "des":"Check item 1: Check whether there is an Nginx Ingress route whose ingress type is not specified (kubernetes.io/ingress.class: nginx is not added to annotations) in the cl", "doc_type":"usermanual2", - "kw":"nginx-ingress Upgrade,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "kw":"NGINX Ingress Controller,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", "search_title":"", "metedata":[ { @@ -2352,7 +2351,7 @@ "documenttype":"usermanual" } ], - "title":"nginx-ingress Upgrade", + "title":"NGINX Ingress Controller", "githuburl":"" }, { @@ -2378,9 +2377,9 @@ "node_id":"cce_10_0511.xml", "product_code":"cce", "code":"132", - "des":"Check whether the configuration of the CCE AI Suite add-on in a cluster has been intrusively modified. If so, upgrading the cluster may fail.", + "des":"Check whether the configuration of CCE AI Suite (NVIDIA GPU) in a cluster has been intrusively modified. If so, upgrading the cluster may fail.", "doc_type":"usermanual2", - "kw":"Key GPU Add-on Parameters,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "kw":"Key CCE AI Suite (NVIDIA GPU) Parameters,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", "search_title":"", "metedata":[ { @@ -2388,7 +2387,7 @@ "documenttype":"usermanual" } ], - "title":"Key GPU Add-on Parameters", + "title":"Key CCE AI Suite (NVIDIA GPU) Parameters", "githuburl":"" }, { @@ -2414,7 +2413,7 @@ "node_id":"cce_10_0513.xml", "product_code":"cce", "code":"134", - "des":"Check whether ELB listener access control has been configured for the Services in the current cluster using annotations.If so, check whether their configurations are corr", + "des":"Check whether ELB listener access control has been configured using annotations for the Services in the current cluster.If so, check whether their configurations are corr", "doc_type":"usermanual2", "kw":"ELB Listener Access Control,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", "search_title":"", @@ -2540,7 +2539,7 @@ "node_id":"cce_10_0521.xml", "product_code":"cce", "code":"141", - "des":"Make sure that the GPU add-on and Ubuntu nodes are compatible before using them in a cluster. If the Ubuntu kernel is 5.15.0-113-generic, the driver of the GPU add-on mus", + "des":"Make sure that CCE AI Suite (NVIDIA GPU) and Ubuntu nodes are compatible before using them in a cluster. If the Ubuntu kernel is 5.15.0-113-generic, the driver of the GPU", "doc_type":"usermanual2", "kw":"Compatibility Between the Ubuntu Kernel and GPU Driver,Troubleshooting for Pre-upgrade Check Excepti", "search_title":"", @@ -2643,11 +2642,101 @@ "title":"Ingress and ELB Configuration Consistency", "githuburl":"" }, + { + "uri":"cce_10_0527.html", + "node_id":"cce_10_0527.xml", + "product_code":"cce", + "code":"147", + "des":"Check the network policy settings on the master nodes in your cluster. If any manual modifications have been made, they will be reset during the upgrade.Check whether net", + "doc_type":"usermanual2", + "kw":"Network Policies of Cluster Network Components,Troubleshooting for Pre-upgrade Check Exceptions,User", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Network Policies of Cluster Network Components", + "githuburl":"" + }, + { + "uri":"cce_10_0528.html", + "node_id":"cce_10_0528.xml", + "product_code":"cce", + "code":"148", + "des":"Check whether the nic-max-above-warm-target value configured for the network component of the current cluster exceeds the maximum value allowed.Determine the scope of imp", + "doc_type":"usermanual2", + "kw":"Cluster and Node Pool Configurations,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Cluster and Node Pool Configurations", + "githuburl":"" + }, + { + "uri":"cce_10_0529.html", + "node_id":"cce_10_0529.xml", + "product_code":"cce", + "code":"149", + "des":"Check whether the time zone of the master nodes matches the cluster's time zone. If they are different, the master nodes will be updated to match the cluster's time zone ", + "doc_type":"usermanual2", + "kw":"Time Zone of Master Nodes,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Time Zone of Master Nodes", + "githuburl":"" + }, + { + "uri":"cce_10_0530.html", + "node_id":"cce_10_0530.xml", + "product_code":"cce", + "code":"150", + "des":"Check whether the SNATIPRanges value has changed after the upgrade. This check is available only for CCE Turbo clusters.In a CCE Turbo cluster, the CIDR blocks in SNATIPR", + "doc_type":"usermanual2", + "kw":"SNATIPRanges,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"SNATIPRanges", + "githuburl":"" + }, + { + "uri":"cce_10_0531.html", + "node_id":"cce_10_0531.xml", + "product_code":"cce", + "code":"151", + "des":"Manual modifications to add-on configuration parameters (typically ConfigMaps), instead of modifications through the CCE console or APIs, may be overwritten after an upgr", + "doc_type":"usermanual2", + "kw":"Add-on Configuration Consistency,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Add-on Configuration Consistency", + "githuburl":"" + }, { "uri":"cce_10_0183.html", "node_id":"cce_10_0183.xml", "product_code":"cce", - "code":"147", + "code":"152", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Nodes", @@ -2665,7 +2754,7 @@ "uri":"cce_10_0180.html", "node_id":"cce_10_0180.xml", "product_code":"cce", - "code":"148", + "code":"153", "des":"A container cluster consists of a set of worker machines, called nodes, that run containerized applications. A node can be a virtual machine (VM) or a physical machine (P", "doc_type":"usermanual2", "kw":"paas,user group,Node Overview,Nodes,User Guide", @@ -2683,7 +2772,7 @@ "uri":"cce_10_0462.html", "node_id":"cce_10_0462.xml", "product_code":"cce", - "code":"149", + "code":"154", "des":"Container engines, one of the most important components of Kubernetes, manage the lifecycle of images and containers. The kubelet interacts with a container runtime throu", "doc_type":"usermanual2", "kw":"Container Engines,Nodes,User Guide", @@ -2701,7 +2790,7 @@ "uri":"cce_10_0476.html", "node_id":"cce_10_0476.xml", "product_code":"cce", - "code":"150", + "code":"155", "des":"This section describes the mappings between released cluster versions and OS versions.", "doc_type":"usermanual2", "kw":"Node OSs,Nodes,User Guide", @@ -2719,7 +2808,7 @@ "uri":"cce_10_0363.html", "node_id":"cce_10_0363.xml", "product_code":"cce", - "code":"151", + "code":"156", "des":"At least one cluster has been created.A key pair has been created for identity authentication upon remote node login.The DNS configuration of a subnet where a node is loc", "doc_type":"usermanual2", "kw":"Creating a Node,Nodes,User Guide", @@ -2737,7 +2826,7 @@ "uri":"cce_10_0198.html", "node_id":"cce_10_0198.xml", "product_code":"cce", - "code":"152", + "code":"157", "des":"In CCE, you can create a node (Creating a Node) or add existing nodes (ECSs) to your cluster for management.When accepting an ECS, you can reset the ECS OS to a standard ", "doc_type":"usermanual2", "kw":"Accepting Nodes for Management,Nodes,User Guide", @@ -2755,7 +2844,7 @@ "uri":"cce_10_0185.html", "node_id":"cce_10_0185.xml", "product_code":"cce", - "code":"153", + "code":"158", "des":"Before you log in to a node using SSH, ensure that the SSH port (22 by default) is enabled in the security group of the node.Before you log in to a node (an ECS) using SS", "doc_type":"usermanual2", "kw":"Logging In to a Node,Nodes,User Guide", @@ -2773,7 +2862,7 @@ "uri":"cce_10_0672.html", "node_id":"cce_10_0672.xml", "product_code":"cce", - "code":"154", + "code":"159", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"node labels", @@ -2791,7 +2880,7 @@ "uri":"cce_10_0004.html", "node_id":"cce_10_0004.xml", "product_code":"cce", - "code":"155", + "code":"160", "des":"You can add different labels to nodes and define different attributes for labels. By using these node labels, you can quickly understand the characteristics of each node.", "doc_type":"usermanual2", "kw":"node labels,Inherent Label of a Node,Managing Node Labels,Management Nodes,User Guide", @@ -2809,7 +2898,7 @@ "uri":"cce_10_0352.html", "node_id":"cce_10_0352.xml", "product_code":"cce", - "code":"156", + "code":"161", "des":"Taints enable a node to repel specific pods to prevent these pods from being scheduled to the node.On the CCE console, you can also batch manage nodes' taints.Enter the k", "doc_type":"usermanual2", "kw":"NoSchedule,PreferNoSchedule,NoExecute,System Taints,Managing Node Taints,Management Nodes,User Guide", @@ -2827,7 +2916,7 @@ "uri":"cce_10_0003.html", "node_id":"cce_10_0003.xml", "product_code":"cce", - "code":"157", + "code":"162", "des":"You can reset a node to modify the node configuration, such as the node OS and login mode.Resetting a node will reinstall the node OS and the Kubernetes software on the n", "doc_type":"usermanual2", "kw":"reset a node,Resetting a Node,Management Nodes,User Guide", @@ -2845,7 +2934,7 @@ "uri":"cce_10_0338.html", "node_id":"cce_10_0338.xml", "product_code":"cce", - "code":"158", + "code":"163", "des":"Removing a node from a cluster will re-install the node OS and clear CCE components on the node.Removing a node will not delete the server corresponding to the node. You ", "doc_type":"usermanual2", "kw":"Removing a Node,Management Nodes,User Guide", @@ -2863,7 +2952,7 @@ "uri":"cce_10_0184.html", "node_id":"cce_10_0184.xml", "product_code":"cce", - "code":"159", + "code":"164", "des":"Each node in a cluster is a cloud server or physical machine. After a cluster node is created, you can change the cloud server name or specifications as required. Modifyi", "doc_type":"usermanual2", "kw":"synchronize the ECS,Synchronizing the Data of Cloud Servers,Management Nodes,User Guide", @@ -2881,7 +2970,7 @@ "uri":"cce_10_0605.html", "node_id":"cce_10_0605.xml", "product_code":"cce", - "code":"160", + "code":"165", "des":"After you enable nodal drainage on the console, CCE configures the node to be non-schedulable and securely evicts all pods that comply with Rules for Draining Nodes on th", "doc_type":"usermanual2", "kw":"nodal drainage,nodal drainage,Draining a Node,Management Nodes,User Guide", @@ -2899,8 +2988,8 @@ "uri":"cce_10_0186.html", "node_id":"cce_10_0186.xml", "product_code":"cce", - "code":"161", - "des":"You can delete a pay-per-use node that is not needed from the node list.Deleting or unsubscribing from a node in a CCE cluster will release the node and services running ", + "code":"166", + "des":"If a node is no longer needed, delete it from the node list on the CCE console if the node is billed on a pay-per-use basis. Do not manually remove nodes using kubectl de", "doc_type":"usermanual2", "kw":"Deleting a Node,Management Nodes,User Guide", "search_title":"", @@ -2917,7 +3006,7 @@ "uri":"cce_10_0036.html", "node_id":"cce_10_0036.xml", "product_code":"cce", - "code":"162", + "code":"167", "des":"When a node in the cluster is stopped, all services on that node will also be stopped, and the node will no longer be available for scheduling. Check if your services wil", "doc_type":"usermanual2", "kw":"Stopping a Node,Management Nodes,User Guide", @@ -2935,7 +3024,7 @@ "uri":"cce_10_0276.html", "node_id":"cce_10_0276.xml", "product_code":"cce", - "code":"163", + "code":"168", "des":"In a rolling upgrade, a new node is created, existing workloads are migrated to the new node, and then the old node is deleted. Figure 1 shows the migration process.The o", "doc_type":"usermanual2", "kw":"Performing Rolling Upgrade for Nodes,Management Nodes,User Guide", @@ -2953,7 +3042,7 @@ "uri":"cce_10_0704.html", "node_id":"cce_10_0704.xml", "product_code":"cce", - "code":"164", + "code":"169", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Node O&M", @@ -2971,7 +3060,7 @@ "uri":"cce_10_0178.html", "node_id":"cce_10_0178.xml", "product_code":"cce", - "code":"165", + "code":"170", "des":"Some node resources are used to run mandatory Kubernetes system components and resources to make the node as part of your cluster. Therefore, the total number of node res", "doc_type":"usermanual2", "kw":"total number of node resources,Node Resource Reservation Policy,Node O&M,User Guide", @@ -2989,7 +3078,7 @@ "uri":"cce_10_0341.html", "node_id":"cce_10_0341.xml", "product_code":"cce", - "code":"166", + "code":"171", "des":"This section describes how to allocate data disk space to nodes so that you can configure the data disk space accordingly.In clusters of a version earlier than v1.23.18-r", "doc_type":"usermanual2", "kw":"Data Disk Space Allocation,Container engine and container image space,container engine and container", @@ -3007,8 +3096,8 @@ "uri":"cce_10_0348.html", "node_id":"cce_10_0348.xml", "product_code":"cce", - "code":"167", - "des":"The maximum number of pods that can be created on a node is calculated based on the cluster type:When creating a cluster in the VPC network model, specify the number of c", + "code":"172", + "des":"The maximum number of pods that can be created on a node is calculated based on the cluster type:When creating a cluster in the VPC network model, follow the and specify", "doc_type":"usermanual2", "kw":"Maximum Number of Pods on a Node,alpha.cce/fixPoolMask,maximum number of pods,Maximum Number of Pods", "search_title":"", @@ -3025,7 +3114,7 @@ "uri":"cce_10_0883.html", "node_id":"cce_10_0883.xml", "product_code":"cce", - "code":"168", + "code":"173", "des":"To maintain the stability of nodes, CCE stores Kubernetes and container runtime components on separate data disks. Kubernetes uses the /mnt/paas/kubernetes directory, and", "doc_type":"usermanual2", "kw":"Differences in kubelet and Runtime Component Configurations Between CCE and the Native Community,Nod", @@ -3043,8 +3132,8 @@ "uri":"cce_10_0601.html", "node_id":"cce_10_0601.xml", "product_code":"cce", - "code":"169", - "des":"Kubernetes has removed dockershim from v1.24 and does not support Docker by default. CCE is going to stop the support for Docker. Change the node container engine from Do", + "code":"174", + "des":"As of Kubernetes v1.24, dockershim has been deprecated. To maintain compatibility and ensure continued support for future Kubernetes releases, switch your node's containe", "doc_type":"usermanual2", "kw":"Migrating Nodes from Docker to containerd,Node O&M,User Guide", "search_title":"", @@ -3061,7 +3150,7 @@ "uri":"cce_10_0659.html", "node_id":"cce_10_0659.xml", "product_code":"cce", - "code":"170", + "code":"175", "des":"The node fault detection function depends on the NPD add-on. The add-on instances run on nodes and monitor nodes. This section describes how to enable node fault detectio", "doc_type":"usermanual2", "kw":"Node Fault Detection,Check Items,Configuring Node Fault Detection Policies,Node O&M,User Guide", @@ -3076,10 +3165,10 @@ "githuburl":"" }, { - "uri":"cce_bestpractice_10020_0.html", - "node_id":"cce_bestpractice_10020_0.xml", + "uri":"cce_bestpractice_10020.html", + "node_id":"cce_bestpractice_10020.xml", "product_code":"cce", - "code":"171", + "code":"176", "des":"When creating a node, use the pre- or -installation commands to install tools or perform security hardening on the node. This section provides guidance for you to correct", "doc_type":"usermanual2", "kw":"Executing the Pre- or Post-installation Commands During Node Creation,Node O&M,User Guide", @@ -3097,7 +3186,7 @@ "uri":"cce_10_0035.html", "node_id":"cce_10_0035.xml", "product_code":"cce", - "code":"172", + "code":"177", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Node Pools", @@ -3115,7 +3204,7 @@ "uri":"cce_10_0081.html", "node_id":"cce_10_0081.xml", "product_code":"cce", - "code":"173", + "code":"178", "des":"CCE introduces node pools to help you better manage nodes in Kubernetes clusters. A node pool contains one node or a group of nodes with identical configuration in a clus", "doc_type":"usermanual2", "kw":"DefaultPool,DefaultPool,Deploying a Workload in a Specified Node Pool,Node Pool Overview,Node Pools,", @@ -3133,8 +3222,8 @@ "uri":"cce_10_0012.html", "node_id":"cce_10_0012.xml", "product_code":"cce", - "code":"174", - "des":"This section describes how to create a node pool and perform operations on the node pool. For details about how a node pool works, see Node Pool Overview.Basic SettingsCo", + "code":"179", + "des":"This section describes how to create a node pool and perform operations on the node pool. For details about how a node pool works, see Node Pool Overview.Basic SettingsNo", "doc_type":"usermanual2", "kw":"Creating a Node Pool,Node Pools,User Guide", "search_title":"", @@ -3151,8 +3240,8 @@ "uri":"cce_10_0658.html", "node_id":"cce_10_0658.xml", "product_code":"cce", - "code":"175", - "des":"You can specify a specification in a node pool for scaling.The default node pool does not support scaling. Use Creating a Node to add a node.Add or reduce nodes for scali", + "code":"180", + "des":"You can specify a specification in a node pool for scaling.The default node pool does not support scaling. Use Creating a Node to add a node.Resize: Add or reduce nodes f", "doc_type":"usermanual2", "kw":"Scaling a Node Pool,Node Pools,User Guide", "search_title":"", @@ -3169,7 +3258,7 @@ "uri":"cce_10_0222.html", "node_id":"cce_10_0222.xml", "product_code":"cce", - "code":"176", + "code":"181", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Managing a Node Pool", @@ -3187,7 +3276,7 @@ "uri":"cce_10_0653.html", "node_id":"cce_10_0653.xml", "product_code":"cce", - "code":"177", + "code":"182", "des":"Changes to the container engine, OS, or pre-/post-installation script in a node pool take effect only on new nodes. To synchronize the modification onto existing nodes, m", "doc_type":"usermanual2", "kw":"base size,Updating a Node Pool,Managing a Node Pool,User Guide", @@ -3205,7 +3294,7 @@ "uri":"cce_10_0727.html", "node_id":"cce_10_0727.xml", "product_code":"cce", - "code":"178", + "code":"183", "des":"Auto Scaling (AS) enables elastic scaling of nodes in a node pool based on scaling policies. Without this function, you have to manually adjust the number of nodes in a n", "doc_type":"usermanual2", "kw":"Updating an AS Configuration,Managing a Node Pool,User Guide", @@ -3223,8 +3312,8 @@ "uri":"cce_10_0652.html", "node_id":"cce_10_0652.xml", "product_code":"cce", - "code":"179", - "des":"The default node pool does not support the following management operations.CCE allows you to highly customize Kubernetes parameter settings on core components in a cluste", + "code":"184", + "des":"The default node pool does not support the management operations described in this section.CCE allows you to highly customize Kubernetes parameter settings on core compon", "doc_type":"usermanual2", "kw":"Modifying Node Pool Configurations,Managing a Node Pool,User Guide", "search_title":"", @@ -3241,7 +3330,7 @@ "uri":"cce_10_0886.html", "node_id":"cce_10_0886.xml", "product_code":"cce", - "code":"180", + "code":"185", "des":"If you want to add a newly created ECS to a node pool in a cluster, or remove a node from a node pool and add it to the node pool again, accept the node.When an ECS is ac", "doc_type":"usermanual2", "kw":"Accepting Nodes in a Node Pool,Managing a Node Pool,User Guide", @@ -3259,7 +3348,7 @@ "uri":"cce_10_0655.html", "node_id":"cce_10_0655.xml", "product_code":"cce", - "code":"181", + "code":"186", "des":"You can copy the configuration of an existing node pool on the CCE console to create new node pools.", "doc_type":"usermanual2", "kw":"Copying a Node Pool,Managing a Node Pool,User Guide", @@ -3277,7 +3366,7 @@ "uri":"cce_10_0654.html", "node_id":"cce_10_0654.xml", "product_code":"cce", - "code":"182", + "code":"187", "des":"After the configuration of a node pool is updated, some configurations cannot be automatically synchronized for existing nodes. You can manually synchronize configuration", "doc_type":"usermanual2", "kw":"Synchronizing Node Pools,Managing a Node Pool,User Guide", @@ -3295,7 +3384,7 @@ "uri":"cce_10_0660.html", "node_id":"cce_10_0660.xml", "product_code":"cce", - "code":"183", + "code":"188", "des":"After CCE releases a new OS image, if existing nodes cannot be automatically upgraded, you can manually upgrade them in batches.This section describes how to upgrade an O", "doc_type":"usermanual2", "kw":"Upgrading an OS,Managing a Node Pool,User Guide", @@ -3313,7 +3402,7 @@ "uri":"cce_10_0656.html", "node_id":"cce_10_0656.xml", "product_code":"cce", - "code":"184", + "code":"189", "des":"You can migrate nodes between node pools within a cluster. Table 1 lists migration scenarios.Migration scenariosMigration ScenarioMigrationOperationSource Node PoolTarget", "doc_type":"usermanual2", "kw":"Migrating a Node,Managing a Node Pool,User Guide", @@ -3331,7 +3420,7 @@ "uri":"cce_10_0657.html", "node_id":"cce_10_0657.xml", "product_code":"cce", - "code":"185", + "code":"190", "des":"Deleting a node pool will delete nodes in the pool. Pods on these nodes will be automatically migrated to available nodes in other node pools.Deleting a node pool will de", "doc_type":"usermanual2", "kw":"Deleting a Node Pool,Managing a Node Pool,User Guide", @@ -3349,7 +3438,7 @@ "uri":"cce_10_0046.html", "node_id":"cce_10_0046.xml", "product_code":"cce", - "code":"186", + "code":"191", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Workloads", @@ -3367,7 +3456,7 @@ "uri":"cce_10_0006.html", "node_id":"cce_10_0006.xml", "product_code":"cce", - "code":"187", + "code":"192", "des":"A workload is an application running on Kubernetes. No matter how many components are there in your workload, you can run it in a group of Kubernetes pods. A workload is ", "doc_type":"usermanual2", "kw":"Deployments,StatefulSets,DaemonSets,jobs,cron jobs,Overview,Workloads,User Guide", @@ -3385,7 +3474,7 @@ "uri":"cce_10_0673.html", "node_id":"cce_10_0673.xml", "product_code":"cce", - "code":"188", + "code":"193", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Creating a Workload", @@ -3403,7 +3492,7 @@ "uri":"cce_10_0047.html", "node_id":"cce_10_0047.xml", "product_code":"cce", - "code":"189", + "code":"194", "des":"Deployments are workloads (for example, Nginx) that do not store any data or status. You can create Deployments on the CCE console or by running kubectl commands.Before c", "doc_type":"usermanual2", "kw":"create a workload using kubectl,Creating a Deployment,Creating a Workload,User Guide", @@ -3421,7 +3510,7 @@ "uri":"cce_10_0048.html", "node_id":"cce_10_0048.xml", "product_code":"cce", - "code":"190", + "code":"195", "des":"StatefulSets are a type of workloads whose data or status is stored while they are running. For example, MySQL is a StatefulSet because it needs to store new data.A conta", "doc_type":"usermanual2", "kw":"Using kubectl,Creating a StatefulSet,Creating a Workload,User Guide", @@ -3439,7 +3528,7 @@ "uri":"cce_10_0216.html", "node_id":"cce_10_0216.xml", "product_code":"cce", - "code":"191", + "code":"196", "des":"CCE provides deployment and management capabilities for multiple types of containers and supports features of container workloads, including creation, configuration, moni", "doc_type":"usermanual2", "kw":"create a workload using kubectl,Creating a DaemonSet,Creating a Workload,User Guide", @@ -3457,7 +3546,7 @@ "uri":"cce_10_0150.html", "node_id":"cce_10_0150.xml", "product_code":"cce", - "code":"192", + "code":"197", "des":"Jobs are short-lived and run for a certain time to completion. They can be executed immediately after being deployed. It is completed after it exits normally (exit 0).A j", "doc_type":"usermanual2", "kw":"Creating a Job,Creating a Workload,User Guide", @@ -3475,10 +3564,10 @@ "uri":"cce_10_0151.html", "node_id":"cce_10_0151.xml", "product_code":"cce", - "code":"193", - "des":"A cron job runs on a repeating schedule. You can perform time synchronization for all active nodes at a fixed time point.A cron job runs periodically at the specified tim", + "code":"198", + "des":"A CronJob runs on a repeating schedule. You can perform time synchronization for all active nodes at a fixed time point.A CronJob runs periodically at the specified time.", "doc_type":"usermanual2", - "kw":"time synchronization,Creating a Cron Job,Creating a Workload,User Guide", + "kw":"time synchronization,Creating a CronJob,Creating a Workload,User Guide", "search_title":"", "metedata":[ { @@ -3486,14 +3575,14 @@ "documenttype":"usermanual" } ], - "title":"Creating a Cron Job", + "title":"Creating a CronJob", "githuburl":"" }, { "uri":"cce_10_0130.html", "node_id":"cce_10_0130.xml", "product_code":"cce", - "code":"194", + "code":"199", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Configuring a Workload", @@ -3511,8 +3600,8 @@ "uri":"cce_10_0463.html", "node_id":"cce_10_0463.xml", "product_code":"cce", - "code":"195", - "des":"The most significant difference is that each Kata container (pod) runs on an independent micro-VM, has an independent OS kernel, and is securely isolated at the virtualiz", + "code":"200", + "des":"Compared with a common runtime, a secure runtime allows each container (pod) to run on its own micro-VM with a separate OS kernel. This ensures secure isolation at the vi", "doc_type":"usermanual2", "kw":"Secure Runtime and Common Runtime,Configuring a Workload,User Guide", "search_title":"", @@ -3529,7 +3618,7 @@ "uri":"cce_10_0354.html", "node_id":"cce_10_0354.xml", "product_code":"cce", - "code":"196", + "code":"201", "des":"When creating a workload, you can configure containers to use the same time zone as the node. You can enable time zone synchronization when creating a workload.The time z", "doc_type":"usermanual2", "kw":"Configuring Time Zone Synchronization,Configuring a Workload,User Guide", @@ -3547,7 +3636,7 @@ "uri":"cce_10_0353.html", "node_id":"cce_10_0353.xml", "product_code":"cce", - "code":"197", + "code":"202", "des":"When a workload is created, the container image is pulled from the image repository to the node. The image is also pulled when the workload is restarted or upgraded.By de", "doc_type":"usermanual2", "kw":"Configuring an Image Pull Policy,Configuring a Workload,User Guide", @@ -3565,7 +3654,7 @@ "uri":"cce_10_0009.html", "node_id":"cce_10_0009.xml", "product_code":"cce", - "code":"198", + "code":"203", "des":"CCE allows you to create workloads using images pulled from third-party image repositories.Generally, a third-party image repository can be accessed only after authentica", "doc_type":"usermanual2", "kw":"Using Third-Party Images,Configuring a Workload,User Guide", @@ -3583,7 +3672,7 @@ "uri":"cce_10_0163.html", "node_id":"cce_10_0163.xml", "product_code":"cce", - "code":"199", + "code":"204", "des":"CCE allows you to set resource requirements and limits, such as CPU and RAM, for added containers during workload creation. Kubernetes also allows using YAML to set requi", "doc_type":"usermanual2", "kw":"ephemeral storage,Configuring Container Specifications,Configuring a Workload,User Guide", @@ -3601,7 +3690,7 @@ "uri":"cce_10_0105.html", "node_id":"cce_10_0105.xml", "product_code":"cce", - "code":"200", + "code":"205", "des":"CCE provides callback functions for the lifecycle management of containerized applications. For example, if you want a container to perform a certain operation before sto", "doc_type":"usermanual2", "kw":"Startup Command,Post-Start,Pre-Stop,Configuring Container Lifecycle Parameters,Configuring a Workloa", @@ -3619,7 +3708,7 @@ "uri":"cce_10_0112.html", "node_id":"cce_10_0112.xml", "product_code":"cce", - "code":"201", + "code":"206", "des":"Health check regularly checks the health status of containers during container running. If the health check function is not configured, a pod cannot detect application ex", "doc_type":"usermanual2", "kw":"Health check,HTTP request,TCP port,CLI,Configuring Container Health Check,Configuring a Workload,Use", @@ -3637,7 +3726,7 @@ "uri":"cce_10_0113.html", "node_id":"cce_10_0113.xml", "product_code":"cce", - "code":"202", + "code":"207", "des":"An environment variable is a variable whose value can affect the way a running container will behave. You can modify environment variables even after workloads are deploy", "doc_type":"usermanual2", "kw":"Configuring Environment Variables,Configuring a Workload,User Guide", @@ -3655,7 +3744,7 @@ "uri":"cce_10_0397.html", "node_id":"cce_10_0397.xml", "product_code":"cce", - "code":"203", + "code":"208", "des":"In actual applications, upgrade is a common operation. A Deployment, StatefulSet, or DaemonSet can easily support application upgrade.You can set different upgrade polici", "doc_type":"usermanual2", "kw":"Configuring Workload Upgrade Policies,Configuring a Workload,User Guide", @@ -3673,7 +3762,7 @@ "uri":"cce_10_0728.html", "node_id":"cce_10_0728.xml", "product_code":"cce", - "code":"204", + "code":"209", "des":"Tolerations allow the scheduler to schedule pods to nodes with target taints. Tolerances work with node taints. Each node allows one or more taints. If no tolerance is co", "doc_type":"usermanual2", "kw":"Configuring Tolerance Policies,Configuring a Workload,User Guide", @@ -3691,7 +3780,7 @@ "uri":"cce_10_0386.html", "node_id":"cce_10_0386.xml", "product_code":"cce", - "code":"205", + "code":"210", "des":"CCE allows you to add annotations to a YAML file to realize some advanced pod functions. The following table describes the annotations you can add.When you create a workl", "doc_type":"usermanual2", "kw":"Configuring Labels and Annotations,Configuring a Workload,User Guide", @@ -3709,7 +3798,7 @@ "uri":"cce_10_0889.html", "node_id":"cce_10_0889.xml", "product_code":"cce", - "code":"206", + "code":"211", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Scheduling a Workload", @@ -3727,7 +3816,7 @@ "uri":"cce_10_0232.html", "node_id":"cce_10_0232.xml", "product_code":"cce", - "code":"207", + "code":"212", "des":"Kubernetes schedules workloads based on pods. After you create a workload, the scheduler automatically assigns pods. For example, the scheduler distributes pods to nodes ", "doc_type":"usermanual2", "kw":"Overview,Scheduling a Workload,User Guide", @@ -3745,7 +3834,7 @@ "uri":"cce_10_0891.html", "node_id":"cce_10_0891.xml", "product_code":"cce", - "code":"208", + "code":"213", "des":"To select a node for scheduling in Kubernetes, simply configure the nodeSelector field in the workload. This field allows you to configure the label of the desired node t", "doc_type":"usermanual2", "kw":"Configuring Specified Node Scheduling (nodeSelector),Scheduling a Workload,User Guide", @@ -3763,10 +3852,10 @@ "uri":"cce_10_0892.html", "node_id":"cce_10_0892.xml", "product_code":"cce", - "code":"209", + "code":"214", "des":"Kubernetes can schedule workload pods to affinity nodes based on their labels and label values. For example, some nodes support GPU computing, and node affinity schedulin", "doc_type":"usermanual2", - "kw":"Node Affinity,Specified Node Pool Scheduling,Configuring Node Affinity Scheduling (nodeAffinity),Sch", + "kw":"Specify node,Specify node pool,Configuring Node Affinity Scheduling (nodeAffinity),Scheduling a Work", "search_title":"", "metedata":[ { @@ -3781,7 +3870,7 @@ "uri":"cce_10_0893.html", "node_id":"cce_10_0893.xml", "product_code":"cce", - "code":"210", + "code":"215", "des":"Kubernetes offers workload affinity and anti-affinity scheduling, which allows for flexible scheduling of new workloads on either related or unrelated nodes. This results", "doc_type":"usermanual2", "kw":"Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity),Schedulin", @@ -3799,8 +3888,8 @@ "uri":"cce_10_00356.html", "node_id":"cce_10_00356.xml", "product_code":"cce", - "code":"211", - "des":"If you encounter unexpected problems when using a container, you can log in to the container to debug it.When using CloudShell to access a CCE cluster or container, you c", + "code":"216", + "des":"If you encounter unexpected problems when using a container, you can log in to the container to debug it.When kubectl is used in CloudShell, permissions are determined by", "doc_type":"usermanual2", "kw":"Logging In to a Container,Workloads,User Guide", "search_title":"", @@ -3817,7 +3906,7 @@ "uri":"cce_10_0007.html", "node_id":"cce_10_0007.xml", "product_code":"cce", - "code":"212", + "code":"217", "des":"After a workload is created, you can upgrade, log, monitor, roll back, or delete the workload, as well as edit its YAML file.Workload/Job managementOperationDescriptionMo", "doc_type":"usermanual2", "kw":"Managing Workloads,Workloads,User Guide", @@ -3835,7 +3924,7 @@ "uri":"cce_10_0833.html", "node_id":"cce_10_0833.xml", "product_code":"cce", - "code":"213", + "code":"218", "des":"Custom Resource Definition (CRD) is an extension of Kubernetes APIs. When default Kubernetes resources cannot meet service requirements, you can use CRDs to define new re", "doc_type":"usermanual2", "kw":"Managing Custom Resources,Workloads,User Guide", @@ -3853,7 +3942,7 @@ "uri":"cce_10_0465.html", "node_id":"cce_10_0465.xml", "product_code":"cce", - "code":"214", + "code":"219", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Pod Security", @@ -3871,7 +3960,7 @@ "uri":"cce_10_0275.html", "node_id":"cce_10_0275.xml", "product_code":"cce", - "code":"215", + "code":"220", "des":"A pod security policy (PSP) is a cluster-level resource that controls sensitive security aspects of the pod specification. The PodSecurityPolicy object in Kubernetes defi", "doc_type":"usermanual2", "kw":"Configuring a Pod Security Policy,Pod Security,User Guide", @@ -3889,7 +3978,7 @@ "uri":"cce_10_0466.html", "node_id":"cce_10_0466.xml", "product_code":"cce", - "code":"216", + "code":"221", "des":"Before using pod security admission, understand Kubernetes Pod Security Standards. These standards define different isolation levels for pods. They let you define how you", "doc_type":"usermanual2", "kw":"Configuring Pod Security Admission,Pod Security,User Guide", @@ -3907,7 +3996,7 @@ "uri":"cce_10_0674.html", "node_id":"cce_10_0674.xml", "product_code":"cce", - "code":"217", + "code":"222", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Scheduling", @@ -3925,7 +4014,7 @@ "uri":"cce_10_0702.html", "node_id":"cce_10_0702.xml", "product_code":"cce", - "code":"218", + "code":"223", "des":"CCE supports different types of resource scheduling and task scheduling, improving application performance and overall cluster resource utilization. This section describe", "doc_type":"usermanual2", "kw":"Overview,Scheduling,User Guide", @@ -3943,7 +4032,7 @@ "uri":"cce_10_0551.html", "node_id":"cce_10_0551.xml", "product_code":"cce", - "code":"219", + "code":"224", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"CPU Scheduling", @@ -3961,7 +4050,7 @@ "uri":"cce_10_0351.html", "node_id":"cce_10_0351.xml", "product_code":"cce", - "code":"220", + "code":"225", "des":"By default, kubelet uses CFS quotas to enforce pod CPU limits. When a node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether the", "doc_type":"usermanual2", "kw":"CPU Policy,CPU Scheduling,User Guide", @@ -3979,7 +4068,7 @@ "uri":"cce_10_0552.html", "node_id":"cce_10_0552.xml", "product_code":"cce", - "code":"221", + "code":"226", "des":"Kubernetes provides two CPU policies: none and static.none: The CPU policy is disabled by default, indicating the existing scheduling behavior.static: The static CPU core", "doc_type":"usermanual2", "kw":"Enhanced CPU Policy,CPU Scheduling,User Guide", @@ -3997,7 +4086,7 @@ "uri":"cce_10_0720.html", "node_id":"cce_10_0720.xml", "product_code":"cce", - "code":"222", + "code":"227", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"GPU Scheduling", @@ -4015,8 +4104,8 @@ "uri":"cce_10_0345.html", "node_id":"cce_10_0345.xml", "product_code":"cce", - "code":"223", - "des":"You can use GPUs in CCE containers.A GPU node has been created. For details, see Creating a Node.The CCE AI Suite (NVIDIA GPU) add-on has been installed. During the insta", + "code":"228", + "des":"You can use GPUs in CCE containers.A GPU node has been created. For details, see Creating a Node.The CCE AI Suite (NVIDIA GPU) add-on has been installed, with the selecte", "doc_type":"usermanual2", "kw":"Default GPU Scheduling in Kubernetes,GPU Scheduling,User Guide", "search_title":"", @@ -4029,11 +4118,29 @@ "title":"Default GPU Scheduling in Kubernetes", "githuburl":"" }, + { + "uri":"cce_10_0955.html", + "node_id":"cce_10_0955.xml", + "product_code":"cce", + "code":"229", + "des":"The CCE AI Suite (NVIDIA GPU) add-on provides GPU monitoring metrics. This add-on offers additional GPU observability options. This section describes the metrics provided", + "doc_type":"usermanual2", + "kw":"GPU Metrics,GPU Scheduling,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"GPU Metrics", + "githuburl":"" + }, { "uri":"cce_10_0423.html", "node_id":"cce_10_0423.xml", "product_code":"cce", - "code":"224", + "code":"230", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Volcano Scheduling", @@ -4051,7 +4158,7 @@ "uri":"cce_10_0721.html", "node_id":"cce_10_0721.xml", "product_code":"cce", - "code":"225", + "code":"231", "des":"Volcano is a batch processing platform that runs on Kubernetes for machine learning, deep learning, bioinformatics, genomics, and other big data applications. It provides", "doc_type":"usermanual2", "kw":"Overview,Volcano Scheduling,User Guide", @@ -4069,7 +4176,7 @@ "uri":"cce_10_0722.html", "node_id":"cce_10_0722.xml", "product_code":"cce", - "code":"226", + "code":"232", "des":"Volcano is a Kubernetes-based batch processing platform with high-performance general computing capabilities like task scheduling engine, heterogeneous chip management, a", "doc_type":"usermanual2", "kw":"Scheduling Workloads,Volcano Scheduling,User Guide", @@ -4087,7 +4194,7 @@ "uri":"cce_10_0768.html", "node_id":"cce_10_0768.xml", "product_code":"cce", - "code":"227", + "code":"233", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Resource Usage-based Scheduling", @@ -4105,7 +4212,7 @@ "uri":"cce_10_0773.html", "node_id":"cce_10_0773.xml", "product_code":"cce", - "code":"228", + "code":"234", "des":"Bin packing is an optimization algorithm that aims to properly allocate resources to each job and get the jobs done using the minimum amount of resources. After bin packi", "doc_type":"usermanual2", "kw":"Bin Packing,Resource Usage-based Scheduling,User Guide", @@ -4123,7 +4230,7 @@ "uri":"cce_10_0766.html", "node_id":"cce_10_0766.xml", "product_code":"cce", - "code":"229", + "code":"235", "des":"Scheduling in a cluster is the process of binding pending pods to nodes, and is performed by a component called kube-scheduler or Volcano Scheduler. The scheduler uses a ", "doc_type":"usermanual2", "kw":"Descheduling,Resource Usage-based Scheduling,User Guide", @@ -4141,7 +4248,7 @@ "uri":"cce_10_0767.html", "node_id":"cce_10_0767.xml", "product_code":"cce", - "code":"230", + "code":"236", "des":"In scenarios such as node pool replacement and rolling node upgrade, an old resource pool needs to be replaced with a new one. To prevent the node pool replacement from a", "doc_type":"usermanual2", "kw":"Node Pool Affinity,Resource Usage-based Scheduling,User Guide", @@ -4159,7 +4266,7 @@ "uri":"cce_10_0789.html", "node_id":"cce_10_0789.xml", "product_code":"cce", - "code":"231", + "code":"237", "des":"Volcano Scheduler offers CPU and memory load-aware scheduling for pods and preferentially schedules pods to the node with the lightest load to balance node loads. This pr", "doc_type":"usermanual2", "kw":"Load-aware Scheduling,Resource Usage-based Scheduling,User Guide", @@ -4177,7 +4284,7 @@ "uri":"cce_10_0813.html", "node_id":"cce_10_0813.xml", "product_code":"cce", - "code":"232", + "code":"238", "des":"Volcano scheduling involves node filtering and scoring, which is used to filter the nodes meeting scheduling conditions and score the filtered nodes to find the one with ", "doc_type":"usermanual2", "kw":"Configuration Cases for Resource Usage-based Scheduling,Resource Usage-based Scheduling,User Guide", @@ -4195,7 +4302,7 @@ "uri":"cce_10_0774.html", "node_id":"cce_10_0774.xml", "product_code":"cce", - "code":"233", + "code":"239", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Priority-based Scheduling", @@ -4213,7 +4320,7 @@ "uri":"cce_10_0775.html", "node_id":"cce_10_0775.xml", "product_code":"cce", - "code":"234", + "code":"240", "des":"A pod priority indicates the importance of a pod relative to other pods. Volcano supports pod PriorityClasses in Kubernetes. After PriorityClasses are configured, the sch", "doc_type":"usermanual2", "kw":"Priority-based Scheduling,Priority-based Scheduling,User Guide", @@ -4231,7 +4338,7 @@ "uri":"cce_10_0776.html", "node_id":"cce_10_0776.xml", "product_code":"cce", - "code":"235", + "code":"241", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"AI Performance-based Scheduling", @@ -4249,7 +4356,7 @@ "uri":"cce_10_0777.html", "node_id":"cce_10_0777.xml", "product_code":"cce", - "code":"236", + "code":"242", "des":"Dominant Resource Fairness (DRF) is a scheduling algorithm based on the dominant resource of a container group. DRF scheduling can be used to enhance the service throughp", "doc_type":"usermanual2", "kw":"DRF,AI Performance-based Scheduling,User Guide", @@ -4267,7 +4374,7 @@ "uri":"cce_10_0778.html", "node_id":"cce_10_0778.xml", "product_code":"cce", - "code":"237", + "code":"243", "des":"Gang scheduling is a scheduling algorithm that schedules correlated processes or threads to run simultaneously on different processors. It meets the scheduling requiremen", "doc_type":"usermanual2", "kw":"Gang,AI Performance-based Scheduling,User Guide", @@ -4285,7 +4392,7 @@ "uri":"cce_10_0425.html", "node_id":"cce_10_0425.xml", "product_code":"cce", - "code":"238", + "code":"244", "des":"In non-uniform memory access (NUMA) architecture, a NUMA node is a fundamental component that includes a processor and local memory. These nodes are physically separate b", "doc_type":"usermanual2", "kw":"NUMA Affinity Scheduling,Volcano Scheduling,User Guide", @@ -4303,7 +4410,7 @@ "uri":"cce_10_0709.html", "node_id":"cce_10_0709.xml", "product_code":"cce", - "code":"239", + "code":"245", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Cloud Native Hybrid Deployment", @@ -4321,7 +4428,7 @@ "uri":"cce_10_0384.html", "node_id":"cce_10_0384.xml", "product_code":"cce", - "code":"240", + "code":"246", "des":"Many services see surges in traffic. To ensure performance and stability, resources are often requested at the maximum needed. However, the surges may ebb very shortly an", "doc_type":"usermanual2", "kw":"Dynamic Resource Oversubscription,Cloud Native Hybrid Deployment,User Guide", @@ -4339,7 +4446,7 @@ "uri":"cce_10_0020.html", "node_id":"cce_10_0020.xml", "product_code":"cce", - "code":"241", + "code":"247", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Network", @@ -4357,7 +4464,7 @@ "uri":"cce_10_0010.html", "node_id":"cce_10_0010.xml", "product_code":"cce", - "code":"242", + "code":"248", "des":"You can learn about a cluster network from the following two aspects:What is a cluster network like? A cluster consists of multiple nodes, and pods (or containers) are ru", "doc_type":"usermanual2", "kw":"Overview,Network,User Guide", @@ -4375,7 +4482,7 @@ "uri":"cce_10_0280.html", "node_id":"cce_10_0280.xml", "product_code":"cce", - "code":"243", + "code":"249", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Container Network", @@ -4393,7 +4500,7 @@ "uri":"cce_10_0281.html", "node_id":"cce_10_0281.xml", "product_code":"cce", - "code":"244", + "code":"250", "des":"The container network assigns IP addresses to pods in a cluster and provides networking services. In CCE, you can select the following network models for your cluster:Clo", "doc_type":"usermanual2", "kw":"Overview,Container Network,User Guide", @@ -4411,7 +4518,7 @@ "uri":"cce_10_0678.html", "node_id":"cce_10_0678.xml", "product_code":"cce", - "code":"245", + "code":"251", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Cloud Native Network 2.0 Settings", @@ -4429,10 +4536,10 @@ "uri":"cce_10_0284.html", "node_id":"cce_10_0284.xml", "product_code":"cce", - "code":"246", - "des":"Cloud Native 2.0 network model is a proprietary, next-generation container network model that combines the elastic network interfaces (ENIs) and supplementary network int", + "code":"252", + "des":"Cloud Native Network 2.0 is a proprietary, next-generation container network model that combines the elastic network interfaces (ENIs) and supplementary network interface", "doc_type":"usermanual2", - "kw":"Cloud Native 2.0 Network Model,Cloud Native Network 2.0 Settings,User Guide", + "kw":"Cloud Native Network 2.0,Cloud Native Network 2.0 Settings,User Guide", "search_title":"", "metedata":[ { @@ -4440,17 +4547,17 @@ "documenttype":"usermanual" } ], - "title":"Cloud Native 2.0 Network Model", + "title":"Cloud Native Network 2.0", "githuburl":"" }, { "uri":"cce_10_0906.html", "node_id":"cce_10_0906.xml", "product_code":"cce", - "code":"247", + "code":"253", "des":"If the pod subnet configured during CCE Turbo cluster creation cannot meet service expansion requirements, you can add a pod subnet for the cluster.This function is avail", "doc_type":"usermanual2", - "kw":"Configuring Pod Subnets of a Cluster,Cloud Native Network 2.0 Settings,User Guide", + "kw":"Configuring a Default Container Subnet for a CCE Turbo Cluster,Cloud Native Network 2.0 Settings,Use", "search_title":"", "metedata":[ { @@ -4458,15 +4565,15 @@ "documenttype":"usermanual" } ], - "title":"Configuring Pod Subnets of a Cluster", + "title":"Configuring a Default Container Subnet for a CCE Turbo Cluster", "githuburl":"" }, { "uri":"cce_10_0897.html", "node_id":"cce_10_0897.xml", "product_code":"cce", - "code":"248", - "des":"In Cloud Native 2.0 network mode, pods use ENIs or sub-ENIs of the VPC. You can configure a security group for a pod using a pod's annotation.Configure a security group i", + "code":"254", + "des":"In Cloud Native Network 2.0, pods use ENIs or sub-ENIs of the VPC. You can configure a security group for a pod using a pod's annotation.Configure a security group in eit", "doc_type":"usermanual2", "kw":"Binding a Security Group to a Pod Using an Annotation,Cloud Native Network 2.0 Settings,User Guide", "search_title":"", @@ -4483,7 +4590,7 @@ "uri":"cce_10_0288.html", "node_id":"cce_10_0288.xml", "product_code":"cce", - "code":"249", + "code":"255", "des":"In Cloud Native Network 2.0, pods use VPC ENIs or sub-ENIs for networking. You can directly bind security groups and EIPs to pods. To bind CCE pods with security groups, ", "doc_type":"usermanual2", "kw":"Binding a Security Group to a Workload Using a Security Group Policy,Cloud Native Network 2.0 Settin", @@ -4501,7 +4608,7 @@ "uri":"cce_10_0196.html", "node_id":"cce_10_0196.xml", "product_code":"cce", - "code":"250", + "code":"256", "des":"In a CCE Turbo cluster, you can configure subnets and security groups for containers by namespace or workload using NetworkAttachmentDefinition CRDs. To configure a parti", "doc_type":"usermanual2", "kw":"Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configurati", @@ -4519,7 +4626,7 @@ "uri":"cce_10_0603.html", "node_id":"cce_10_0603.xml", "product_code":"cce", - "code":"251", + "code":"257", "des":"In Cloud Native Network 2.0, each pod is associated with an ENI, providing a static IP address to the StatefulSet pods (container ENI). This is a common practice in acces", "doc_type":"usermanual2", "kw":"Configuring a Static IP Address for a Pod,Cloud Native Network 2.0 Settings,User Guide", @@ -4537,7 +4644,7 @@ "uri":"cce_10_0734.html", "node_id":"cce_10_0734.xml", "product_code":"cce", - "code":"252", + "code":"258", "des":"In Cloud Native Network 2.0, pods use VPC ENIs or sub-ENIs for networking. You can directly bind EIPs to pods.To associate an EIP with a pod, simply set the value of the ", "doc_type":"usermanual2", "kw":"Configuring an EIP for a Pod,Cloud Native Network 2.0 Settings,User Guide", @@ -4555,7 +4662,7 @@ "uri":"cce_10_0651.html", "node_id":"cce_10_0651.xml", "product_code":"cce", - "code":"253", + "code":"259", "des":"In Cloud Native Network 2.0, static public IP addresses (EIPs) can be assigned to StatefulSets or pods created directly.You can configure a static EIP for a pod only in C", "doc_type":"usermanual2", "kw":"static EIPs,Configuring a Static EIP for a Pod,Cloud Native Network 2.0 Settings,User Guide", @@ -4573,7 +4680,7 @@ "uri":"cce_10_0604.html", "node_id":"cce_10_0604.xml", "product_code":"cce", - "code":"254", + "code":"260", "des":"By default, pods with IPv6 dual-stack ENIs can access only the IPv6 private network. To access the public network, configure shared bandwidth for such pods.Only CCE Turbo", "doc_type":"usermanual2", "kw":"Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack ENIs,Cloud Native Network 2.0 Settings,U", @@ -4591,7 +4698,7 @@ "uri":"cce_10_0904.html", "node_id":"cce_10_0904.xml", "product_code":"cce", - "code":"255", + "code":"261", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"VPC Network Settings", @@ -4609,7 +4716,7 @@ "uri":"cce_10_0283.html", "node_id":"cce_10_0283.xml", "product_code":"cce", - "code":"256", + "code":"262", "des":"The VPC network model seamlessly combines VPC routing with the underlying network, making it ideal for high-performance scenarios. However, the maximum number of nodes al", "doc_type":"usermanual2", "kw":"VPC Network Model,VPC Network Settings,User Guide", @@ -4627,7 +4734,7 @@ "uri":"cce_10_0680.html", "node_id":"cce_10_0680.xml", "product_code":"cce", - "code":"257", + "code":"263", "des":"If the container CIDR block configured during CCE cluster creation cannot meet service expansion requirements, you can add a container CIDR block for the cluster.This fun", "doc_type":"usermanual2", "kw":"Adding a Container CIDR Block for a Cluster,VPC Network Settings,User Guide", @@ -4645,7 +4752,7 @@ "uri":"cce_10_0677.html", "node_id":"cce_10_0677.xml", "product_code":"cce", - "code":"258", + "code":"264", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Tunnel Network Settings", @@ -4663,7 +4770,7 @@ "uri":"cce_10_0282.html", "node_id":"cce_10_0282.xml", "product_code":"cce", - "code":"259", + "code":"265", "des":"A container tunnel network creates a separate network plane for containers by using tunnel encapsulation on the host network plane. The container tunnel network of a CCE ", "doc_type":"usermanual2", "kw":"Tunnel Network Model,Tunnel Network Settings,User Guide", @@ -4681,7 +4788,7 @@ "uri":"cce_10_0675.html", "node_id":"cce_10_0675.xml", "product_code":"cce", - "code":"260", + "code":"266", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Pod Network Settings", @@ -4699,7 +4806,7 @@ "uri":"cce_10_0402.html", "node_id":"cce_10_0402.xml", "product_code":"cce", - "code":"261", + "code":"267", "des":"Kubernetes allows pods to directly use the host/node network. When a pod is configured with hostNetwork: true, applications running in the pod can directly view the netwo", "doc_type":"usermanual2", "kw":"Configuring hostNetwork for Pods,Pod Network Settings,User Guide", @@ -4717,8 +4824,8 @@ "uri":"cce_10_0382.html", "node_id":"cce_10_0382.xml", "product_code":"cce", - "code":"262", - "des":"Bandwidth preemption occurs between different containers deployed on the same node, which may cause service jitter. You can configure QoS rate limiting for inter-pod acce", + "code":"268", + "des":"Bandwidth preemption occurs between different containers deployed on the same node, which may cause service jitter. You can configure bandwidth limitation for the pod to ", "doc_type":"usermanual2", "kw":"Configuring QoS for a Pod,Pod Network Settings,User Guide", "search_title":"", @@ -4735,7 +4842,7 @@ "uri":"cce_10_0059.html", "node_id":"cce_10_0059.xml", "product_code":"cce", - "code":"263", + "code":"269", "des":"Network policies are designed by Kubernetes to restrict pod access. It is equivalent to a firewall at the application layer to enhance network security. The capabilities ", "doc_type":"usermanual2", "kw":"Configuring Network Policies to Restrict Pod Access,Pod Network Settings,User Guide", @@ -4749,11 +4856,29 @@ "title":"Configuring Network Policies to Restrict Pod Access", "githuburl":"" }, + { + "uri":"cce_10_0945.html", + "node_id":"cce_10_0945.xml", + "product_code":"cce", + "code":"270", + "des":"DataPlane V2 can be enabled for clusters that use Cloud Native 2.0 networks. After this function is enabled, eBPF redirection will be enabled for the capability of networ", + "doc_type":"usermanual2", + "kw":"DataPlane V2 Network Acceleration,Pod Network Settings,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"DataPlane V2 Network Acceleration", + "githuburl":"" + }, { "uri":"cce_10_0247.html", "node_id":"cce_10_0247.xml", "product_code":"cce", - "code":"264", + "code":"271", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Service", @@ -4771,7 +4896,7 @@ "uri":"cce_10_0249.html", "node_id":"cce_10_0249.xml", "product_code":"cce", - "code":"265", + "code":"272", "des":"After a pod is created, the following problems may occur if you directly access the pod:The pod can be deleted and recreated at any time by a controller such as a Deploym", "doc_type":"usermanual2", "kw":"Overview,Service,User Guide", @@ -4789,7 +4914,7 @@ "uri":"cce_10_0011.html", "node_id":"cce_10_0011.xml", "product_code":"cce", - "code":"266", + "code":"273", "des":"ClusterIP Services allow workloads in the same cluster to use their cluster-internal domain names to access each other.The cluster-internal domain name format is -

2025-02-10

+

2025-05-23

+ +

Update:

+ + + +

2025-05-12

+ +

Add:

+ +

Update:

+ + + +

2025-04-28

+ +

Updated Overview.

+ + +

2025-03-31

+ +

Update:

+ + + +

2025-03-10

+ +

Add:

+ +

Update:

+ +

Delete:

+ + + +

2025-02-28

+ +

Update:

+ + + +

2025-02-10

Add:

@@ -21,7 +62,7 @@

Add:

Update:

- +

Delete:

@@ -78,7 +119,7 @@

2024-06-26

- +

2024-05-30

diff --git a/docs/cce/umn/cce_10_0002.html b/docs/cce/umn/cce_10_0002.html index 5da4fd1c2..606c27a4c 100644 --- a/docs/cce/umn/cce_10_0002.html +++ b/docs/cce/umn/cce_10_0002.html @@ -1,11 +1,9 @@ -

Cluster Overview

+

Cluster Version Release Notes

Notes and Constraints

-

Precautions

+

Precautions

  • Only worker nodes can be reset. If the node is still unavailable after the resetting, delete the node and create a new one.
  • After a node is reset, the node OS will be reinstalled. Before resetting a node, drain the node to gracefully evict the pods running on the node to other available nodes. Perform this operation during off-peak hours.
  • After a node is reset, its system disk and data disks will be cleared. Back up important data before resetting a node.
  • If you reset a worker node that has an additional data disk attached on the ECS console, the attachment will be removed. To keep the data, you need to reattach the disk.
  • The IP addresses of the workload pods on the node will change, but the container network access is not affected.
  • There is remaining EVS disk quota.
  • When a node is reset, the backend will make it unschedulable.
  • Resetting a node will clear the Kubernetes labels and taints you added (those added by editing a node pool will not be lost). As a result, node-specific resources (such as local storage and workloads scheduled to this node) may be unavailable.
  • Resetting a node will cause PVC/PV data loss for the local PV associated with the node. These PVCs and PVs cannot be restored or used again. In this scenario, the pod that uses the local PV is evicted from the node. A new pod is created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.

Resetting Nodes in the Default Pool

  1. Log in to the CCE console and click the cluster name to access the cluster console.
  2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
  3. In the node list of the default pool, select one or more nodes to be reset and choose More > Reset Node in the Operation column.
  4. In the displayed dialog box, click Next.
  5. Specify node parameters.

    Compute Settings
    - @@ -87,7 +86,7 @@ @@ -107,7 +106,7 @@ - @@ -151,9 +150,9 @@ diff --git a/docs/cce/umn/cce_10_0007.html b/docs/cce/umn/cce_10_0007.html index d6606322a..58a09e8bc 100644 --- a/docs/cce/umn/cce_10_0007.html +++ b/docs/cce/umn/cce_10_0007.html @@ -105,7 +105,7 @@
    1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
    2. Click the Deployments tab and choose More > Disable/Enable Upgrade in the Operation column of the workload.
    3. In the dialog box that is displayed, click Yes.

    Managing Labels

    Labels are key-value pairs and can be attached to workloads. You can manage and select workloads by labels. You can add labels to multiple workloads or a specified workload.

    -
    1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
    2. Click the Deployments tab and choose More > Manage Label in the Operation column of the target workload.
    3. Click , enter a key and a value, and click OK.

      A key-value pair must contain 1 to 63 characters starting and ending with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.

      +
      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab and choose More > Manage Label in the Operation column of the target workload.
      3. Click , enter a key and a value, and click OK.

        A key-value pair must contain 1 to 63 characters starting and ending with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.

      diff --git a/docs/cce/umn/cce_10_0009.html b/docs/cce/umn/cce_10_0009.html index 6caddac75..a6e865329 100644 --- a/docs/cce/umn/cce_10_0009.html +++ b/docs/cce/umn/cce_10_0009.html @@ -10,7 +10,7 @@

      Enter the username and password used to access the third-party image repository.

    4. When creating a workload, enter a private image path in the format of domainname/namespace/imagename:tag in Image Name and select the key created in 1.
    5. Set other parameters and click Create Workload.
    -

    Using kubectl

    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
    2. Use kubectl to create a secret of the kubernetes.io/dockerconfigjson.

      kubectl create secret docker-registry myregistrykey  -n default --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
      +

      Using kubectl

      1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
      2. Use kubectl to create a secret of the kubernetes.io/dockerconfigjson.

        kubectl create secret docker-registry myregistrykey  -n default --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL

        In the preceding command, myregistrykey indicates the key name, default indicates the namespace where the key is located, and other parameters are as follows:

        • DOCKER_REGISTRY_SERVER: address of a third-party image repository, for example, www.3rdregistry.com or 10.10.10.10:443
        • DOCKER_USER: account used for logging in to a third-party image repository
        • DOCKER_PASSWORD: password used for logging in to a third-party image repository
        • DOCKER_EMAIL: email of a third-party image repository

      3. Use a third-party image to create a workload.

        A kubernetes.io/dockerconfigjson secret is used for authentication when you obtain a private image. The following is an example of using the myregistrykey for authentication.
        apiVersion: v1
diff --git a/docs/cce/umn/cce_10_0010.html b/docs/cce/umn/cce_10_0010.html
index 4625ee7f8..956fe1d6c 100644
--- a/docs/cce/umn/cce_10_0010.html
+++ b/docs/cce/umn/cce_10_0010.html
@@ -4,11 +4,11 @@
 
        You can learn about a cluster network from the following two aspects:
        
 
        • What is a cluster network like? A cluster consists of multiple nodes, and pods (or containers) are running on the nodes. Nodes and containers need to communicate with each other. For details about the cluster network types and their functions, see Cluster Network Structure.
        • How is pod access implemented in a cluster? Accessing a pod or container is a process of accessing services of a user. Kubernetes provides Service and Ingress to address pod access issues. This section summarizes common network access scenarios. You can select the proper scenario based on site requirements. For details about the network access scenarios, see Access Scenarios.
        
 
        Cluster Network Structure
        All nodes in the cluster are located in a VPC and use the VPC network. The container network is managed by dedicated network add-ons.
        
-
        
-
        • Node Network
          A node network assigns IP addresses to hosts (nodes in the figure above) in a cluster. Select a VPC subnet as the node network of the CCE cluster. The number of available IP addresses in a subnet determines the maximum number of nodes (including master nodes and worker nodes) that can be created in a cluster. This quantity is also affected by the container network. For details, see the container network model.
          
+
          
+
          • Node Network
            A node network assigns IP addresses to hosts (nodes in the figure above) in a cluster. Select a VPC subnet as the node network of the CCE cluster. The number of available IP addresses in a subnet determines the maximum number of nodes (including master nodes and worker nodes) that can be created in a cluster. This number is also affected by the container network. For details, see the container network model.
            
 
          • Container Network
            A container network assigns IP addresses to pods in a cluster. CCE inherits the IP-Per-Pod-Per-Network network model of Kubernetes. That is, each pod has an independent IP address on a network plane and all containers in a pod share the same network namespace. All pods in a cluster exist in a directly connected flat network. They can access each other through their IP addresses without using NAT. Kubernetes only provides a network mechanism for pods, but does not directly configure pod networks. The configuration of pod networks is implemented by specific container network add-ons. The container network add-ons are responsible for configuring networks for pods and managing container IP addresses.
            
 
            Currently, CCE supports the following container network models:
            
-
            • Container tunnel network: The container tunnel network is constructed on but independent of the node network through tunnel encapsulation. This network model uses VXLAN to encapsulate Ethernet packets into UDP packets and transmits them in tunnels. Open vSwitch serves as the backend virtual switch.
            • VPC network: The VPC network model seamlessly combines VPC routing with the underlying network, making it ideal for high-performance scenarios. However, the maximum number of nodes allowed in a cluster is determined by the VPC route quota. Each node is assigned a CIDR block of a fixed size. The VPC network model outperforms the container tunnel network model in terms of performance because it does not have tunnel encapsulation overhead. In addition, as VPC routing includes routes to node IP addresses and the container CIDR block, container pods in a cluster can be directly accessed from outside the cluster.
            • Developed by CCE, Cloud Native 2.0 network deeply integrates Elastic Network Interfaces (ENIs) and Sub Network Interfaces (sub-ENIs) of VPC. Container IP addresses are allocated from the VPC CIDR block. ELB passthrough networking is supported to direct access requests to containers. Security groups and EIPs are bound to deliver high performance.
            
+
            • Container tunnel network: The container tunnel network is constructed on but independent of the node network through tunnel encapsulation. This network model uses VXLAN to encapsulate Ethernet packets into UDP packets and transmits them in tunnels. Open vSwitch serves as the backend virtual switch.
            • VPC network: The VPC network model seamlessly combines VPC routing with the underlying network, making it ideal for high-performance scenarios. However, the maximum number of nodes allowed in a cluster is determined by the VPC route quota. Each node is assigned a CIDR block of a fixed size. The VPC network model outperforms the container tunnel network model in terms of performance because it does not have tunnel encapsulation overhead. In addition, as VPC routing includes routes to node IP addresses and the container CIDR block, container pods in a cluster can be directly accessed from outside the cluster.
            • Developed by CCE, Cloud Native Network 2.0 deeply integrates Elastic Network Interfaces (ENIs) and Sub Network Interfaces (sub-ENIs) of VPC. Container IP addresses are allocated from the VPC CIDR block. ELB passthrough networking is supported to direct access requests to containers. Security groups and EIPs are bound to deliver high performance.
            
 
            The performance, networking scale, and application scenarios of a container network vary according to the container network model. For details about the functions and features of different container network models, see Overview.
            
 
          • Service Network
            Service is also a Kubernetes object. Each Service has a static IP address. When creating a cluster on CCE, you can specify the Service CIDR block. The Service CIDR block cannot overlap with the node or container CIDR block. The Service CIDR block can be used only within a cluster.
            
 
          
@@ -25,9 +25,9 @@
 
        
 
        Access Scenarios
        Workload access scenarios can be categorized as follows:
        
 
        • Intra-cluster access: A ClusterIP Service is used for workloads in the same cluster to access each other.
        • Access from outside a cluster: A Service (NodePort or LoadBalancer type) or an ingress is recommended for a workload outside a cluster to access workloads in the cluster.
          • Access through the public network: An EIP should be bound to the node or load balancer.
          • Access through the private network: The workload can be accessed through the internal IP address of the node or load balancer. If workloads are located in different VPCs, a peering connection is required to enable communication between different VPCs.
          
-
        • The workload can access the external network as follows:
          • Accessing an intranet: The workload accesses the intranet address, but the implementation method varies depending on container network models. Ensure that the peer security group allows the access requests from the container CIDR block.
          • Accessing a public network: Assign an EIP to the node where the workload runs (when the VPC network or tunnel network model is used), bind an EIP to the pod IP address (when the Cloud Native Network 2.0 model is used), or configure SNAT rules through the NAT gateway. For details, see Accessing the Internet from a Container.
          
+
        • The workload can access the external network as follows:
          • Accessing an intranet: The workload accesses the intranet address, but the implementation method varies depending on container network models. Ensure that the peer security group allows the access requests from the container CIDR block.
          • Accessing a public network: Assign an EIP to the node where the workload runs (when a VPC network or tunnel network is used), bind an EIP to the pod IP address (when Cloud Native Network 2.0 is used), or configure SNAT rules through the NAT gateway. For details, see Accessing the Internet from a Container.
          
 
        
-
        Figure 3 Network access diagram
        
+
        Figure 3 Network access diagram
        
 
        
 
        
 
        
diff --git a/docs/cce/umn/cce_10_0011.html b/docs/cce/umn/cce_10_0011.html
index 2399fdf9e..ec6803eb6 100644
--- a/docs/cce/umn/cce_10_0011.html
+++ b/docs/cce/umn/cce_10_0011.html
@@ -4,15 +4,15 @@
 
        Scenario
        ClusterIP Services allow workloads in the same cluster to use their cluster-internal domain names to access each other.
        
 
        The cluster-internal domain name format is <Service name>.<Namespace of the workload>.svc.cluster.local:<Port>, for example, nginx.default.svc.cluster.local:80.
        
 
        Figure 1 shows the mapping relationships between access channels, container ports, and access ports.
        
-
        Figure 1 Intra-cluster access (ClusterIP)
        
+
        Figure 1 Intra-cluster access (ClusterIP)
        
 
        
-
        Creating a ClusterIP Service
        1. Log in to the CCE console and click the cluster name to access the cluster console.
        2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
        3. Configure intra-cluster access parameters.
          • Service Name: Specify a Service name, which can be the same as the workload name.
          • Service Type: Select ClusterIP.
          • Namespace: namespace that the workload belongs to.
          • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
          • Protocol Version: Select the IP address of different versions based on service requirements. This parameter is available only in clusters of v1.15 or later with IPv6 enabled (set during cluster creation).
          • Ports
            • Protocol: protocol used by the Service.
            • Service Port: port used by the Service. The port number ranges from 1 to 65535.
            • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
            
+
            Creating a ClusterIP Service
            1. Log in to the CCE console and click the cluster name to access the cluster console.
            2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
            3. Configure intra-cluster access parameters.
              • Service Name: Specify a Service name, which can be the same as the workload name.
              • Service Type: Select ClusterIP.
              • Namespace: namespace that the workload belongs to.
              • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
              • Protocol Version: Select the IP address of different versions based on service requirements.  This parameter is available only in clusters of v1.15 or later with IPv6 enabled (set during cluster creation).
              • Ports
                • Protocol: protocol used by the Service.
                • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                
 
              
 
            4. Click OK.
            
 
            
 
            Setting the Access Type Using kubectl
            You can configure Service access using kubectl. This section uses an Nginx workload as an example to describe how to implement intra-cluster access using kubectl.
            
-
            1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
            2. Create and edit the nginx-deployment.yaml and nginx-clusterip-svc.yaml files.
              The file names are user-defined. nginx-deployment.yaml and nginx-clusterip-svc.yaml are merely example file names.
              
-
              vi nginx-deployment.yaml
              apiVersion: apps/v1
+
              1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
              2. Create and edit the nginx-deployment.yaml file to configure the sample workload. For details, see Creating a Deployment. nginx-deployment.yaml is an example file name. You can rename it as needed.
                vi nginx-deployment.yaml
                
+
                File content:
                apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx
@@ -32,7 +32,8 @@ spec:
       imagePullSecrets:
       - name: default-secret
                
 
                
-
                vi nginx-clusterip-svc.yaml
                apiVersion: v1
+
              3. Create and edit the nginx-clusterip-svc.yaml file to configure Service parameters. nginx-clusterip-svc.yaml is an example file name. You can rename it as needed.
                vi nginx-clusterip-svc.yaml
                
+
                File content:
                apiVersion: v1
 kind: Service
 metadata:
   labels:
@@ -41,36 +42,39 @@ metadata:
 spec:
   ports:
   - name: service0
-    port: 8080                # Port for accessing a Service.
+    port: 8080                # Port for accessing a Service
     protocol: TCP             # Protocol used for accessing a Service. The value can be TCP or UDP.
     targetPort: 80            # Port used by a Service to access the target container. This port is closely related to the applications running in a container. In this example, the Nginx image uses port 80 by default.
   selector:                   # Label selector. A Service selects a pod based on the label and forwards the requests for accessing the Service to the pod. In this example, select the pod with the app:nginx label.
     app: nginx
   type: ClusterIP             # Type of a Service. ClusterIP indicates that a Service is only reachable from within the cluster.
                
 
                
-
              4. Create a workload.
                kubectl create -f nginx-deployment.yaml
                
-
                If information similar to the following is displayed, the workload has been created.
                
-
                deployment "nginx" created
                
-
                kubectl get po
                
-
                If information similar to the following is displayed, the workload is running.
                
+
              5. Create a workload.
                kubectl create -f nginx-deployment.yaml
                
+
                If information similar to the following is displayed, the workload has been created:
                
+
                deployment/nginx created
                
+
                Check the created workload.
                
+
                kubectl get pod
                
+
                If information similar to the following is displayed, the workload is running:
                
 
                NAME                     READY     STATUS             RESTARTS   AGE
 nginx-2601814895-znhbr   1/1       Running            0          15s
                
-
              6. Create a Service.
                kubectl create -f nginx-clusterip-svc.yaml
                
+
              7. Create a Service.
                kubectl create -f nginx-clusterip-svc.yaml
                
 
                If information similar to the following is displayed, the Service is being created:
                
-
                service "nginx-clusterip" created
                
-
                kubectl get svc
                
+
                service/nginx-clusterip created
                
+
                Check the created Service.
                
+
                kubectl get svc
                
 
                If information similar to the following is displayed, the Service has been created, and a cluster-internal IP address has been assigned to the Service.
                
 
                # kubectl get svc
 NAME              TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE
 kubernetes        ClusterIP   10.247.0.1     <none>        443/TCP    4d6h
 nginx-clusterip   ClusterIP   10.247.74.52   <none>        8080/TCP   14m
                
-
              8. Access the Service.
                A Service can be accessed from containers or nodes in a cluster.
                
-
                Create a pod, access the pod, and run the curl command to access IP address:Port or the domain name of the Service, as shown in the following figure.
                
-
                The domain name suffix can be omitted. In the same namespace, you can directly use nginx-clusterip:8080 for access. In other namespaces, you can use nginx-clusterip.default:8080 for access.
                
-
                # kubectl run -i --tty --image nginx:alpine test --rm /bin/sh
-If you do not see a command prompt, try pressing Enter.
-/ # curl 10.247.74.52:8080
-<!DOCTYPE html>
+
              9. Access the Service from a container or node in the cluster.
                1. Create a pod and access its container.
                  kubectl run -i --tty --image nginx:alpine test --rm /bin/sh
                  
+
                2. Run the curl command to access the Service.
                  • Access through IP:Port:
                    curl 10.247.74.52:8080
                    
+
                  • Access through Domain-name:Port:
                    curl nginx-clusterip.default.svc.cluster.local:8080
                    
+
                    nginx-clusterip is the Service name, default is the namespace where the Service is located, and svc.cluster.local is the DNS domain for the ClusterIP Service.
                    
+
                    You can simplify the domain name based on your requirements. For example, if the Service and the accessing pod are in the same namespace, you can use nginx-clusterip:8080 to access it. If they are in different namespaces, you can use nginx-clusterip.default:8080 to access it.
                    
+
                  
+
                  If the access is successful, the following information will be displayed:
                  
+
                  <!DOCTYPE html>
 <html>
 <head>
 <title>Welcome to nginx!</title>
@@ -94,19 +98,8 @@ Commercial support is available at
 
 <p><em>Thank you for using nginx.</em></p>
 </body>
-</html>
-/ # curl nginx-clusterip.default.svc.cluster.local:8080
-...
-<h1>Welcome to nginx!</h1>
-...
-/ # curl nginx-clusterip.default:8080
-...
-<h1>Welcome to nginx!</h1>
-...
-/ # curl nginx-clusterip:8080
-...
-<h1>Welcome to nginx!</h1>
-...
                  
+</html>
              
+
            
 
        
 
        
 
        
diff --git a/docs/cce/umn/cce_10_0012.html b/docs/cce/umn/cce_10_0012.html
index 935ed1c66..956534554 100644
--- a/docs/cce/umn/cce_10_0012.html
+++ b/docs/cce/umn/cce_10_0012.html
@@ -5,21 +5,21 @@
 
        
 
        Procedure
        1. Log in to the CCE console.
        2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
        3. In the upper right corner of the page, click Create Node Pool.
          Basic Settings
          
 
-
    Table 1 Configuration parameters

    Parameter

    @@ -67,10 +67,9 @@

    Data Disk

    At least one data disk is required for the container runtime and kubelet components in clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.

    -

    In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, if System Component Storage is set to System Disk, you have the option not to add the default data disk.

    -

    Click Expand to configure Data Disk Space Allocation, which is used to allocate space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Space Allocation of a Data Disk.

    -

    For other data disks, a raw disk is created without any processing by default. You can also click Expand and select Mount Disk to mount the data disk to a specified directory.

    +
    • At least one default data disk must be added for storing container runtime and kubelet components if System Component Storage is set to Data Disk. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable. This function is available for clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0.
    • If System Component Storage is set to System Disk, you do not need to add a default data disk. In this case, all data disks are common ones: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB. This function is available for clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later versions.
    +

    Click Expand to configure Data Disk Space Allocation. This allocates space for container engines, images, and ephemeral storage to ensure their proper running. For details about how to allocate data disk space, see Space Allocation of a Data Disk.

    +

    For other data disks, a raw disk is created without any processing by default. You can also click Expand and select Mount Disk to mount the data disk to a specified directory. Data disks can also be used as local PVs or local EVs.

    Resource Tag

    You can add resource tags to classify resources. A maximum of eight resource tags can be added.

    -

    You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency.

    +

    You can create predefined tags on the TMS console. These tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency.

    CCE will automatically create the CCE-Dynamic-Provisioning-Node=Node ID tag.

    Max. Pods

    Maximum number of pods that can run on the node, including the default system pods.

    +

    Maximum number of pods that can run on the node, including the default system pods.

    This limit prevents the node from being overloaded with pods.

    Data Disk

    Configure advanced settings for each data disk.

    -

    For the default data disk, click Expand to configure Data Disk Space Allocation, which is used to allocate space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Space Allocation of a Data Disk.

    -

    For a common data disk, click Expand and select attachment settings.

    -
    • Default: The data disk is attached as a raw disk without any settings.
    • Mount Disk: The data disk is attached to the service directory path. This parameter cannot be left blank or set to a key OS path such as the root directory.
    • Use as PV: The data disk is used as persistent storage volumes for PVCs. For details, see Local PVs.
    • Use as ephemeral volume: The data disk is used as ephemeral storage volumes for PVCs. For details, see Using a Local EV.
    +

    For the default data disk, click Expand to configure Data Disk Space Allocation. This allocates space for container engines, images, and ephemeral storage to ensure their proper running. For details about how to allocate data disk space, see Space Allocation of a Data Disk.

    +

    For a common data disk, click Expand and configure mount options.

    +
    • Default: The data disk is attached as a raw disk without any settings.
    • Mount Disk: The data disk is attached to the service directory path. This parameter cannot be left blank or set to a key OS path such as the root directory.
    • Use as PV: The data disk is used as persistent storage volumes for PVCs. For details, see Local PVs.
    • Use as ephemeral volume: The data disk is used as ephemeral storage volumes for PVCs. For details, see Local EV.
    - @@ -189,7 +189,7 @@ spec: 
    Hello

    Using kubectl

    -
    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
    2. Create a file named nginx-configmap.yaml and edit it.

      vi nginx-configmap.yaml

      +
      1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
      2. Create a file named nginx-configmap.yaml and edit it.

        vi nginx-configmap.yaml

        As shown in the following example, after the ConfigMap volume is mounted, a configuration file with the key as the file name and value as the file content is generated in the /etc/config directory of the container.

        apiVersion: apps/v1
 kind: Deployment
@@ -216,7 +216,7 @@ spec:
     - name: config-volume
       configMap:
         name: cce-configmap                 # Name of the referenced ConfigMap.
        -

      3. Create a workload.

        kubectl apply -f nginx-configmap.yaml

        +

      4. Create a workload.

        kubectl apply -f nginx-configmap.yaml

      5. After the workload runs properly, the SPECIAL_LEVEL and SPECIAL_TYPE files will be generated in the /etc/config directory. The contents of the files are Hello and CCE, respectively.

        1. Run the following command to view the created pod:
          kubectl get pod | grep nginx-configmap
          Expected output:
          nginx-configmap-***   1/1     Running   0              2m18s
          diff --git a/docs/cce/umn/cce_10_0016.html b/docs/cce/umn/cce_10_0016.html index 9710f1821..a3e802071 100644 --- a/docs/cce/umn/cce_10_0016.html +++ b/docs/cce/umn/cce_10_0016.html @@ -28,7 +28,7 @@ data:

          If the output is the same as the content in the secret, the secret has been set as an environment variable of the workload.

        Using kubectl

        -
        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
        2. Create a file named nginx-secret.yaml and edit it.

          vi nginx-secret.yaml

          +
          1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
          2. Create a file named nginx-secret.yaml and edit it.

            vi nginx-secret.yaml

            Content of the YAML file:

            • Added from secret: To add all data in a secret to environment variables, use the envFrom parameter. The keys in the secret will become names of environment variables in a workload.
              apiVersion: apps/v1
 kind: Deployment
@@ -83,7 +83,7 @@ spec:
       imagePullSecrets:
       - name: default-secret
            -

          3. Create a workload.

            kubectl apply -f nginx-secret.yaml

            +

          4. Create a workload.

            kubectl apply -f nginx-secret.yaml

          5. View the environment variables in the pod.

            1. Run the following command to view the created pod:
              kubectl get pod | grep nginx-secret
              Expected output:
              nginx-secret-***   1/1     Running   0              2m18s
              @@ -119,7 +119,7 @@ spec:
    Table 1 Basic settings

    Parameter

    +
    - - -
    Table 1 Basic settings

    Parameter

    Description

    +

    Description

    Node Pool Name

    +

    Node Pool Name

    Name of a node pool. By default, the name is in the format of Cluster name-nodepool-Random number. If you do not want to use the default name format, you can customize the name.

    +

    Name of a node pool. By default, the name is in the format of Cluster name-nodepool-Random number. If you do not want to use the default name format, you can customize the name.
    -

    Configurations

    +

    Node Configuration

    You can configure the flavor and OS of a cloud server, on which your containerized applications run.
    @@ -30,15 +30,15 @@ - @@ -78,7 +78,7 @@ @@ -92,22 +92,21 @@ - @@ -122,7 +121,7 @@ - @@ -162,7 +161,7 @@ @@ -240,7 +239,7 @@
    Table 2 Node configuration parameters

    Parameter

    Node Type

    Select a node type based on service requirements. Then, you can select a proper flavor from the node flavor list.

    -
    CCE standard clusters support the following node types:
    • ECS (VM): A virtualized ECS is used as a cluster node.
    +
    CCE standard clusters support the following node types:
    • ECS (VM): A virtualized ECS is used as a cluster node.
    -
    CCE Turbo clusters support the following node types:
    • ECS (VM): A virtualized ECS is used as a cluster node. A CCE Turbo cluster supports only the cloud servers that allow multiple ENIs. Select a server type displayed on the CCE console.
    +
    CCE Turbo clusters support the following node types:
    • ECS (VM): A VM ECS is used as a cluster node. A CCE Turbo cluster supports only the cloud servers that allow multiple ENIs. Select a server type displayed on the CCE console.

    Specifications

    Select a node flavor based on service requirements. The available node flavors vary depending on regions or AZs. For details, see the CCE console. For the supported node flavors, see Node Flavor Description.
    NOTE:
    • If a node pool is configured with multiple node flavors, only the flavors (which can be located in different AZs) of the same node type are supported. For example, a node pool consisting of general computing-plus nodes supports only general computing-plus node flavors, but not the flavors of general computing nodes.
    • A maximum of 10 node flavors can be added to a node pool (the flavors in different AZs are counted separately). When adding a node flavor, you can choose multiple AZs, but you need to specify them.
    • Nodes in a newly created node pool are created using the default flavor. If the resources for the default flavor are insufficient, node creation will fail.
    • After a node pool is created, the flavors of existing nodes cannot be deleted.
    +
    Select a node flavor based on service requirements. The available node flavors vary depending on regions. For details, see the CCE console. For the supported node flavors, see Node Flavor Description.
    NOTE:
    • If a node pool is configured with multiple node flavors, only the flavors (which can be located in different AZs) of the same node type are supported. For example, a node pool consisting of general computing-plus nodes supports only general computing-plus node flavors, but not the flavors of general computing nodes.
    • A maximum of 10 node flavors can be added to a node pool (the flavors in different AZs are counted separately). When adding a node flavor, you can choose multiple AZs, but you need to specify them.
    • Nodes in a newly created node pool are created using the default flavor. If the resources for the default flavor are insufficient, node creation will fail.
    • After a node pool is created, the flavors of existing nodes cannot be deleted.

    System Disk

    System disk used by the node OS. The value ranges from 40 GiB to 1024 GiB. The default value is 50 GiB.

    -
    System Disk Encryption: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. Only the nodes of the Elastic Cloud Server (VM) type in certain regions support system disk encryption. For details, see the console.
    • Not encrypted is selected by default.
    • If you select Enabled (key) for System Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
    • If you select Enabled (KMS key ID) for System Disk Encryption, enter a KMS key (which can be shared by others) in the current region.
    +
    System Disk Encryption: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. Only the nodes of the Elastic Cloud Server (VM) type in certain regions support system disk encryption. For details, see the console.
    • Not encrypted is selected by default.
    • If you select Enabled (key) for System Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
    • If you select Enabled (KMS key ID) for System Disk Encryption, enter a KMS key (which can be shared by others) in the current region.

    Data Disk

    At least one data disk is required for the container runtime and kubelet components in clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.
    • Default data disk: used for container runtime and kubelet components. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB.
    • Other common data disks: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.
    -
    -

    In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, if System Component Storage is set to System Disk, you have the option not to add the default data disk. In this case, all data disks are common ones: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.

    +
    • At least one default data disk must be added for storing container runtime and kubelet components if System Component Storage is set to Data Disk. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable. This function is available for clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0.
      • Default data disk: used for container runtime and kubelet components. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB.
      • Other common data disks: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.
      +
    • If System Component Storage is set to System Disk, you do not need to add a default data disk. In this case, all data disks are common ones: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB. This function is available for clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later versions.
    NOTE:
    • If the node flavor is disk-intensive or ultra-high I/O, one data disk can be a local disk.
    • Local disks may break down and do not ensure data reliability. Store your service data in EVS disks, which are more reliable than local disks.

    Advanced Settings

    -

    Expand the area and configure the following parameters:

    -
    • Data Disk Space Allocation: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Space Allocation of a Data Disk.
    • Data Disk Encryption: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting.
      • Not encrypted is selected by default.
      • If you select Enabled (key) for Data Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
      • If you select Enabled (KMS key ID) for Data Disk Encryption, enter a KMS key (which can be shared by others) in the current region.
      +

      Expand the area and configure the following parameters:

      +
      • Data Disk Space Allocation: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Space Allocation of a Data Disk.
      • Data Disk Encryption: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting.
        • Not encrypted is selected by default.
        • If you select Enabled (key) for Data Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
        • If you select Enabled (KMS key ID) for Data Disk Encryption, enter a KMS key (which can be shared by others) in the current region.
      -

      Adding data disks

      +

      Adding data disks

      A maximum of 16 data disks can be attached to an ECS. By default, a raw disk is created without any processing. You can also click Expand and select any of the following options:

      • Default: By default, a raw disk is created without any processing.
      • Mount Disk: The data disk is attached to a specified directory.
      • Use as PV: applicable when there is a high performance requirement on PVs. The node.kubernetes.io/local-storage-persistent label is added to the node with PV configured. The value is linear or striped.
      • Use as ephemeral volume: applicable when there is a high performance requirement on emptyDir.
      -
      NOTE:
      • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
      • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
      +

      PVs and EVs support the following write modes:

      +
      • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
      • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence. This allows data to be concurrently read and written. A storage pool consisting of striped volumes cannot be scaled-out. This option can be selected only when there are multiple volumes.
      +
      NOTE:
      • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
      • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
      -
      Local PVs and local EVs can be written in the following modes:
      • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
      • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence. This allows data to be concurrently read and written. A storage pool consisting of striped volumes cannot be scaled-out. This option can be selected only when multiple volumes exist.
      -

    Virtual Private Cloud

    +

    VPC

    The VPC to which the cluster belongs by default, which cannot be changed.

    Resource Tag

    You can add resource tags to classify resources.

    -

    You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency.

    +

    You can create predefined tags on the TMS console. These tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency.

    CCE will automatically create the "CCE-Dynamic-Provisioning-Node=Node ID" tag.
    -

  6. Click Next: Confirm.
  7. Click Submit.
    8. +

  8. Click Next: Confirm.
  9. Click Submit.
    10. diff --git a/docs/cce/umn/cce_10_0014.html b/docs/cce/umn/cce_10_0014.html index 411149513..9166892a1 100644 --- a/docs/cce/umn/cce_10_0014.html +++ b/docs/cce/umn/cce_10_0014.html @@ -18,13 +18,13 @@
  10. Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Service
    11. -
  11. Configuring Health Check on Multiple Ports of a LoadBalancer Service
    +
  12. Configuring Health Check on Multiple LoadBalancer Service Ports
  13. Configuring Passthrough Networking for a LoadBalancer Service
  14. Enabling a LoadBalancer Service to Obtain the Client IP Address
    15. -
  15. Configuring a Custom EIP for a LoadBalancer Service
    +
  16. Changing a Custom EIP for a LoadBalancer Service
  17. Setting the Pod Ready Status Through the ELB Health Check
    18. diff --git a/docs/cce/umn/cce_10_0015.html b/docs/cce/umn/cce_10_0015.html index 58fd588c4..9bb53d52f 100644 --- a/docs/cce/umn/cce_10_0015.html +++ b/docs/cce/umn/cce_10_0015.html @@ -2,7 +2,7 @@

    Using a ConfigMap

    After a ConfigMap is created, it can be used in three workload scenarios: environment variables, command line parameters, and data volumes.

    - +

    The following example shows how to use a ConfigMap.

    apiVersion: v1
 kind: ConfigMap
@@ -15,17 +15,17 @@ data:
 
  18. When a ConfigMap is used as an environment variable, data is not automatically updated when the ConfigMap is updated. To update the data, restart the pod.
    19.

    Configuring Environment Variables of a Workload

    Using the CCE console

    -
    1. Log in to the CCE console and click the cluster name to access the cluster console.
    2. In the navigation pane, choose Workloads. Then, click Create Workload in the upper right corner.

      When creating a workload, click Environment Variables in the Container Settings area, and click Add Variable.

      +
      1. Log in to the CCE console and click the cluster name to access the cluster console.
      2. In the navigation pane, choose Workloads. In the dialog box displayed, click Create Workload in the upper right corner.

        When creating a workload, click Environment Variables in the Container Settings area, and click Add Variable.

        • Added from ConfigMap: Select a ConfigMap to import all of its keys as environment variables.
        • Added from ConfigMap key: Import a key in a ConfigMap as the value of an environment variable.
          • Variable Name: name of an environment variable in the workload. The name can be customized and is set to the key name selected in the ConfigMap by default.
          • Variable Value/Reference: Select a ConfigMap and the key to be imported. The corresponding value is imported as a workload environment variable.

          For example, after you import the value Hello of SPECIAL_LEVEL in ConfigMap cce-configmap as the value of workload environment variable SPECIAL_LEVEL, an environment variable named SPECIAL_LEVEL with its value Hello exists in the container.

      3. Configure other workload parameters and click Create Workload.

        After the workload runs properly, log in to the container and run the following statement to check whether the ConfigMap has been set as an environment variable of the workload:

        printenv SPECIAL_LEVEL
        -

        The example output is as follows:

        +

        Example output:

        Hello

      Using kubectl

      -
      1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
      2. Create a file named nginx-configmap.yaml and edit it.

        vi nginx-configmap.yaml

        +
        1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
        2. Create a file named nginx-configmap.yaml and edit it.

          vi nginx-configmap.yaml

          Content of the YAML file:

          • Added from ConfigMap: To add all data in a ConfigMap to environment variables, use the envFrom parameter. The keys in the ConfigMap will become names of environment variables in the workload.
            apiVersion: apps/v1
 kind: Deployment
@@ -68,7 +68,7 @@ spec:
         image: nginx:latest
         env:                             # Set the environment variable in the workload.
         - name: SPECIAL_LEVEL           # Name of the environment variable in the workload.
-          valueFrom:                    # Specify a ConfigMap to be referenced by the environment variable.
+          valueFrom:                    # Use valueFrom to specify a ConfigMap to be referenced by environment variables.
             configMapKeyRef:
               name: cce-configmap       # Name of the referenced ConfigMap.
               key: SPECIAL_LEVEL        # Key in the referenced ConfigMap.
@@ -80,7 +80,7 @@ spec:
       imagePullSecrets:
       - name: default-secret
          -

        3. Create a workload.

          kubectl apply -f nginx-configmap.yaml

          +

        4. Create a workload.

          kubectl apply -f nginx-configmap.yaml

        5. View the environment variables in the pod.

          1. Run the following command to view the created pod:
            kubectl get pod | grep nginx-configmap
            Expected output:
            nginx-configmap-***   1/1     Running   0              2m18s
            @@ -102,11 +102,11 @@ echo $SPECIAL_LEVEL $SPECIAL_TYPE > /usr/share/nginx/html/index.html

          2. Configure other workload parameters and click Create Workload.

            After the workload runs properly, log in to the container and run the following statement to check whether the ConfigMap has been set as an environment variable of the workload:

            cat /usr/share/nginx/html/index.html
            -

            The example output is as follows:

            +

            Example output:

            Hello CCE

          Using kubectl

          -
          1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
          2. Create a file named nginx-configmap.yaml and edit it.

            vi nginx-configmap.yaml

            +
            1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
            2. Create a file named nginx-configmap.yaml and edit it.

              vi nginx-configmap.yaml
              In the following example, the cce-configmap ConfigMap is imported to the workload. SPECIAL_LEVEL and SPECIAL_TYPE are the environment variable names in the workload, which are key names in the cce-configmap ConfigMap.
              apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -134,7 +134,7 @@ spec:
       imagePullSecrets:
         - name: default-secret
              -

            3. Create a workload.

              kubectl apply -f nginx-configmap.yaml

              +

            4. Create a workload.

              kubectl apply -f nginx-configmap.yaml

            5. Wait until the workload runs properly. Then, data will be added the /usr/share/nginx/html/index.html file in the container.

              1. Run the following command to view the created pod:
                kubectl get pod | grep nginx-configmap
                Expected output:
                nginx-configmap-***   1/1     Running   0              2m18s
                @@ -144,7 +144,7 @@ spec:

    -

    Mounting a ConfigMap to the Workload Data Volume

    The data stored in a ConfigMap can be referenced in a volume of type ConfigMap. You can mount such a volume to a specified container path. The platform supports the separation of workload codes and configuration files. ConfigMap volumes are used to store workload configuration parameters. Before that, create ConfigMaps in advance. For details, see Creating a ConfigMap.

    +

    Mounting a ConfigMap to a Workload Data Volume

    The data stored in a ConfigMap can be referenced in a volume of type ConfigMap. You can mount such a volume to a specified container path. The platform supports the separation of workload codes and configuration files. ConfigMap volumes are used to store workload configuration parameters. Before that, create ConfigMaps in advance. For details, see Creating a ConfigMap.

    Using the CCE console

    1. Log in to the CCE console and click the cluster name to access the cluster console.
    2. In the navigation pane, choose Workloads. In the dialog box displayed, click Create Workload in the upper right corner.

      When creating a workload, click Data Storage in the Container Settings area. Click Add Volume and select ConfigMap from the drop-down list.

    3. Select parameters for mounting a ConfigMap volume, as shown in Table 1.

      @@ -163,14 +163,14 @@ spec:

    Mount Path

    Enter a mount path. After the ConfigMap volume is mounted, a configuration file with the key as the file name and value as the file content is generated in the mount path of the container.

    -
    This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
    NOTICE:

    If the container is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.

    +
    This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
    NOTICE:

    If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.

    Subpath

    Enter a subpath of the mount path.
    • A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path will be used by default.
    • The subpath can be the key and value of a ConfigMap or secret. If the subpath is a key-value pair that does not exist, the data import does not take effect.
    • The data imported by specifying a subpath will not be updated along with the ConfigMap/secret updates.
    +
    Enter a subpath of the mount path.
    • A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path will be used by default.
    • The subpath can be the key and value of a ConfigMap. If the subpath is a key-value pair that does not exist, the data import does not take effect.
    • The data imported by specifying a subpath will not be updated along with the ConfigMap updates.

    Subpath

    Enter a subpath of the mount path.

    -
    • A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path will be used by default.
    • The subpath can be the key and value of a ConfigMap or secret. If the subpath is a key-value pair that does not exist, the data import does not take effect.
    • The data imported by specifying a subpath will not be updated along with the ConfigMap/secret updates.
    +
    • A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path will be used by default.
    • The subpath can be the key and value of a secret. If the subpath is a key-value pair that does not exist, the data import does not take effect.
    • The data imported by specifying a subpath will not be updated along with the secret updates.

    Permission

    @@ -136,7 +136,7 @@ spec:

    The expected output is the same as the content in the secret.

    Using kubectl

    -
    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
    2. Create a file named nginx-secret.yaml and edit it.

      vi nginx-secret.yaml

      +
      1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
      2. Create a file named nginx-secret.yaml and edit it.

        vi nginx-secret.yaml
        In the following example, the username and password in the mysecret secret are saved in the /etc/foo directory as files.
        apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -155,15 +155,15 @@ spec:
       - name: container-1
         image: nginx:latest
         volumeMounts:
-       - name: foo
+        - name: foo
          mountPath: /etc/foo          # Mount to the /etc/foo directory.
-         readOnly: true
+          readOnly: true
     volumes:
     - name: foo
       secret:
         secretName: mysecret      # Name of the referenced secret.
        -
        You can also use the items field to control the mapping path of secret keys. For example, store username in the /etc/foo/my-group/my-username directory in the container.
        • If you use the items field to specify the mapping path of the secret keys, the keys that are not specified will not be created as files. For example, if the password key in the following example is not specified, the file will not be created.
        • If you want to use all keys in a secret, you must list all keys in the items field.
        • All keys listed in the items field must exist in the corresponding secret. Otherwise, the volume is not created.
        +
        You can also use the items field to control the mapping path of secret keys. For example, store username in the /etc/foo/my-group/my-username directory in the container.
        • If you use the items field to specify the mapping path of the secret keys, the keys that are not specified will not be created as files. For example, if the password key in the following example is not specified, the file will not be created.
        • If you want to use all keys in a secret, you must list all keys in the items field.
        • All keys listed in items must exist in target secrets. Otherwise, the volume is not created.
        apiVersion: apps/v1
 kind: Deployment
@@ -183,9 +183,9 @@ spec:
       - name: container-1
         image: nginx:latest
         volumeMounts:
-       - name: foo
+        - name: foo
          mountPath: /etc/foo          # Mount to the /etc/foo directory.
-         readOnly: true
+          readOnly: true
     volumes:
     - name: foo
       secret:
@@ -194,8 +194,8 @@ spec:
         - key: username      # Name of the referenced key.
           path: my-group/my-username    # Mapping path of the secret key
        -

      3. Create a workload.

        kubectl apply -f nginx-secret.yaml

        -

      4. After the workload runs properly, the username and password files are generated in the /etc/foo directory.

        1. Run the following command to view the created pod:
          kubectl get pod | grep nginx-secret
          +

        2. Create a workload.

          kubectl apply -f nginx-secret.yaml
          +

        3. After the workload runs properly, the username and password files will be generated in the /etc/foo directory.

          1. Run the following command to view the created pod:
            kubectl get pod | grep nginx-secret
            Expected output:
            nginx-secret-***   1/1     Running   0              2m18s
          2. Run the following command to view the username or password file in the pod:
            kubectl exec nginx-secret-*** -- cat /etc/foo/username
            diff --git a/docs/cce/umn/cce_10_0018.html b/docs/cce/umn/cce_10_0018.html index 823f4216d..a74b5b756 100644 --- a/docs/cce/umn/cce_10_0018.html +++ b/docs/cce/umn/cce_10_0018.html @@ -4,7 +4,7 @@

            CCE works with AOM to collect workload logs. When a node is created, ICAgent (a DaemonSet named icagent in the kube-system namespace of a cluster) of AOM is installed by default. ICAgent collects workload logs and reports them to AOM. You can view workload logs on the CCE or AOM console.

            Constraints

            ICAgent only collects text logs in .log, .trace, and .out formats.

            -

            Using ICAgent to Collect Logs

            1. When creating a workload, set logging for the container.
            2. Click to add a log policy.

              The following uses Nginx as an example. Log policies vary depending on workloads.

              +

              Using ICAgent to Collect Logs

              1. When creating a workload, set logging for the container.
              2. Click to add a log policy.

                The following uses Nginx as an example. Log policies vary depending on workloads.

              3. Set Volume Type to hostPath or emptyDir.

                @@ -42,7 +42,7 @@ @@ -154,8 +154,8 @@ spec: @@ -173,9 +173,9 @@ spec: diff --git a/docs/cce/umn/cce_10_0024.html b/docs/cce/umn/cce_10_0024.html index ca7e88caf..02f5f7fc4 100644 --- a/docs/cce/umn/cce_10_0024.html +++ b/docs/cce/umn/cce_10_0024.html @@ -11,7 +11,7 @@
                -
                Parent topic: Observability
                +
                Parent topic: O&M
                diff --git a/docs/cce/umn/cce_10_0026.html b/docs/cce/umn/cce_10_0026.html index 5605aa3ac..4ce73e548 100644 --- a/docs/cce/umn/cce_10_0026.html +++ b/docs/cce/umn/cce_10_0026.html @@ -1,13 +1,11 @@

                Viewing CTS Traces in the Trace List

                -

                Scenarios

                After you enable CTS and the management tracker is created, CTS starts recording operations on cloud resources. Cloud Trace Service (CTS) stores operation records (traces) generated in the last seven days.

                -

                These operation records are retained for seven days on the CTS console and are automatically deleted upon expiration. Manual deletion is not supported.

                -
                +

                Scenarios

                After you enable Cloud Trace Service (CTS) and the management tracker is created, CTS starts recording operations on cloud resources. CTS stores operation records (traces) generated in the last seven days.

                -

                Viewing Real-Time Traces

                1. Log in to the management console.
                2. Click in the upper left corner and choose Management & Deployment > Cloud Trace Service. The CTS console is displayed.
                3. Choose Trace List in the navigation pane on the left.
                4. Set filters to search for your desired traces, as shown in Figure 1. The following filters are available.
                  Figure 1 Filters
                  +

                  Viewing Real-Time Traces in the Trace List

                  1. Log in to the management console.
                  2. Click in the upper left corner and choose Management & Deployment > Cloud Trace Service. The CTS console is displayed.
                  3. Choose Trace List in the navigation pane on the left.
                  4. Set filters to search for your desired traces, as shown in Figure 1. The following filters are available.
                    Figure 1 Filters
                    • Trace Type, Trace Source, Resource Type, and Search By: Select a filter from the drop-down list.
                      • If you select Resource ID for Search By, specify a resource ID.
                      • If you select Trace name for Search By, specify a trace name.
                      • If you select Resource name for Search By, specify a resource name.
                      -
                    • Operator: Select a user.
                    • Trace Status: Select All trace statuses, Normal, Warning, or Incident.
                    • Time range: Select Last 1 hour, Last 1 day, or Last 1 week, or specify a custom time range within the last seven days.
                    +
                  5. Operator: Select a user.
                  6. Trace Status: Select All trace statuses, Normal, Warning, or Incident.
                  7. Time range: Select Last 1 hour, Last 1 day, or Last 1 week, or specify a custom time range within the last seven days.
                5. Click Query.
                6. On the Trace List page, you can also export and refresh the trace list.
                  • Click Export to export all traces in the query result as a CSV file. The file can contain up to 5,000 records.
                  • Click to view the latest information about traces.
                7. Click on the left of a trace to expand its details.

                  @@ -16,7 +14,7 @@

                8. Click View Trace in the Operation column. The trace details are displayed.

                  -
                9. For details about key fields in the trace structure, see section "Trace References" > "Trace Structure" and section "Trace References" > "Example Traces" in the CTS User Guide.
                +
              4. For details about key fields in the trace structure, see Trace Structure and Example Traces in the CTS User Guide.
                5. diff --git a/docs/cce/umn/cce_10_0028.html b/docs/cce/umn/cce_10_0028.html index 400b47ffd..cf61cb744 100644 --- a/docs/cce/umn/cce_10_0028.html +++ b/docs/cce/umn/cce_10_0028.html @@ -5,43 +5,44 @@

                Precautions

                • After a cluster is created, the following items cannot be changed:
                  • Cluster type
                  • Number of master nodes in the cluster
                  • AZ of a master node
                  • Network configurations of the cluster, such as the VPC, subnet, Service CIDR block, IPv6 settings, and kube-proxy settings
                  • Network model. For example, change Tunnel network to VPC network.
                -

                Step 1: Log In to the CCE Console

                1. Log in to the CCE console.
                2. On the Clusters page, click Create Cluster in the upper right corner.
                +

                Step 1: Log In to the CCE Console

                1. Log in to the CCE console.
                2. On the Clusters page, click Create Cluster.
                -

                Step 2: Configure the Cluster

                On the Create Cluster page, configure the parameters.

                +

                Step 2: Configure the Cluster

                On the Create Cluster page, configure the parameters.

                Basic Settings

                +

                -
                Table 1 Configuring log policies

                Parameter

                A collection path narrows down the scope of collection to specified logs.

                • If no collection path is specified, log files in .log, .trace, and .out formats will be collected from the specified path.
                • /Path/**/ indicates that all log files in .log, .trace, and .out formats will be recursively collected from the specified path and all subdirectories at 5 levels deep.
                • * in log file names indicates a fuzzy match.

                Example: The collection path /tmp/**/test*.log indicates that all .log files prefixed with test will be collected from /tmp and subdirectories at 5 levels deep.

                -
                CAUTION:

                Ensure that ICAgent is of v5.12.22 or later.

                +
                CAUTION:

                Ensure that ICAgent is of version 5.12.22 or later.

                Extended host path

                Extended host paths contain pod IDs or container names to distinguish different containers into which the host path is mounted.

                -

                A level-3 directory is added to the original volume directory/subdirectory. You can easily obtain the files output by a single Pod.

                -
                • None: No extended path is configured.
                • PodUID: ID of a pod.
                • PodName: name of a pod.
                • PodUID/ContainerName: ID of a pod or name of a container.
                • PodName/ContainerName: name of a pod or container.
                +

                A level-3 directory is added to the original volume directory/subdirectory. You can easily obtain the files output by a single Pod.

                +
                • None: No extended path is configured.
                • PodUID: ID of a pod.
                • PodName: name of a pod.
                • PodUID/ContainerName: ID of a pod or name of a container.
                • PodName/ContainerName: name of a pod or container.

                policy.logs.rotate

                @@ -163,7 +163,7 @@ spec:

                Log dump

                Log dump refers to rotating log files on a local host.

                -
                • Enabled: AOM scans log files every minute. When a log file exceeds 50 MB, it is dumped immediately. A new .zip file is generated in the directory where the log file locates. For a log file, AOM stores only the latest 20 .zip files. When the number of .zip files exceeds 20, earlier .zip files will be deleted. After the dump is complete, the log file in AOM will be cleared.
                • Disabled: AOM does not dump log files.
                +
                • Enabled: AOM scans log files every minute. When a log file exceeds 50 MB, it is dumped immediately. A new .zip file is generated in the directory where the log file locates. For a log file, AOM stores only the latest 20 .zip files. When the number of .zip files exceeds 20, earlier .zip files will be deleted. After the dump is complete, the log file in AOM will be cleared.
                • Disabled: AOM does not dump log files.
                NOTE:
                • AOM rotates log files using copytruncate. Before enabling log dumping, ensure that log files are written in the append mode. Otherwise, file holes may occur.
                • Currently, mainstream log components such as Log4j and Logback support log file rotation. If you have already set rotation for log files, skip the configuration. Otherwise, conflicts may occur.
                • You are advised to configure log file rotation for your own services to flexibly control the size and number of rolled files.

                Collection path

                A collection path narrows down the scope of collection to specified logs.

                -
                • If no collection path is specified, log files in .log, .trace, and .out formats will be collected from the specified path.
                • /Path/**/ indicates that all log files in .log, .trace, and .out formats will be recursively collected from the specified path and all subdirectories at 5 levels deep.
                • * in log file names indicates a fuzzy match.
                +
                • If no collection path is specified, log files in .log, .trace, and .out formats will be collected from the specified path.
                • /Path/**/ indicates that all log files in .log, .trace, and .out formats will be recursively collected from the specified path and all subdirectories at 5 levels deep.
                • * in log file names indicates a fuzzy match.

                Example: The collection path /tmp/**/test*.log indicates that all .log files prefixed with test will be collected from /tmp and subdirectories at 5 levels deep.

                -
                CAUTION:

                Ensure that ICAgent is of v5.12.22 or later.

                +
                CAUTION:

                Ensure that ICAgent is of version 5.12.22 or later.

                Parameter

                +
                - - - - - - - - - - -

                Parameter

                Description

                +

                Description

                Type

                +

                Type

                Select CCE Standard Cluster or CCE Turbo Cluster as required.

                +

                Select CCE Standard Cluster or CCE Turbo Cluster as required.

                • CCE standard clusters provide highly reliable and secure containers for commercial use.
                • CCE Turbo clusters use the high-performance cloud native network. Such clusters provide cloud native hybrid scheduling, achieving higher resource utilization and wider scenario coverage.

                For more details, see cluster types.

                Cluster Name

                +

                Cluster Name

                Enter a cluster name. Cluster names under the same account must be unique.

                +

                Enter a cluster name. Cluster names under the same account must be unique.

                Cluster Version

                +

                Cluster Version

                Select the Kubernetes version used by the cluster.

                +

                Select the Kubernetes version used by the cluster.

                Cluster Scale

                +

                Cluster Scale

                Select a cluster scale for your cluster as required. These values specify the maximum number of nodes that can be managed by the cluster.

                +

                Select a cluster scale for your cluster as required. These values specify the maximum number of nodes that can be managed by the cluster.

                Master Nodes

                +

                Master Nodes

                Select the number of master nodes. The master nodes are automatically hosted by CCE and deployed with Kubernetes cluster management components such as kube-apiserver, kube-controller-manager, and kube-scheduler.

                -
                • Multiple: Three master nodes will be created for high cluster availability.
                • Single: Only one master node will be created in your cluster.
                  NOTE:
                  • If more than half of the master nodes in a cluster are faulty, the cluster will not run properly.
                  +

                Select the number of master nodes. The master nodes are automatically hosted by CCE and deployed with Kubernetes cluster management components such as kube-apiserver, kube-controller-manager, and kube-scheduler.

                +
                • 3 Masters: Three master nodes will be created for high cluster availability.
                • Single: Only one master node will be created in your cluster.
                  NOTE:
                  • If more than half of the master nodes in a CCE cluster are faulty, the cluster cannot function properly.
                You can also select AZs for deploying the master nodes of a specific cluster. By default, AZs are allocated automatically for the master nodes.
                • Automatic: Master nodes are randomly distributed in different AZs for cluster DR. If the number of available AZs is less than the number of nodes to be created, CCE will create the nodes in the AZs with sufficient resources to preferentially ensure cluster creation. In this case, AZ-level DR may not be ensured.
                • Custom: Master nodes are deployed in specific AZs.
                  If there is one master node in your cluster, you can select one AZ for the master node. If there are multiple master nodes in your cluster, you can select multiple AZs for the master nodes.
                  • AZ: Master nodes are deployed in different AZs for cluster DR.
                  • Host: Master nodes are deployed on different hosts in the same AZ for cluster DR.
                  • Custom: Master nodes are deployed in the AZs you specified.
                  @@ -55,66 +56,90 @@

                  Network Settings

                  The network settings cover nodes, containers, and Services. For details about the cluster networking and container network models, see Overview.

                  +

                  -
                  Table 1 Cluster network settings

                  Parameter

                  +
                  - - - - - - - - -
                  Table 1 Cluster network settings

                  Parameter

                  Description

                  +

                  Description

                  VPC

                  +

                  VPC

                  Select the VPC to which the cluster belongs. If no VPC is available, click Create VPC to create one. The value cannot be changed after the cluster is created.

                  +

                  Select the VPC to which the cluster belongs. If no VPC is available, click Create VPC to create one. The value cannot be changed after the cluster is created.

                  Node Subnet

                  +

                  Node Subnet

                  Select the subnet to which the master nodes belong. If no subnet is available, click Create Subnet to create one. The value cannot be changed after the cluster is created.

                  +

                  Select the subnet to which the master nodes belong. If no subnet is available, click Create Subnet to create one. The value cannot be changed after the cluster is created.

                  Default Node Security Group

                  +

                  Default Node Security Group

                  Select the security group automatically generated by CCE or use the existing one as the default security group of the node.
                  NOTICE:

                  The default security group must allow traffic from certain ports to ensure normal communication. Otherwise, the node cannot be created. For details, see Configuring Cluster Security Group Rules.

                  +
                  Select the security group automatically generated by CCE or use the existing one as the default security group of the node.
                  NOTICE:

                  The default security group must allow traffic from certain ports to ensure normal communication. Otherwise, the node cannot be created. For details, see Configuring Cluster Security Group Rules.

                  IPv6

                  +

                  IPv6

                  If enabled, cluster resources, including nodes and workloads, can be accessed through IPv6 CIDR blocks.

                  +

                  If enabled, cluster resources, including nodes and workloads, can be accessed through IPv6 CIDR blocks.

                  • IPv4/IPv6 dual stack is not supported by clusters using the VPC networks.
                  +

                  -
                  Table 2 Container network settings

                  Parameter

                  +
                  - - - - - - - - - + + + + + + + + + @@ -122,89 +147,91 @@
                  Table 2 Container network settings

                  Parameter

                  Description

                  +

                  Description

                  Network Model

                  +

                  Network Model

                  Select VPC network or Tunnel network for your CCE standard cluster.

                  +

                  Select VPC network or Tunnel network for your CCE standard cluster.

                  Select Cloud Native Network 2.0 for your CCE Turbo cluster.

                  For more information about their differences, see Overview.

                  Container CIDR Block

                  +

                  DataPlane V2 (supported by CCE Turbo clusters)

                  Specify the CIDR block for containers, which determines the maximum number of containers allowed in the cluster. This parameter is available only for CCE standard clusters.

                  +

                  DataPlane V2 uses eBPF to enable features like Service ClusterIP, NetworkPolicy, and egress bandwidth. For details, see DataPlane V2 Network Acceleration.

                  +

                  This function is available for new clusters of v1.27 or later. After this function is enabled, CCE will automatically deploy the cilium-agent on every node in the cluster. Each cilium-agent will use 80 MiB of memory, and the memory usage will increase by 10 KiB whenever a new pod is added. After the cluster is created, you cannot disable this function. Additionally, the nodes can run only HCE OS 2.0. Therefore, enable this function only when you fully understand the constraints in DataPlane V2 Network Acceleration.

                  +
                  NOTE:

                  CCE DataPlane V2 is released with restrictions. To use this feature, submit a service ticket to CCE.

                  +

                  Pod Subnet

                  +

                  Network Policies (supported by CCE standard clusters using a tunnel network)

                  Select the subnet to which the pod belongs. If no subnet is available, click Create Subnet to create one. This parameter is available only for CCE Turbo clusters. The pod subnet determines the maximum number of containers in a cluster. You can add pod subnets after a cluster is created.

                  +

                  Policy-based network control for clusters. For details, see Configuring Network Policies to Restrict Pod Access.

                  +

                  After this function is enabled, if the CIDR blocks of a customer's service conflict with the on-premises CIDR blocks, the link to a newly added gateway may not be established.

                  +

                  For example, when a cluster accesses an external address through a Direct Connect connection, the external switch does not support ip-option. If the network policy is enabled, the network access may fail.

                  Default Security Group

                  +

                  Container CIDR Block

                  Select the security group automatically generated by CCE or use the existing one as the default security group of the containers.
                  NOTICE:

                  The default security group of containers must allow access from specified ports to ensure proper communication between containers in the cluster. For details about how to configure security group ports, see How Can I Configure a Security Group Rule in a Cluster?

                  +

                  Specify the CIDR block for containers, which determines the maximum number of containers allowed in the cluster. This parameter is available only for CCE standard clusters. CCE standard clusters allow both manual and automatic CIDR block settings.

                  +
                  • Manually set: You can customize the container CIDR blocks as needed. For cross-VPC passthrough networking, make sure the container CIDR block does not overlap with the VPC CIDR block to be accessed to prevent conflicts. For details, see Planning CIDR Blocks for a Cluster. The VPC network model allows you to configure multiple CIDR blocks, and container CIDR blocks can be added even after the cluster is created. For details, see Adding a Container CIDR Block for a Cluster.
                  • Auto select: CCE will randomly allocate a non-conflicting CIDR block from the ranges 172.16.0.0/16 to 172.31.0.0/16, or from 10.0.0.0/12, 10.16.0.0/12, 10.32.0.0/12, 10.48.0.0/12, 10.64.0.0/12, 10.80.0.0/12, 10.96.0.0/12, and 10.112.0.0/12. Since the allocated CIRD block cannot be modified after the cluster is created, you are advised to manually configure the CIDR blocks, especially in commercial scenarios.
                  +

                  Pod IP Addresses Reserved for Each Node (supported by CCE standard clusters using a VPC network)

                  +

                  Specify the number of container IP addresses that can be allocated to each node (alpha.cce/fixPoolMask) when creating a cluster. This parameter determines the maximum number of pods that can be created on each node and cannot be changed after the cluster is created.

                  +

                  When a container network is used, each pod occupies one IP address. If a node's reserved container IP addresses are insufficient, pods cannot be created. For details, see Number of Allocatable Container IP Addresses on a Node.

                  +

                  Pod Subnet

                  +

                  Select the subnet to which the pod belongs. If no subnet is available, click Create Subnet to create one. This parameter is available only for CCE Turbo clusters. The pod subnet determines the maximum number of containers in a cluster. You can add pod subnets after a cluster is created.

                  +

                  Default Security Group

                  +
                  Select the security group automatically generated by CCE or use the existing one as the default security group of the containers.
                  NOTICE:

                  The default security group of containers must allow access from specified ports to ensure proper communication between containers in the cluster. For details about how to configure security group ports, see How Do I Harden the Automatically Created Security Group Rules for CCE Cluster Nodes?
                  +

                  -
                  Table 3 Service network settings

                  Parameter

                  +
                  - - - - - - -
                  Table 3 Service network settings

                  Parameter

                  Description

                  +

                  Description

                  Service CIDR Block

                  +

                  Service CIDR Block

                  Configure the Service CIDR blocks for containers in the same cluster to access each other. The value determines the maximum number of Services you can create. The value cannot be changed after the cluster is created.

                  +

                  Configure the Service CIDR blocks for containers in the same cluster to access each other. The value determines the maximum number of Services you can create. The value cannot be changed after the cluster is created.

                  Request Forwarding

                  +

                  Request Forwarding

                  Select IPVS or iptables for your cluster. For details, see Comparing iptables and IPVS.

                  -
                  • iptables is the traditional kube-proxy mode. This mode applies to the scenario where the number of Services is small or a large number of short connections are concurrently sent on the client. IPv6 clusters do not support iptables.
                  • IPVS allows higher throughput and faster forwarding. This mode applies to scenarios where the cluster scale is large or the number of Services is large.
                  +

                  Select IPVS or iptables for your cluster. For details, see Comparing iptables and IPVS.

                  +
                  • iptables is the traditional kube-proxy mode. This mode applies to the scenario where the number of Services is small or a large number of short connections are concurrently sent on the client. IPv6 clusters do not support iptables.
                  • IPVS allows higher throughput and faster forwarding. This mode is suitable for large cluster scales or when there are a large number of Services.

                  IPv6 Service CIDR Block

                  +

                  IPv6 Service CIDR Block

                  Configure this parameter only when IPv6 dual stack is enabled for a CCE Turbo cluster. This configuration cannot be modified after the cluster is created.

                  +

                  Configure this parameter only when IPv6 dual stack is enabled for a CCE Turbo cluster. This configuration cannot be modified after the cluster is created.

                  (Optional) Advanced Settings

                  +

                  -

                  Parameter

                  +
                  - - - - - - - - - - - - - - - - - - - @@ -212,42 +239,53 @@

                  Step 3: Select Add-ons

                  Click Next: Select Add-on. On the page displayed, select the add-ons to be installed during cluster creation.

                  +

                  Basic capabilities

                  -

                  Parameter

                  Description

                  +

                  Description

                  IAM Authentication

                  +

                  IAM Authentication

                  CCE clusters support IAM authentication. You can call IAM authenticated APIs to access CCE clusters.

                  +

                  CCE clusters support IAM authentication. You can call IAM authenticated APIs to access CCE clusters.

                  Certificate Authentication

                  +

                  Certificate Authentication

                  • If Automatically generated is selected, the X509-based authentication mode will be enabled by default. X509 is a commonly used certificate format.
                  • If Bring your own is selected, the cluster can identify users based on the header in the request body for authentication.

                    Upload your CA root certificate, client certificate, and private key.

                    +
                  • If Automatically generated is selected, the X.509-based authentication mode will be enabled by default. X.509 is a commonly used certificate format.
                  • If Bring your own is selected, the cluster can identify users based on the header in the request body for authentication.

                    Upload your CA root certificate, client certificate, and private key.

                    CAUTION:
                    • Upload a file smaller than 1 MB. The CA certificate and client certificate can be in .crt or .cer format. The private key of the client certificate can only be uploaded unencrypted.
                    • The validity period of the client certificate must be longer than five years.
                    • The uploaded CA root certificate is used by the authentication proxy and for configuring the kube-apiserver aggregation layer. If any of the uploaded certificates is invalid, the cluster cannot be created.
                    • Starting from v1.25, Kubernetes no longer supports certificate authentication generated using the SHA1WithRSA or ECDSAWithSHA1 algorithm. The certificate authentication generated using the SHA256 algorithm is supported instead.

                  CPU Management

                  +

                  CPU Management

                  If enabled, exclusive CPU cores can be allocated to workload pods. For details, see CPU Policy.

                  +

                  If enabled, exclusive CPU cores can be allocated to workload pods. For details, see CPU Policy.

                  Disk Encryption for Master Nodes

                  +

                  Disk Encryption for Master Nodes

                  If enabled, dynamic data and static data on disks can be encrypted, providing powerful security protection for your data.

                  +

                  If enabled, dynamic data and static data on disks can be encrypted, providing powerful security protection for your data.

                  After encryption, the disk read/write performance deteriorates, and the configuration cannot be modified after the cluster is created.

                  This function is available only for clusters of v1.25 or later.

                  Overload Control

                  +

                  Overload Control

                  After this function is enabled, concurrent requests will be dynamically controlled based on the resource demands received by master nodes to ensure the stable running of the master nodes and the cluster. For details, see Enabling Overload Control for a Cluster.

                  +

                  After this function is enabled, concurrent requests will be dynamically controlled based on the resource demands received by master nodes to ensure the stable running of the master nodes and the cluster. For details, see Enabling Overload Control for a Cluster.

                  Cluster Deletion Protection

                  +

                  Cluster Deletion Protection

                  A measure taken to prevent accidental deletion of clusters through the console or APIs. After this function is enabled, you will not be able to delete or unsubscribe from clusters on CCE. You can modify the function status in the cluster Settings after creating it.

                  +

                  A measure taken to prevent accidental deletion of clusters through the console or APIs. After this function is enabled, you will not be able to delete or unsubscribe from clusters on CCE. You can modify the function status in the cluster Settings after creating it.

                  Time Zone

                  +

                  Time Zone

                  The cluster's scheduled tasks and nodes are subject to the chosen time zone.

                  +

                  The cluster's scheduled tasks and nodes are subject to the chosen time zone.

                  Resource Tag

                  +

                  Resource Tag

                  You can add resource tags to classify resources. A maximum of 20 resource tags can be added.

                  -

                  You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency.

                  +

                  You can add resource tags to classify resources. A maximum of 20 resource tags can be added.

                  +

                  You can create predefined tags on the TMS console. These tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency.

                  Description

                  +

                  Description

                  You can enter description for the cluster. A maximum of 200 characters are allowed.

                  +

                  You can enter description for the cluster. A maximum of 200 characters are allowed.

                  Add-on Name

                  +
                  - - - - - - -

                  Add-on Name

                  Description

                  +

                  Description

                  CCE Container Network (Yangtse CNI)

                  +

                  CCE Container Network (Yangtse CNI)

                  This is the basic cluster add-on. It provides network connectivity, Internet access, and security isolation for pods in your cluster.

                  +

                  This is the basic cluster add-on. It provides network connectivity, Internet access, and security isolation for pods in your cluster.

                  CCE Container Storage (Everest)

                  +

                  CCE Container Storage (Everest)

                  This add-on (CCE Container Storage (Everest)) is installed by default. It is a cloud native container storage system based on CSI and supports cloud storage services such as EVS.

                  +

                  This add-on (CCE Container Storage (Everest)) is installed by default. It is a cloud native container storage system based on CSI and supports cloud storage services such as EVS.

                  CoreDNS

                  +

                  CoreDNS

                  This add-on (CoreDNS) is installed by default. It provides DNS resolution for your cluster and can be used to access the in-cloud DNS server.

                  +

                  This add-on (CoreDNS) is installed by default. It provides DNS resolution for your cluster and can be used to access the in-cloud DNS server.
                  Observability -

                  Add-on Name

                  +
                  - - - + + + + + + @@ -282,16 +320,30 @@

                  Add-on Name

                  Description

                  +

                  Description

                  CCE Node Problem Detector

                  +

                  Cloud Native Cluster Monitoring

                  (Optional) If selected, this add-on (CCE Node Problem Detector) will be automatically installed to detect faults and isolate nodes for prompt cluster troubleshooting.

                  +

                  (Optional) If selected, this add-on (Cloud Native Cluster Monitoring) will be automatically installed. Cloud Native Cluster Monitoring collects monitoring metrics for your cluster and reports the metrics to AOM. The agent mode does not support HPA based on custom Prometheus statements. If related functions are required, install this add-on manually after the cluster is created.

                  +

                  Cloud Native Logging

                  +

                  (Optional) If selected, this add-on (Cloud Native Log Collection) will be automatically installed. Cloud Native Logging helps report logs to LTS. After the cluster is created, you are allowed to obtain and manage collection rules on the Logging page of the CCE cluster console.

                  +

                  CCE Node Problem Detector

                  +

                  (Optional) If selected, this add-on (CCE Node Problem Detector) will be automatically installed to detect faults and isolate nodes for prompt cluster troubleshooting.
                  -
                  Observability -
                  - - + + + + + - @@ -33,12 +43,12 @@ - - @@ -66,7 +76,7 @@ - @@ -75,13 +85,13 @@ - - - @@ -224,10 +250,10 @@ - - @@ -386,42 +412,72 @@

                  Add-on Name

                  +

                  Observability

                  +

                  +
                  +
                  - - - + + + + + + @@ -302,7 +354,7 @@

                  Step 5: Confirm the Configuration

                  After the parameters are specified, click Next: Confirm configuration. The cluster resource list is displayed. Confirm the information and click Submit.

                  It takes about 5 to 10 minutes to create a cluster. You can click Back to Cluster List to perform other operations on the cluster or click Go to Cluster Events to view the cluster details.

                  -

                  Related Operations

                  +

                  Related Operations

                  diff --git a/docs/cce/umn/cce_10_0031.html b/docs/cce/umn/cce_10_0031.html index 82e33eddc..4e83e4dc2 100644 --- a/docs/cce/umn/cce_10_0031.html +++ b/docs/cce/umn/cce_10_0031.html @@ -8,7 +8,7 @@
                • Enabling Overload Control for a Cluster
                  • -
                • Changing Cluster Scale
                  +
                • Changing a Cluster Scale
                • Changing the Default Security Group of a Node
                  • diff --git a/docs/cce/umn/cce_10_0034.html b/docs/cce/umn/cce_10_0034.html index a244294fb..ef2c393fd 100644 --- a/docs/cce/umn/cce_10_0034.html +++ b/docs/cce/umn/cce_10_0034.html @@ -4,26 +4,26 @@

                  Introduction

                  Kubernetes uses kube-proxy to expose Services and provide load balancing. The implementation is at the transport layer. When it comes to Internet applications, where a bucket-load of information is generated, forwarding needs to be more fine-grained, precisely and flexibly controlled by policies and load balancers to deliver higher performance.

                  This is where ingresses enter. Ingresses provide application-layer forwarding functions, such as virtual hosts, load balancing, SSL proxy, and HTTP routing, for Services that can be directly accessed outside a cluster.

                  Kubernetes has officially released the Nginx-based Ingress controller. CCE Nginx Ingress controller directly uses community templates and images. The NGINX Ingress Controller generates Nginx configuration and stores the configuration using ConfigMap. The configuration will be written to Nginx pods through the Kubernetes API. In this way, the Nginx configuration is modified and updated. For details, see How the Add-on Works.

                  -

                  Open source community: https://github.com/kubernetes/ingress-nginx

                  +

                  Open-source community: https://github.com/kubernetes/ingress-nginx

                  • Starting from version 2.3.3, NGINX Ingress Controller only supports TLS v1.2 and v1.3 by default. If the TLS version is earlier than v1.2, an error will occur during the negotiation process between the client and Nginx Ingress. If more versions of TLS are needed, see TLS/HTTPS.
                  • When installing the NGINX Ingress Controller, you can specify Nginx parameters. These parameters take effect globally and are contained in the nginx.conf file. You can search for the parameters in ConfigMaps. If the parameters are not included in ConfigMaps, the configurations will not take effect.
                  • Do not manually modify or delete the load balancer and listener that are automatically created by CCE. Otherwise, the workload will be abnormal. If you have modified or deleted them by mistake, uninstall the nginx-ingress add-on and re-install it.
                  -

                  How the Add-on Works

                  NGINX Ingress Controller consists of the ingress object, ingress controller, and Nginx. The ingress controller assembles ingresses into the Nginx configuration file (nginx.conf) and reloads Nginx to make the changed configurations take effect. When it detects that the pod in a Service changes, it dynamically changes the upstream server group configuration of Nginx. In this case, the Nginx process does not need to be reloaded. Figure 1 shows how this add-on works.

                  +

                  How the Add-on Works

                  An Nginx ingress consists of the ingress object, ingress controller, and Nginx. The ingress controller assembles ingresses into the Nginx configuration file (nginx.conf) and reloads Nginx to make the configuration changes apply. When it detects that the pod in a Service changes, it dynamically changes the upstream server group configuration of Nginx. In this case, the Nginx process does not need to be reloaded. Figure 1 shows how this add-on works.

                  • An ingress is a group of access rules that forward requests to specified Services based on domain names or URLs. Ingresses are stored in the object storage service etcd and are added, deleted, modified, and queried through APIs.
                  • The ingress controller monitors the changes of resource objects such as ingresses, Services, endpoints, secrets (mainly TLS certificates and keys), nodes, and ConfigMaps in real time and automatically performs operations on Nginx.
                  • Nginx implements load balancing and access control at the application layer.
                  -
                  Figure 1 Working principles of NGINX Ingress Controller
                  +
                  Figure 1 Working principles of NGINX Ingress Controller
                  -

                  Precautions

                  • For clusters earlier than v1.23, kubernetes.io/ingress.class: "nginx" must be added to the annotation of the ingress created through the API.
                  • A dedicated load balancer must be of the network type (TCP/UDP) and support private networks (with a private IP address).
                  • If the node where NGINX Ingress Controller runs and containers on this node cannot access Nginx ingress, you need to configure anti-affinity for the workload pods and Nginx Ingress Controller. For details, see Configuring Anti-affinity Between a Workload and Nginx Ingress Controller.
                  • During the NGINX Ingress Controller pod upgrade, 10s are reserved for deleting the NGINX Ingress Controller at the ELB backend.
                  • The timeout duration for the graceful exit of the NGINX Ingress Controller is 300s. If the timeout duration is longer than 300s during the upgrade of the NGINX Ingress Controller, persistent connections will be disconnected, and connectivity will be interrupted for a short period of time.
                  +

                  Precautions

                  • For clusters earlier than v1.23, kubernetes.io/ingress.class: "nginx" must be added to the annotation of the ingress created through the API.
                  • A dedicated load balancer must be of the network type (TCP/UDP) and support private networks (with a private IP address).
                  • If the node where NGINX Ingress Controller runs and containers on this node cannot access Nginx ingress, you need to configure anti-affinity for the workload pods and Nginx Ingress Controller. For details, see Configuring Anti-Affinity Between a Workload and Nginx Ingress Controller.
                  • During the NGINX Ingress Controller pod upgrade, 10s are reserved for deleting the NGINX Ingress Controller at the ELB backend.
                  • The timeout duration for the graceful exit of the NGINX Ingress Controller is 300s. If the timeout duration is longer than 300s during the upgrade of the NGINX Ingress Controller, persistent connections will be disconnected, and connectivity will be interrupted for a short period of time.

                  Prerequisites

                  Before installing this add-on, you have one available cluster and there is a node running properly. If no cluster is available, create one according to Creating a CCE Standard/Turbo Cluster.

                  -

                  Installing the Add-on

                  1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate NGINX Ingress Controller on the right, and click Install.
                  2. On the Install Add-on page, configure the specifications as needed.

                    You can adjust the number of add-on instances and resource quotas as required. High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.

                    -

                  3. Configure the add-on parameters.

                    • Ingress Class: Enter a custom controller name, which uniquely identifies an Ingress controller. The name of each controller in the same cluster must be unique and cannot be set to cce. (cce is the unique identifier of the ELB Ingress Controller.) When creating an Ingress, you can specify the controller name to declare which controller should manage this Ingress.
                    • Namespace for add-on installation: Select a namespace for the ingress controller.
                    • Load Balancer: Select a shared or dedicated load balancer. If no load balancer is available, create one. The load balancer has at least two listeners, and ports 80 and 443 are not occupied by listeners.
                    • Admission Check: Admission control is performed on Ingresses to ensure that the controller can generate valid configurations. Admission verification is performed on the configuration of Nginx Ingresses. If the verification fails, the request will be intercepted. For details about admission verification, see Access Control.
                      • Admission check slows down the responses to Ingress requests.
                      • Only add-ons of version 2.4.1 or later support admission verification.
                      +

                      Installing the Add-on

                      1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate NGINX Ingress Controller on the right, and click Install.
                      2. On the Install Add-on page, configure the specifications as needed.

                        You can adjust the number of add-on pods and resource quotas as required. High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.

                        +

                      3. Configure the add-on parameters.

                        • Ingress Class: Enter a controller name. The name of each controller in the same cluster must be unique and cannot be set to cce (which is the unique identifier of the ELB ingress controller.) When creating an ingress, you can specify the controller name to declare which controller should manage this ingress.
                        • Add-on Namespace: Select a namespace for the ingress controller.
                        • Load Balancer: Select a shared or dedicated load balancer. If no load balancer is available, create one. The load balancer has at least two listeners, and ports 80 and 443 are not occupied by listeners.
                        • Admission Check: Admission control is performed on Ingresses to ensure that the controller can generate valid configurations. Admission verification is performed on the configuration of Nginx Ingresses. If the verification fails, the request will be intercepted. For details about admission verification, see Access Control.
                          • Admission check slows down the responses to Ingress requests.
                          • Only add-ons of version 2.4.1 or later support admission verification.
                          -
                        • Nginx Parameters: You can configure the nginx.conf file, which will affect all managed ingresses. You can select GUI or YAML. GUI is supported by the NGINX Ingress Controller of version 2.2.75, 2.6.26, 3.0.1, or later.

                          To configure custom parameters supported by the Kubernetes community, choose YAML and find the related parameters in ConfigMaps. For example, you can use the keep-alive-requests parameter to describe how to set the maximum number of requests for keeping active connections to 100.

                          +
                        • Nginx Parameters: You can configure the nginx.conf file, which will affect all managed ingresses. You can select GUI or YAML. GUI is supported by the NGINX Ingress Controller of version 2.2.75, 2.6.26, 3.0.1, or later.

                          To configure custom parameters supported by the Kubernetes community, choose YAML and find the related parameters in ConfigMaps. For example, you can use the keep-alive-requests parameter to describe how to set the maximum number of requests for keeping active connections to 100.

                          {
     "keep-alive-requests": "100"
 }
                          -
                          • If the parameters you configure are not listed in ConfigMaps, the configurations will not take effect.
                          • The parameter value must be a string. Otherwise, the installation fails.
                          +
                          • If the configured parameters are not listed in ConfigMaps, the configurations will not take effect.
                          • The parameter value must be a string. Otherwise, the installation fails.
                          The table below shows parameters can be configured on the GUI of the NGINX Ingress Controller add-on of version 2.2.75, 2.6.26, 3.0.1, and later.

                  Add-on Name

                  Description

                  +

                  Description

                  CCE Node Problem Detector

                  +

                  Cloud Native Cluster Monitoring

                  This add-on is unconfigurable. After the cluster is created, choose Add-ons in the navigation pane of the cluster console and modify the configuration.

                  +

                  Select an AOM instance for Cloud Native Cluster Monitoring to report metrics. If no AOM instance is available, click Creating Instance to create one.

                  +

                  Cloud Native Logging

                  +

                  Select the logs to be collected. If enabled, a log group named k8s-log-{clusterId} will be automatically created, and a log stream will be created for each selected log type.

                  +
                  • Container log: Standard output logs of containers are collected. The corresponding log stream is named in the format of stdout-{Cluster ID}.
                  • Kubernetes Events: Kubernetes logs are collected. The corresponding log stream is named in the format of event-{Cluster ID}.
                  • Kubernetes Audit Logs: Audit logs of the master nodes are collected. The log streams are named in the format of audit-{Cluster ID}.
                  • Control Plane Logs: Logs from critical components such as kube-apiserver, kube-controller-manage, and kube-scheduler that run on the master nodes are collected. The log streams are named in the format of kube-apiserver-{Cluster ID}, kube-controller-manage-{Cluster ID}, and kube-scheduler-{Cluster ID}, respectively.
                  +

                  If log collection is disabled, choose Logging in the navigation pane of the cluster console after the cluster is created and enable this function.

                  +

                  CCE Node Problem Detector

                  +

                  This add-on is unconfigurable. After the cluster is created, choose Add-ons in the navigation pane of the cluster console and modify the configuration.
                  - - - - - @@ -113,7 +113,7 @@ - @@ -136,36 +136,38 @@

                  Nginx Parameter

                  @@ -48,30 +48,30 @@

                  100

                  Maximum Keepalive Connection to the Upstream Server

                  +

                  Maximum Keepalive Connections to the Upstream Server

                  Activates the cache connected to an upstream server. This parameter sets how many idle keepalive connections can be stored in the cache of each worker process. If the idle connections stored in a process exhaust the limit, the connections that are not used for the longest time will be closed.

                  +

                  Activates the cache for connections to upstream servers. This parameter sets how many idle keepalive connections can be stored in the cache of each worker process. If the idle connections stored in a process exhaust the limit, the connections that are not used for the longest time will be closed.

                  320

                  Maximum Keepalive Timeout of the Upstream Server

                  Specifies the timeout interval (in seconds) of the keepalive connections between the upstream server and backend server. During this period, NGINX Ingress Controller can maintain connections for reuse. This reduces the overhead required for establishing new connections and significantly improves performance in high QPS scenarios.

                  +

                  Specifies the timeout for a keepalive connection between an upstream server and a backend server, in seconds. During this period, NGINX Ingress Controller can maintain connections for reuse. This reduces the overhead required for establishing new connections and significantly improves performance in high QPS scenarios.

                  900

                  Request Timeout

                  Specifies the timeout interval (in seconds) for establishing a connection between a client and the proxy server. If the backend server cannot be accessed within 10 seconds, NGINX Ingress Controller will return the 502 Bad Gateway error. It applies to scenarios where the connection speed is high.

                  +

                  Specifies the timeout for connecting the client to the proxy server, in seconds. If the client cannot access the backend server within 10 seconds, NGINX Ingress Controller will return a 502 Bad Gateway error. It applies to scenarios where the connection speed is high.

                  10

                  Maximum Request Body Size

                  Specifies the maximum size of a request body that can be accepted by the Nginx proxy when it sends the request to the backend server. This value limits the size of a file to be uploaded or a big data table to be submitted. If the size of any request body exceeds the limit, the 413 Payload Too Large error will be returned.

                  +

                  Specifies the maximum size of the request body that Nginx can send to the backend server through the proxy. This applies to file uploads and large data form submissions. If the size of any request body exceeds the limit, a 413 Payload Too Large error will be returned.

                  20m

                  Allow Server Information in Request Body

                  Disables the server information added to a response header by NGINX Ingress Controller by default. The information usually contains the NGINX version. Disabling this option helps hide server information, enhancing security and preventing attackers from using version information to attack the system.

                  +

                  Disables the server information added to a response header by NGINX Ingress Controller by default. The information usually contains the NGINX version. Disabling this option helps hide server information, enhancing security and preventing attackers from using the version information to attack the system.

                  Disable

                  -
                • Enabling Indicator Collection: If the add-on version is 2.4.12 or later, Prometheus monitoring metrics can be collected.
                • Default certificate of the server: Select an IngressTLS or kubernetes.io/tls key to configure the default certificate when the NGINX Ingress Controller is started. If no secret is available, click Create TLS Secret. For details, see Creating a Secret. For details about the default server certificate, see Default SSL Certificate.
                • 404 Service: By default, the 404 service provided by the add-on is used. To customize the 404 service, enter the namespace/service name. If the service does not exist, the add-on installation will fail.
                • Adding a TCP/UDP Service: By default, Nginx Ingress Controller can forward only external HTTP and HTTPS traffic. You can add TCP/UDP port mapping to forward external TCP/UDP traffic to services in the cluster. For more information about adding TCP/UDP services, see Exposing TCP and UDP services.
                  • Protocol: Select TCP or UDP.
                  • Service Port: specifies the port used by the ELB listener. The port number ranges from 1 to 65535.
                  • Target Service Namespace: Select the namespace where the Service is in.
                  • Destination Service: Select an existing Service. Any Services that do not match the search criteria will be filtered out automatically.
                  • Destination Service Port: Select the access port of the destination Service.
                  +
                • Enabling Indicator Collection: If the add-on version is 2.4.12 or later, Prometheus monitoring metrics can be collected.
                • Default certificate of the server: Select an IngressTLS or kubernetes.io/tls key to configure the default certificate when the NGINX Ingress Controller is started. If no secret is available, click Create TLS Secret. For details, see Creating a Secret. For details about the default server certificate, see Default SSL Certificate.
                • 404 Service: By default, the 404 service provided by the add-on is used. To customize the 404 service, enter the namespace/service name. If the service does not exist, the add-on installation will fail.
                • Adding a TCP/UDP Service: By default, NGINX Ingress Controller can forward only external HTTP and HTTPS traffic. You can add TCP/UDP port mapping to forward external TCP/UDP traffic to services in the cluster. For more information about adding TCP/UDP services, see Exposing TCP and UDP services.
                  • Protocol: Select TCP or UDP.
                  • Service Port: specifies the port used by the ELB listener. The port number ranges from 1 to 65535.
                  • Target Service Namespace: Select the namespace where the Service is in.
                  • Destination Service: Select an existing Service. Any Services that do not match the search criteria will be filtered out automatically.
                  • Destination Service Port: Select the access port of the destination Service.
                  • If the cluster version is v1.19.16-r5, v1.21.8-r0, v1.23.6-r0, or later, the TCP/UDP hybrid protocols can be configured.
                  • If the cluster version is v1.19.16-r5, v1.21.8-r0, v1.23.6-r0, v1.25.2-r0, or later, you can configure the TCP/UDP hybrid protocols to use the same external port.
                  -
                • (Optional) Extended Parameter Settings: additional extended parameters of the add-on If the extended parameter settings conflict with the default settings, the extended parameter settings will be prioritized.
                  • extraArgs: additional configurable startup parameters of the nginx-ingress-controller component. For details about the startup parameters supported by the community, see the documentation.
                  • extraInitContainers: initial container configuration of nginx-ingress-controller. This parameter is supported by add-on 2.2.82, 2.6.32, 3.0.8 and later, with optimized kernel settings by default.
                  • maxmindLicenseKey: Maxmind license key, which can be used to download GeoLite2 databases. This parameter is supported by add-on 2.2.82, 2.6.32, 3.0.8, and later. It is mandatory for NGINX Ingress Controller to configure the use-geoip2 capability.
                  +
                • (Optional) Extended Parameter Settings: additional extended parameters of the add-on If the extended parameter settings conflict with the default settings, the extended parameter settings will be prioritized.
                  • extraArgs: additional configurable startup parameters of the nginx-ingress-controller component. For details about the startup parameters supported by the community, see the documentation.
                  • extraInitContainers: initial container configuration of nginx-ingress-controller. This parameter is supported by add-on 2.2.82, 2.6.32, 3.0.8 and later, with optimized kernel settings by default.
                  • maxmindLicenseKey: Maxmind license key, which can be used to download GeoLite2 databases. This parameter is supported by add-on 2.2.82, 2.6.32, 3.0.8, and later. It is mandatory for NGINX Ingress Controller to configure the use-geoip2 capability.
                  • service: allows services for nginx-ingress-controller. For details, see parameter examples in GitHub. It is supported in add-on versions 2.2.104, 2.6.53, 3.0.31, and later. You can use this parameter to configure ELB certificates for NGINX Ingress Controller. For details, see Configuring an ELB Certificate for NGINX Ingress Controller.
                  • extraContainers: other containers added to the nginx-ingress-controller pod. For details, see parameter examples in GitHub. It is supported in add-on versions 2.2.104, 2.6.53, 3.0.31, and later.
                  • extraVolumeMounts: allows for mounting additional volumes to the nginx-ingress-controller pod. For details, see parameter examples in GitHub. It is supported in add-on versions 2.2.104, 2.6.53, 3.0.31, and later.
                  • extraVolumes: additional volumes mounted to the nginx-ingress-controller pod. For details, see parameter examples in GitHub. It is supported in add-on versions 2.2.104, 2.6.53, 3.0.31, and later.
                  • -

                • Configure deployment policies for the add-on pods.

                  • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                  • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                  +

                • Configure deployment policies for the add-on pods.

                  • Scheduling policies do not take effect on add-on pods of the DaemonSet type.
                  • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                  -
                  - + + + + + - + + + + +
                  Table 1 Configurations for add-on scheduling

                  Parameter

                  +
                  - - - - - - - @@ -173,7 +175,7 @@

                • Click Install.
                  • -

                  Installing Multiple NGINX Ingress Controllers

                  1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate the installed Nginx Ingress Controller, and click New.
                  2. On the page displayed, reconfigure the add-on parameters. For details, see Installing the Add-on.
                  3. Click Install.
                  4. Wait until the installation instruction is delivered. Go back to Add-ons, click Manage, and view the installed add-on instance on the add-on details page.
                  +

                  Installing Multiple NGINX Ingress Controllers

                  1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate the installed NGINX Ingress Controller, and click New.
                  2. On the page displayed, reconfigure the add-on parameters. For details, see Installing the Add-on.
                  3. Click Install.
                  4. Wait until the installation instruction is delivered. Go back to Add-ons, click Manage, and view the installed add-on instance on the add-on details page.

                  Components

                  Table 1 Configurations for add-on scheduling

                  Parameter

                  Description

                  +

                  Description

                  Multi-AZ Deployment

                  +

                  Multi-AZ Deployment

                  • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                  • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                  • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                  +
                  • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                  • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                    NOTE:

                    The equivalent mode supports only the pods in the kube-system and monitoring namespaces.

                    +
                    +
                  • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.

                  Node Affinity

                  +

                  Node Affinity

                  • Not configured: Node affinity is disabled for the add-on.
                  • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                  • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                  • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.

                    If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.

                    +
                  • Not configured: Node affinity is disabled for the add-on.
                  • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                  • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pools, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                  • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.

                    If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.

                  Toleration

                  +

                  Toleration

                  Using both taints and tolerations allows (not forcibly) the add-on Deployment to be scheduled to a node with the matching taints, and controls the Deployment eviction policies after the node where the Deployment is located is tainted.

                  -

                  The add-on adds the default tolerance policy for the node.kubernetes.io/not-ready and node.kubernetes.io/unreachable taints, respectively. The tolerance time window is 60s.

                  -

                  For details, see Configuring Tolerance Policies.

                  +

                  Using both taints and tolerations allows (not forcibly) the add-on Deployment to be scheduled to a node with the matching taints, and controls the Deployment eviction policies after the node where the Deployment is located is tainted.

                  +

                  The add-on adds the default tolerance policy for the node.kubernetes.io/not-ready and node.kubernetes.io/unreachable taints, respectively. The tolerance time window is 60s.

                  +

                  For details, see Configuring Tolerance Policies.
                  - @@ -195,7 +197,7 @@ - @@ -204,7 +206,7 @@
                  Table 2 Add-on components

                  Component

                  @@ -187,7 +189,7 @@

                  cceaddon-nginx-ingress-<Controller name>-controller

                  (The controller name in versions earlier than 2.5.4 is cceaddon-nginx-ingress-controller.)

                  Nginx Ingress controller, which provides flexible routing and forwarding for clusters

                  +

                  Nginx-based ingress controller that provides flexible routing and forwarding for clusters.

                  Deployment

                  cceaddon-nginx-ingress-<Controller name>-backend

                  (The controller name in versions earlier than 2.5.4 is cceaddon-nginx-ingress-default-backend.)

                  Default backend of Nginx Ingress. The message "default backend - 404" is returned.

                  +

                  Default backend of the Nginx ingress. The message "default backend - 404" is returned.

                  Deployment

                  -

                  Configuring Anti-affinity Between a Workload and Nginx Ingress Controller

                  To avoid a situation where the node running NGINX Ingress Controller and its containers cannot access the Nginx Ingress Controller, you should set up anti-affinity between the workload and Nginx Ingress Controller. This means that the workload pods cannot be scheduled to the same node as the Nginx Ingress Controller.

                  +

                  Configuring Anti-Affinity Between a Workload and Nginx Ingress Controller

                  To avoid a situation where the node running NGINX Ingress Controller and its containers cannot access the Nginx Ingress Controller, you should set up anti-affinity between the workload and Nginx Ingress Controller. This means that the workload pods cannot be scheduled to the same node as the Nginx Ingress Controller.

                  apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -255,7 +257,21 @@ spec:

                  3.0.8

                  +

                  3.0.34

                  +

                  v1.25

                  +

                  v1.27

                  +

                  v1.28

                  +

                  v1.29

                  +

                  v1.30

                  +

                  v1.31

                  +
                  • Updated the add-on to its community version v1.11.5.
                  • Fixed the CVE-2025-1974, CVE-2025-1097, CVE-2025-1098, CVE-2025-24513, and CVE-2025-24514 vulnerabilities.
                  +

                  1.11.5

                  +

                  3.0.8

                  v1.27

                  v1.28

                  @@ -281,7 +297,19 @@ spec:

                  2.6.5

                  +

                  2.6.32

                  +

                  v1.25

                  +

                  v1.27

                  +

                  v1.28

                  +

                  v1.29

                  +

                  Fixed some issues.

                  +

                  1.9.6

                  +

                  2.6.5

                  v1.25

                  v1.27

                  diff --git a/docs/cce/umn/cce_10_00356.html b/docs/cce/umn/cce_10_00356.html index bdffd4c97..c0e1467a9 100644 --- a/docs/cce/umn/cce_10_00356.html +++ b/docs/cce/umn/cce_10_00356.html @@ -3,9 +3,9 @@

                  Logging In to a Container

                  Scenario

                  If you encounter unexpected problems when using a container, you can log in to the container to debug it.

                  -

                  Notes and Constraints

                  When using CloudShell to access a CCE cluster or container, you can open a maximum of 15 instances simultaneously.

                  +

                  Notes and Constraints

                  • When kubectl is used in CloudShell, permissions are determined by the logged-in user.
                  • When using CloudShell to access a CCE cluster or container, you can open up to 15 instances concurrently.
                  • The kubectl certificate in CloudShell is valid for one day. You can reset its validity period by accessing CloudShell through the CCE console.
                  -

                  Using kubectl

                  1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                  2. Run the following command to view the created pod:

                    kubectl get pod
                    +

                    Using kubectl

                    1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                    2. Run the following command to view the created pod:

                      kubectl get pod
                      The example output is as follows:
                      NAME                               READY   STATUS    RESTARTS       AGE
 nginx-59d89cb66f-mhljr             1/1     Running   0              11m
                      diff --git a/docs/cce/umn/cce_10_0047.html b/docs/cce/umn/cce_10_0047.html index 9c5be53fb..efc907224 100644 --- a/docs/cce/umn/cce_10_0047.html +++ b/docs/cce/umn/cce_10_0047.html @@ -3,11 +3,11 @@

                      Creating a Deployment

                      Scenario

                      Deployments are workloads (for example, Nginx) that do not store any data or status. You can create Deployments on the CCE console or by running kubectl commands.

                      -

                      Prerequisites

                      • Before creating a workload, you must have an available cluster. For details on how to create a cluster, see Creating a CCE Standard/Turbo Cluster.
                      • To enable public access to a workload, ensure that an EIP or load balancer has been bound to at least one node in the cluster.

                        If a pod has multiple containers, ensure that the ports used by the containers do not conflict with each other. Otherwise, creating the Deployment will fail.

                        +

                        Prerequisites

                        • Before creating a workload, you must have an available cluster. For details about how to create a cluster, see Creating a CCE Standard/Turbo Cluster.
                        • To enable public access to a workload, ensure that an EIP or load balancer has been bound to at least one node in the cluster.

                          If a pod has multiple containers, ensure that the ports used by the containers do not conflict with each other. Otherwise, creating the Deployment will fail.

                        -

                        Using the CCE Console

                        1. Log in to the CCE console.
                        2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                        3. Set basic information about the workload.

                          Basic Info
                          • Workload Type: Select Deployment. For details about workload types, see Overview.
                          • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                          • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                          • Pods: Enter the number of pods of the workload.
                          • Container Runtime: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Secure Runtime and Common Runtime.
                          • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
                          +

                          Using the CCE Console

                          1. Log in to the CCE console.
                          2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                          3. Configure the workload.

                            Basic Info
                            • Workload Type: Select Deployment. For details about workload types, see Overview.
                            • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                            • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                            • Pods: Enter the number of pods of the workload.
                            • Container Runtime: A CCE standard cluster uses a common runtime by default, whereas a CCE Turbo cluster supports both common and secure runtimes. For details about the differences, see Secure Runtime and Common Runtime.
                            • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
                            Container Settings
                            • Container Information
                              Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
                              • Basic Info: Configure basic information about the container.
                                - @@ -68,6 +68,13 @@

                                An init container is a special container that runs before other app containers in a pod are started. Each pod can contain multiple containers. In addition, a pod can contain one or more init containers. Application containers in a pod are started and run only after the running of all init containers completes. For details, see Init Containers.

                                + + +

                                Parameter

                                @@ -29,7 +29,7 @@

                                Image Name

                                Click Select Image and select the image used by the container.

                                -

                                To use a third-party image, see Using Third-Party Images.

                                +

                                To use a third-party image, directly enter image path. Ensure that the image access credential can be used to access the image repository. For details, see Using Third-Party Images.

                                Image Tag

                                @@ -51,8 +51,8 @@

                                (Optional) GPU Quota

                                Configurable only when the cluster contains GPU nodes and the CCE AI Suite (NVIDIA GPU) add-on is installed.

                                -
                                • All: No GPU will be used.
                                • Dedicated: GPU resources are dedicated for the container.
                                • Shared: percentage of GPU resources used by the container. For example, if this parameter is set to 10%, the container uses 10% of GPU resources.
                                +

                                Configurable only when the cluster contains GPU nodes and the CCE AI Suite (NVIDIA GPU) add-on has been installed.

                                +
                                • Do not use: No GPU will be used.
                                • GPU card: The GPU is dedicated for the container.
                                • GPU Virtualization: percentage of GPU resources used by the container. For example, if this parameter is set to 10%, the container will use 10% of GPU resources.

                                For details about how to use GPUs in the cluster, see Default GPU Scheduling in Kubernetes.

                                (Optional) Run Option

                                +

                                Add run options for the container. For details, see Pod. CCE supports the following run options:

                                +
                                • stdin: allows containers to receive input from external sources, such as terminals or other input streams.
                                • tty: allocates a pseudo terminal to containers, allowing you to send commands to them as if you were using a local terminal.

                                  In most cases, tty is enabled along with stdin, indicating that the terminal (tty) is associated with the standard input (stdin) of the container. This allows for interactive operations, similar to the kubectl exec -i -t command. The difference is that this parameter has been configured when the pod is launched.

                                  +
                                +
                                @@ -76,21 +83,23 @@
                              • (Optional) Security Context: Assign container permissions to protect the system and other containers from being affected. Enter the user ID to assign container permissions and prevent systems and other containers from being affected.
                              • (Optional) Logging: Report standard container output logs to AOM by default, without requiring manual settings. You can manually configure the log collection path. For details, see Collecting Container Logs Using ICAgent.

                                To disable the standard output of the current workload, add the annotation kubernetes.AOM.log.stdout: [] in Labels and Annotations. For details about how to use this annotation, see Table 1.

                              -
                            • Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR. For details about default-secret, see default-secret.
                            • (Optional) GPU: All is selected by default. The workload instance will be scheduled to the node of the specified GPU type.
                            +
                          4. Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR Shared Edition. For details about default-secret, see default-secret.
                          5. (Optional) GPU: All is selected by default. The workload instance will be scheduled to the node of the specified GPU type.

                      (Optional) Service Settings

                      A Service provides external access for pods. With a static IP address, a Service forwards access traffic to pods and automatically balances load for these pods.

                      You can also create a Service after creating a workload. For details about Services of different types, see Overview.

                      -
                      (Optional) Advanced Settings
                      • Upgrade: Specify the upgrade mode and parameters of the workload. Rolling upgrade and Replace upgrade are available. For details, see Configuring Workload Upgrade Policies.
                      • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Load affinity and node affinity are provided.
                        • Load Affinity: Common load affinity policies are offered for quick load affinity deployment.
                          • Not configured: No load affinity policy is configured.
                          • Multi-AZ deployment preferred: Workload pods are preferentially scheduled to nodes in different AZs through pod anti-affinity.
                          • Forcible multi-AZ deployment: Workload pods are forcibly scheduled to nodes in different AZs through pod anti-affinity (podAntiAffinity). If there are fewer AZs than pods, the extra pods will fail to run.
                          • Custom policies: Affinity and anti-affinity policies can be customized. For details, see Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity).
                          -
                        • Node Affinity: Common load affinity policies are offered for quick load affinity deployment.
                          • Not configured: No node affinity policy is configured.
                          • Node Affinity: Workload pods can be deployed on specified nodes through node affinity (nodeAffinity). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                          • Specified node pool scheduling: Workload pods can be deployed in a specified node pool through node affinity (nodeAffinity). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                          • Custom policies: Affinity and anti-affinity policies can be customized. For details, see Configuring Node Affinity Scheduling (nodeAffinity).
                          +
                          (Optional) Advanced Settings
                          • Upgrade: Specify the upgrade mode and parameters of the workload. Rolling upgrade and Replace upgrade are available. For details, see Configuring Workload Upgrade Policies.
                          • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Load affinity and node affinity are provided.
                            • Load Affinity: Common load affinity policies are offered for quick load affinity deployment.
                              • Not configured: No load affinity policy is configured.
                              • Multi-AZ deployment preferred: Workload pods are preferentially scheduled to nodes in different AZs through pod anti-affinity.
                              • Forcible multi-AZ deployment: Workload pods are forcibly scheduled to nodes in different AZs through pod anti-affinity (podAntiAffinity). If there are fewer AZs than pods, the extra pods will fail to run.
                              • Customize affinity: Affinity and anti-affinity policies can be customized. For details, see Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity).
                              +
                            • Node Affinity: Common node affinity policies are offered for quick load affinity deployment.
                              • Not configured: No node affinity policy is configured.
                              • Specify node: Workload pods can be deployed on specified nodes through node affinity (nodeAffinity). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                              • Specify node pool: Workload pods can be deployed in a specified node pool through node affinity (nodeAffinity). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                              • Customize affinity: Affinity and anti-affinity policies can be customized. For details, see Configuring Node Affinity Scheduling (nodeAffinity).
                          • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Configuring Tolerance Policies.
                          • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Configuring Labels and Annotations.
                          • DNS: Configure a separate DNS policy for the workload. For details, see DNS Configuration.
                          • Network Configuration
                            • Pod ingress/egress bandwidth limitation: You can set ingress/egress bandwidth limitation for pods. For details, see Configuring QoS for a Pod.
                            • Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will be created using the container subnet and security group in the configuration. For details, see Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration.
                            • Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.
                            • IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack ENIs. For details, see Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack ENIs.
                          -

                        • Click Create Workload in the lower right corner.
                    +

                  3. Click Create Workload in the lower right corner. After a period of time, the workload enters the Running state.

                    +

                    +

                  Using kubectl

                  The following procedure uses Nginx as an example to describe how to create a workload using kubectl.

                  -
                  1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                  2. Create and edit the nginx-deployment.yaml file. nginx-deployment.yaml is an example file name, and you can rename it as required.

                    vi nginx-deployment.yaml

                    +
                    1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                    2. Create and edit the nginx-deployment.yaml file. nginx-deployment.yaml is an example file name, and you can rename it as required.

                      vi nginx-deployment.yaml

                      The following is an example YAML file. For more information about Deployments, see Kubernetes documentation.

                      apiVersion: apps/v1
 kind: Deployment
@@ -225,14 +234,14 @@ spec:
                  -

                • Create a Deployment.

                  kubectl create -f nginx-deployment.yaml

                  +

                • Create a Deployment.

                  kubectl create -f nginx-deployment.yaml

                  If the following information is displayed, the Deployment is being created.

                  -
                  deployment "nginx" created
                  -

                • Obtain the Deployment status.

                  kubectl get deployment

                  +
                  deployment.apps/nginx created
                  +

                • Obtain the Deployment status.

                  kubectl get deployment

                  If the following information is displayed, the Deployment is running.

                  NAME           READY     UP-TO-DATE   AVAILABLE   AGE 
 nginx          1/1       1            1           4m5s
                  -

                  Parameters

                  +

                  Parameters

                  • NAME: Name of the application running in the pod.
                  • READY: indicates the number of available workloads. The value is displayed as "the number of available pods/the number of expected pods".
                  • UP-TO-DATE: indicates the number of replicas that have been updated.
                  • AVAILABLE: indicates the number of available pods.
                  • AGE: period the Deployment keeps running

                • If the Deployment will be accessed through a ClusterIP or NodePort Service, configure the access mode. For details, see Network.
                  • diff --git a/docs/cce/umn/cce_10_0048.html b/docs/cce/umn/cce_10_0048.html index cabd6c466..1f4142f49 100644 --- a/docs/cce/umn/cce_10_0048.html +++ b/docs/cce/umn/cce_10_0048.html @@ -10,7 +10,7 @@ -

                  Using the CCE Console

                  1. Log in to the CCE console.
                  2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                  3. Set basic information about the workload.

                    Basic Info
                    • Workload Type: Select StatefulSet. For details about workload types, see Overview.
                    • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                    • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                    • Pods: Enter the number of pods of the workload.
                    • Container Runtime: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Secure Runtime and Common Runtime.
                    • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
                    +

                    Using the CCE Console

                    1. Log in to the CCE console.
                    2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                    3. Set basic information about the workload.

                      Basic Info
                      • Workload Type: Select StatefulSet. For details about workload types, see Overview.
                      • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                      • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                      • Pods: Enter the number of pods of the workload.
                      • Container Runtime: A CCE standard cluster uses a common runtime by default, whereas a CCE Turbo cluster supports both common and secure runtimes. For details about the differences, see Secure Runtime and Common Runtime.
                      • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
                      Container Settings
                      • Container Information
                        Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
                        • Basic Info: Configure basic information about the container.
                          - @@ -71,6 +71,13 @@

                          An init container is a special container that runs before other app containers in a pod are started. Each pod can contain multiple containers. In addition, a pod can contain one or more init containers. Application containers in a pod are started and run only after the running of all init containers completes. For details, see Init Containers.

                          + + +

                          Parameter

                          @@ -32,7 +32,7 @@

                          Image Name

                          Click Select Image and select the image used by the container.

                          -

                          To use a third-party image, see Using Third-Party Images.

                          +

                          To use a third-party image, directly enter image path. Ensure that the image access credential can be used to access the image repository. For details, see Using Third-Party Images.

                          Image Tag

                          @@ -54,8 +54,8 @@

                          (Optional) GPU Quota

                          Configurable only when the cluster contains GPU nodes and the CCE AI Suite (NVIDIA GPU) add-on is installed.

                          -
                          • All: No GPU will be used.
                          • Dedicated: GPU resources are dedicated for the container.
                          • Shared: percentage of GPU resources used by the container. For example, if this parameter is set to 10%, the container uses 10% of GPU resources.
                          +

                          Configurable only when the cluster contains GPU nodes and the CCE AI Suite (NVIDIA GPU) add-on has been installed.

                          +
                          • Do not use: No GPU will be used.
                          • GPU card: The GPU is dedicated for the container.
                          • GPU Virtualization: percentage of GPU resources used by the container. For example, if this parameter is set to 10%, the container will use 10% of GPU resources.

                          For details about how to use GPUs in the cluster, see Default GPU Scheduling in Kubernetes.

                          (Optional) Run Option

                          +

                          Add run options for the container. For details, see Pod. CCE supports the following run options:

                          +
                          • stdin: allows containers to receive input from external sources, such as terminals or other input streams.
                          • tty: allocates a pseudo terminal to containers, allowing you to send commands to them as if you were using a local terminal.

                            In most cases, tty is enabled along with stdin, indicating that the terminal (tty) is associated with the standard input (stdin) of the container. This allows for interactive operations, similar to the kubectl exec -i -t command. The difference is that this parameter has been configured when the pod is launched.

                            +
                          +
                          @@ -80,7 +87,7 @@
                        • (Optional) Security Context: Assign container permissions to protect the system and other containers from being affected. Enter the user ID to assign container permissions and prevent systems and other containers from being affected.
                        • (Optional) Logging: Report standard container output logs to AOM by default, without requiring manual settings. You can manually configure the log collection path. For details, see Collecting Container Logs Using ICAgent.

                          To disable the standard output of the current workload, add the annotation kubernetes.AOM.log.stdout: [] in Labels and Annotations. For details about how to use this annotation, see Table 1.

                        -
                      • Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR. For details about default-secret, see default-secret.
                      • (Optional) GPU: All is selected by default. The workload instance will be scheduled to the node of the specified GPU type.
                      +
                    4. Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR Shared Edition. For details about default-secret, see default-secret.
                    5. (Optional) GPU: All is selected by default. The workload instance will be scheduled to the node of the specified GPU type.

                    Headless Service Parameters

                    A headless Service is used to solve the problem of mutual access between pods in a StatefulSet. The headless Service provides a fixed access domain name for each pod. For details, see Headless Services.

                    @@ -89,17 +96,19 @@

                    You can also create a Service after creating a workload. For details about Services of different types, see Overview.

                    (Optional) Advanced Settings
                    • Upgrade: Specify the upgrade mode and parameters of the workload. Rolling upgrade and Replace upgrade are available. For details, see Configuring Workload Upgrade Policies.
                    • Pod Management Policies

                      For some distributed systems, the StatefulSet sequence is unnecessary and/or should not occur. These systems require only uniqueness and identifiers.

                      • OrderedReady: The StatefulSet will deploy, delete, or scale pods in order and one by one. (The StatefulSet continues only after the previous pod is ready or deleted.) This is the default policy.
                      • Parallel: The StatefulSet will create pods in parallel to match the desired scale without waiting, and will delete all pods at once.
                      -
                    • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Load affinity and node affinity are provided.
                      • Load Affinity: Common load affinity policies are offered for quick load affinity deployment.
                        • Not configured: No load affinity policy is configured.
                        • Multi-AZ deployment preferred: Workload pods are preferentially scheduled to nodes in different AZs through pod anti-affinity.
                        • Forcible multi-AZ deployment: Workload pods are forcibly scheduled to nodes in different AZs through pod anti-affinity (podAntiAffinity). If there are fewer AZs than pods, the extra pods will fail to run.
                        • Custom policies: Affinity and anti-affinity policies can be customized. For details, see Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity).
                        -
                      • Node Affinity: Common load affinity policies are offered for quick load affinity deployment.
                        • Not configured: No node affinity policy is configured.
                        • Node Affinity: Workload pods can be deployed on specified nodes through node affinity (nodeAffinity). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                        • Specified node pool scheduling: Workload pods can be deployed in a specified node pool through node affinity (nodeAffinity). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                        • Custom policies: Affinity and anti-affinity policies can be customized. For details, see Configuring Node Affinity Scheduling (nodeAffinity).
                        +
                      • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Load affinity and node affinity are provided.
                        • Load Affinity: Common load affinity policies are offered for quick load affinity deployment.
                          • Not configured: No load affinity policy is configured.
                          • Multi-AZ deployment preferred: Workload pods are preferentially scheduled to nodes in different AZs through pod anti-affinity.
                          • Forcible multi-AZ deployment: Workload pods are forcibly scheduled to nodes in different AZs through pod anti-affinity (podAntiAffinity). If there are fewer AZs than pods, the extra pods will fail to run.
                          • Customize affinity: Affinity and anti-affinity policies can be customized. For details, see Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity).
                          +
                        • Node Affinity: Common node affinity policies are offered for quick load affinity deployment.
                          • Not configured: No node affinity policy is configured.
                          • Specify node: Workload pods can be deployed on specified nodes through node affinity (nodeAffinity). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                          • Specify node pool: Workload pods can be deployed in a specified node pool through node affinity (nodeAffinity). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                          • Customize affinity: Affinity and anti-affinity policies can be customized. For details, see Configuring Node Affinity Scheduling (nodeAffinity).
                      • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Configuring Tolerance Policies.
                      • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Configuring Labels and Annotations.
                      • DNS: Configure a separate DNS policy for the workload. For details, see DNS Configuration.
                      • Network Configuration
                        • Pod ingress/egress bandwidth limitation: You can set ingress/egress bandwidth limitation for pods. For details, see Configuring QoS for a Pod.
                        • Whether to enable the static IP address: available only for clusters that support this function. After this function is enabled, you can set the interval for reclaiming expired pod IP addresses. For details, see Configuring a Static IP Address for a Pod.
                        • Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will be created using the container subnet and security group in the configuration. For details, see Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration.
                        • Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.
                        • IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack ENIs. For details, see Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack ENIs.
                    -

                  4. Click Create Workload in the lower right corner.
                  +

                • Click Create Workload in the lower right corner. After a period of time, the workload enters the Running state.

                  +

                  +

                  • Using kubectl

                  In this example, a Nginx workload is used and the EVS volume is dynamically mounted to it using the volumeClaimTemplates field.

                  -
                  1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                  2. Create and edit the nginx-statefulset.yaml file.

                    nginx-statefulset.yaml is an example file name, and you can change it as required.

                    -

                    vi nginx-statefulset.yaml

                    +
                    1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                    2. Create and edit the nginx-statefulset.yaml file.

                      nginx-statefulset.yaml is an example file name, and you can change it as required.

                      +
                      vi nginx-statefulset.yaml

                      The following provides an example of the file contents. For more information on StatefulSet, see the Kubernetes documentation.

                      apiVersion: apps/v1
 kind: StatefulSet
@@ -156,7 +165,9 @@ spec:
         storageClassName: csi-disk # StorageClass name. The value is csi-disk for the EVS volume.
   updateStrategy:
     type: RollingUpdate
                      -

                      vi nginx-headless.yaml

                      +

                      Create and edit the nginx-headless.yaml file.

                      +
                      vi nginx-headless.yaml
                      +

                      The content is as follows:

                      apiVersion: v1
 kind: Service
 metadata:
@@ -176,10 +187,11 @@ spec:
       port: 80
       protocol: TCP
   type: ClusterIP
                      -

                    3. Create a workload and the corresponding headless service.

                      kubectl create -f nginx-statefulset.yaml

                      +

                    4. Create the workload.

                      kubectl create -f nginx-statefulset.yaml

                      If the following information is displayed, the StatefulSet has been successfully created.

                      statefulset.apps/nginx created
                      -

                      kubectl create -f nginx-headless.yaml

                      +

                      Create a headless Service.

                      +
                      kubectl create -f nginx-headless.yaml

                      If the following information is displayed, the headless service has been successfully created.

                      service/nginx-svc created

                    5. If the workload will be accessed through a ClusterIP or NodePort Service, configure the access mode. For details, see Network.
                    diff --git a/docs/cce/umn/cce_10_0054.html b/docs/cce/umn/cce_10_0054.html index 4c636ad3d..4a913e918 100644 --- a/docs/cce/umn/cce_10_0054.html +++ b/docs/cce/umn/cce_10_0054.html @@ -13,13 +13,23 @@

                  Master node

                  +

                  Cluster

                  Modifying the security group of a node in a cluster

                  -
                  NOTE:

                  Naming rule of a security group: Cluster name-cce-control-Random digits

                  +

                  Using kube-apiserver to retrieve large volumes of data at a time. For example, a large number of LIST requests are initiated at a time, or a single LIST request is used to retrieve a large amount of data.

                  +

                  The master node's memory is overloaded, affecting system stability.

                  +

                  Stop executing a large number of queries.

                  +

                  To improve a cluster's anti-overload capability, scale up the cluster. For details, see Changing a Cluster Scale.

                  +

                  Master node

                  +

                  Modifying the security group of master nodes in a cluster

                  +
                  NOTE:

                  Naming rule of a master node's security group: Cluster name-cce-control-Random digits

                  The master node may be unavailable.

                  +

                  The master nodes may be unavailable.

                  Restore the security group by referring to "Creating a Cluster" and allow traffic from the security group to pass through.

                  Reinstalling the OS

                  Components on the master node will be deleted.

                  +

                  The master node components will be deleted.

                  This operation cannot be undone.

                  Upgrading components on the master or etcd node

                  +

                  Upgrading master node components or the etcd version

                  The cluster may be unavailable.

                  Restore the parameter settings to the recommended values. For details, see Modifying Cluster Configurations.

                  Replacing the master or etcd certificate

                  +

                  Replacing a master node or etcd certificate

                  The cluster may be unavailable.

                  Worker node

                  Modifying the security group of a node in a cluster

                  -
                  NOTE:

                  Naming rule of a security group: Cluster name-cce-node-Random digits

                  +

                  Modifying the security group of worker nodes in a cluster

                  +
                  NOTE:

                  Naming rule of a worker node's security group: Cluster name-cce-node-Random digits

                  The node may be unavailable.

                  Restore the security group and allow traffic from the security group to pass through.

                  +

                  Restore the security group by referring to "Creating a Cluster" and allow traffic from the security group to pass through.

                  Modifying the DNS configuration (/etc/resolv.conf) of a node

                  @@ -144,7 +154,23 @@

                  Reset the node. For details, see Resetting a Node.

                  Modifying the node directory permission and the container directory permission

                  +

                  Modifying the node directory permission and the container directory permission, which involves the following directories:

                  +
                  /usr/lib/systemd/system/kubelet.service
+/usr/lib/systemd/system/containerd-monit.service
+/usr/lib/systemd/system/docker-monit.service
+/opt/cloud/cce
+/var/paas
+/var/paas/script
+/var/paas/sys/log
+/var/paas/kubernetes
+/var/script/docker
+/var/script/kubelet
+/etc/containerd
+/etc/rc.local
+/etc/sudoers.d/sudoerspaas
+/etc/sysconfig/docker
+/etc/docker/daemon.json
+/var/lib/docker

                  The permissions will be abnormal.

                  The DNS in the cluster cannot work properly.

                  Restore the security group by referring to Creating a CCE Standard/Turbo Cluster and allow traffic from the security group to pass through.

                  +

                  Restore the security group by referring to the operations provided for a newly created cluster and allow traffic from the security group to pass through.

                  Deleting CRD resources of network-attachment-definitions of default-network

                  +

                  Deleting network-attachment-definitions CRD resources of default-network

                  The container network is disconnected, or the cluster fails to be deleted.

                  -

                  EVS Disks

                  -
                  Table 6 EVS disks

                  Operation

                  +

                  Monitoring

                  +
                  - - - - - - - - +
                  Table 6 Monitoring

                  Operation

                  Impact

                  +

                  Impact

                  Solution

                  -

                  Remarks

                  +

                  Solution

                  Manually unmounting an EVS disk on the console

                  +

                  The number of collection shards configured in Cloud Native Cluster Monitoring exceeded the recommended value (It is recommended to configure one collection shard per 50 nodes.)

                  An I/O error occurs when data is written into a pod.

                  +

                  Excessive shards may overload the master node's memory, affecting system stability.

                  Delete the mount path from the node and schedule the pod again.

                  -

                  The file in the pod records the location where files are to be collected.

                  +

                  Change the number of collection shards to the recommended value for Cloud Native Cluster Monitoring.

                  Unmounting the disk mount path on the node

                  +
                  +
                  +
                  +

                  EVS Disks

                  +
                  + + + + + + - - - - - - - + + + + + + + + + + @@ -429,19 +485,19 @@

                  Add-ons

                  -
                  Table 7 EVS disks

                  Operation

                  +

                  Impact

                  +

                  Solution

                  +

                  Remarks

                  +

                  Manually unmounting an EVS disk on the console

                  Pod data is written into a local disk.

                  +

                  An I/O error occurs when data is written into a pod.

                  Remount the corresponding path to the pod.

                  +

                  Delete the mount path from the node and schedule the pod again.

                  The buffer contains log cache files to be consumed.

                  +

                  The file in the pod records the location where files are to be collected.

                  Operating EVS disks on the node

                  +

                  Unmounting the disk mount path on the node

                  Pod data is written into a local disk.

                  +

                  Pod data is written into a local disk.

                  None

                  +

                  Remount the corresponding path to the pod.

                  None

                  +

                  The buffer contains log cache files to be consumed.

                  +

                  Operating EVS disks on the node

                  +

                  Pod data is written into a local disk.

                  +

                  None

                  +

                  None

                  +

                  Creating a PV with parameters that are not declared in the file

                  +

                  For example, if the YAML file contains parameters such as status, spec.claimRef, and annotation.everest.io/set-disk-metadata during PV creation, the PV may be abnormal.

                  +

                  This operation may bypass some standard processes for creating PVs. As a result, the created PVs may become unavailable or be deleted unexpectedly.

                  +

                  Before such PVs are deleted, manually delete related parameters in their YAML files.

                  +

                  None
                  Table 7 Add-ons

                  Operation

                  +
                  - - - - - diff --git a/docs/cce/umn/cce_10_0059.html b/docs/cce/umn/cce_10_0059.html index 46bcf4114..3d81884d1 100644 --- a/docs/cce/umn/cce_10_0059.html +++ b/docs/cce/umn/cce_10_0059.html @@ -3,42 +3,138 @@

                  Configuring Network Policies to Restrict Pod Access

                  Network policies are designed by Kubernetes to restrict pod access. It is equivalent to a firewall at the application layer to enhance network security. The capabilities supported by network policies depend on the capabilities of the network add-ons of the cluster.

                  By default, if a namespace does not have any policy, pods in the namespace accept traffic from any source and send traffic to any destination.

                  -

                  Network policies are classified into the following types:

                  -
                  • namespaceSelector: selects particular namespaces for which all pods should be allowed as ingress sources.
                  • podSelector: selects particular pods in the same namespace as the network policy which should be allowed as ingress sources.
                  • IPBlock: selects particular IP blocks to allow as ingress sources. (Only egress support IP blocks.)
                  -

                  Notes and Constraints

                  • Only clusters that use the tunnel network model support network policies. Network policies are classified into the following types:
                    • Ingress: All versions support this type.
                    • Egress: Only the following OSs and cluster versions support egress rules. -
                  Table 8 Add-ons

                  Operation

                  Impact

                  +

                  Impact

                  Solution

                  +

                  Solution

                  Modifying add-on resources on the backend

                  +

                  Modifying add-on resources on the backend

                  The add-on becomes malfunctional or other unexpected issues occur.

                  +

                  The add-on becomes malfunctional or other unexpected issues occur.

                  Perform operations on the add-on configuration page or using open add-on management APIs.

                  +

                  Perform operations on the add-on configuration page or using open add-on management APIs.

                  OS

                  +

                  The following selectors are available for network policies:

                  +
                  • namespaceSelector: selects particular namespaces for which all pods should be allowed as ingress sources or egress destinations.
                  • podSelector: selects particular pods in the same namespace as the network policy which should be allowed as ingress sources or egress destinations.
                  • IPBlock: selects particular IP blocks to allow as ingress sources or egress destinations.
                  +

                  Relationships Between Network Policies and Cluster Types

                  +
                  - - + + + + - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

                  Cluster Type

                  Cluster Version

                  +

                  CCE Standard Cluster

                  Verified Kernel Version

                  +

                  CCE Turbo Cluster

                  +

                  Network Model

                  +

                  Tunnel

                  +

                  Cloud Native Network 2.0

                  EulerOS 2.9

                  +

                  NetworkPolicy

                  v1.23 or later

                  +

                  Enabled by default

                  4.18.0-147.5.1.6.h541.eulerosv2r9.x86_64

                  -

                  4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64

                  -

                  4.18.0-147.5.1.6.h998.eulerosv2r9.x86_64

                  -

                  4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64

                  +

                  Disabled by default (To use network policies, enable DataPlane V2 when creating a cluster.)

                  HCE OS 2.0

                  +

                  Data plane implementation

                  v1.25 or later

                  +

                  OpenvSwitch

                  5.10.0-60.18.0.50.r865_35.hce2.x86_64

                  -

                  5.10.0-182.0.0.95.r1941_123.hce2.x86_64

                  +

                  eBPF

                  +

                  Cluster version for inbound rules

                  +

                  All versions

                  +

                  v1.27.16-r10, v1.28.15-r0, v1.29.10-r0, v1.30.6-r0, or later

                  +

                  Cluster version for outbound rules

                  +

                  v1.23 and later

                  +

                  Selector for inbound rules

                  +

                  namespaceSelector

                  +

                  podSelector

                  +

                  namespaceSelector

                  +

                  podSelector

                  +

                  IPBlock

                  +

                  Selector for outbound rules

                  +

                  namespaceSelector

                  +

                  podSelector

                  +

                  IPBlock

                  +

                  Supported OS

                  +

                  EulerOS

                  +

                  HCE 2.0

                  +

                  HCE OS 2.0

                  +

                  IPv6 network policies

                  +

                  Not supported

                  +

                  Supported

                  +

                  Secure containers

                  +

                  Not supported

                  +

                  Not supported

                  +

                  IPBlock scope

                  +

                  Not limited

                  +

                  The CIDR blocks and node IP addresses in the container CIDR block cannot be configured.

                  +

                  Limit ClusterIP access through workload labels

                  +

                  Not supported

                  +

                  Supported

                  +

                  Limit the internal cloud server CIDR block of 100.125.0.0/16

                  +

                  Supported

                  +

                  Not supported

                  +

                  SCTP

                  +

                  Not supported

                  +

                  Not supported

                  +

                  Always allow access to pods on a node from other nodes

                  +

                  Supported

                  +

                  Supported

                  +

                  Configure EndPort in network policies

                  +

                  Not supported

                  +

                  Not supported
                  - -
                • Network isolation is not supported for IPv6 addresses.
                • If you upgrade a CCE cluster to a version that supports egress rules in in-place mode, the rules will not work because the node OS is not upgraded. In this case, reset the node.
                  • +
                  • CCE DataPlane V2 is released with restrictions. To use this feature, submit a service ticket to CCE.
                  • Secure containers (such as Kata as the container runtime) are not supported by network policies.
                  • If you upgrade a CCE standard cluster with a tunnel network to a version that supports egress rules in in-place mode, the rules will not work because the node OS is not upgraded. In this case, reset the node.
                  • When a network policy is enabled for a cluster that uses a tunnel network, the source IP address of a pod accessing the CIDR block of a Service will be recorded in the optional field of the reported IP address data. This enables the configuration of network policy rules on the destination pod, taking into account the source IP address of the pod.
                  +
                  -

                  Using Ingress Rules Through YAML

                  • Scenario 1: Use a network policy to limit access to a pod to only pods with specific labels.
                    Figure 1 podSelector
                    +

                    Using Ingress Rules Through YAML

                    • Scenario 1: Use a network policy to limit access to a pod to only pods with specific labels.
                      Figure 1 podSelector

                      The pod labeled with role=db only permits access to its port 6379 from pods labeled with role=frontend. To do so, perform the following operations:

                      1. Create the access-demo1.yaml file.
                        vim access-demo1.yaml

                        File content:

                        @@ -64,7 +160,7 @@ spec: 
                        networkpolicy.networking.k8s.io/access-demo1 created
                    -
                    • Scenario 2: Use a network policy to limit access to a pod to only pods in a specific namespace.
                      Figure 2 namespaceSelector
                      +
                      • Scenario 2: Use a network policy to limit access to a pod to only pods in a specific namespace.
                        Figure 2 namespaceSelector

                        The pod labeled with role=db only permits access to its port 6379 from pods in the namespace labeled with project=myproject. To do so, perform the following operations:

                        1. Create the access-demo2.yaml file.
                          vim access-demo2.yaml

                          File content:

                          @@ -90,12 +186,12 @@ spec:
                    -

                    Using Egress Rules Through YAML

                    Egress supports podSelector, namespaceSelector, and IPBlock.

                    -

                    Only clusters of v1.23 or later support egress rules. Only nodes running EulerOS 2.9 or HCE OS 2.0 are supported.

                    +

                    Using Egress Rules Through YAML

                    The clusters of v1.23 or later using a tunnel network support egress rules. Only nodes running EulerOS 2.9 or HCE OS 2.0 are supported.

                    +

                    Egress rules are only supported by CCE Turbo clusters of v1.27.16-r10, v1.28.15-r0, v1.29.10-r0, v1.30.6-r0, or later with DataPlane V2 enabled. Additionally, nodes in these clusters must only run HCE OS 2.0.

                    -
                    • Scenario 1: Use a network policy to limit a pod's access to specific addresses.
                      Figure 3 IPBlock
                      -

                      The pod labeled with role=db only permits access to the 172.16.0.16/16 CIDR block, excluding 172.16.0.40/32 within it. To do so, perform the following operations:

                      -
                      1. Create the access-demo3.yaml file.
                        vim access-demo2.yaml
                        +
                        • Scenario 1: Use a network policy to limit a pod's access to specific addresses.
                          Figure 3 IPBlock
                          +

                          The pod labeled with role=db only permits access to the 172.16.0.0/16 CIDR block, excluding 172.16.0.40/32 within it. To do so, perform the following operations:

                          +
                          1. Create the access-demo3.yaml file.
                            vim access-demo3.yaml

                            File content:

                            apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -111,16 +207,16 @@ spec:
   egress:                       # Egress rule
   - to:
     - ipBlock:
-        cidr: 172.16.0.16/16    # Allow access to this CIDR block in the outbound direction.
+        cidr:172.16.0.0/16    # Allow access to this CIDR block in the outbound direction.
         except:
         - 172.16.0.40/32        # Block access to this address in the CIDR block.
                          2. Run the following command to create the network policy based on the access-demo3.yaml file:
                            kubectl apply -f access-demo3.yaml

                            Expected output:

                            networkpolicy.networking.k8s.io/access-demo3 created
                          -
                        • Scenario 2: Use a network policy to limit access to a pod to only pods with specific labels and this pod can only access specific pods.
                          Figure 4 Using both ingress and egress
                          +
                        • Scenario 2: Use a network policy to limit access to a pod to only pods with specific labels and this pod can only access specific pods.
                          Figure 4 Using both ingress and egress

                          The pod labeled with role=db only permits access to its port 6379 from pods labeled with role=frontend, and this pod can only access the pods labeled with role=web. You can use the same rule to configure both ingress and egress in a network policy. To do so, perform the following operations:

                          -
                          1. Create the access-demo4.yaml file.
                            vim access-demo2.yaml
                            +
                            1. Create the access-demo4.yaml file.
                              vim access-demo4.yaml

                              File content:

                              apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -153,8 +249,8 @@ spec:
                    -

                    Creating a Network Policy on the Console

                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                    2. Choose Policies in the navigation pane, click the Network Policies tab, and click Create Network Policy in the upper right corner.

                      • Policy Name: Specify a network policy name.
                      • Namespace: Select a namespace in which the network policy is applied.
                      • Selector: Enter a label, select the pod to be associated, and click Add. You can also click Reference Workload Label to use the label of an existing workload.
                      • Inbound Rule: Click to add an inbound rule. For details about parameter settings, see Table 1.

                        -

                        +

                        Creating a Network Policy on the Console

                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                        2. Choose Policies in the navigation pane, click the Network Policies tab, and click Create Network Policy in the upper right corner.

                          • Policy Name: Specify a network policy name.
                          • Namespace: Select a namespace in which the network policy is applied.
                          • Selector: Enter a label, select the pod to be associated, and click Add. You can also click Reference Workload Label to use the label of an existing workload.
                          • Inbound Rule: Click to add an inbound rule. For details about parameter settings, see Table 1.

                            +

                            @@ -167,6 +263,12 @@ spec: + + +
                            Table 1 Adding an inbound rule

                            Parameter

                            Select the protocol type and port. Currently, TCP and UDP are supported.

                            Source CIDR Block

                            +

                            For clusters of v1.27.16-r10, v1.28.15-r0, v1.29.10-r0, v1.30.6-r0, or later versions with DataPlane V2 enabled, you can configure the source CIDR block.

                            +

                            The specified source CIDR block allows traffic from a destination CIDR block (multiple exception CIDR blocks can be specified). Separate the destination and exception CIDR blocks using a vertical bar (|). If there are multiple exception CIDR blocks, separate them using commas (,). For example, 172.17.0.0/16|172.17.1.0/24,172.17.2.0/24 indicates that 172.17.0.0/16 is accessible, but not for 172.17.1.0/24 and 172.17.2.0/24.

                            +

                            Source Namespace

                            Select a namespace whose objects can be accessed. If this parameter is not specified, the object belongs to the same namespace as the current policy.

                            @@ -181,10 +283,10 @@ spec:
                            -
                          • Outbound Rule: Click to add an outbound rule. For details about parameter settings, see Table 1.

                            -

                            +
                          • Outbound Rule: Click to add an outbound rule. For details about parameter settings, see Table 2.

                            +

                            -
                            Table 2 Adding an outbound rule

                            Parameter

                            +
                            @@ -197,7 +299,7 @@ spec: - -
                            Table 2 Adding an outbound rule

                            Parameter

                            Description

                            Destination CIDR Block

                            Allows requests to be routed to a specified CIDR block (and not to the exception CIDR blocks). Separate the destination and exception CIDR blocks by vertical bars (|), and separate multiple exception CIDR blocks by commas (,). For example, 172.17.0.0/16|172.17.1.0/24,172.17.2.0/24 indicates that 172.17.0.0/16 is accessible, but not for 172.17.1.0/24 and 172.17.2.0/24.

                            +

                            Allows requests to be routed to a specified CIDR block (and not to the exception CIDR blocks). Separate the destination and exception CIDR blocks using a vertical bar (|). If there are multiple exception CIDR blocks, separate them using commas (,). For example, 172.17.0.0/16|172.17.1.0/24,172.17.2.0/24 indicates that 172.17.0.0/16 is accessible, but not for 172.17.1.0/24 and 172.17.2.0/24.

                            Destination Namespace

                            diff --git a/docs/cce/umn/cce_10_0063.html b/docs/cce/umn/cce_10_0063.html index 84e73c9b8..3fc3dd49b 100644 --- a/docs/cce/umn/cce_10_0063.html +++ b/docs/cce/umn/cce_10_0063.html @@ -4,14 +4,14 @@

                            Scenario

                            After a node scaling policy is created, you can delete, edit, disable, enable, or clone the policy.

                            Viewing a Node Scaling Policy

                            You can view the associated node pool, rules, and scaling history of a node scaling policy and rectify faults according to the error information displayed.

                            -
                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                            2. In the navigation pane, choose Nodes.On the page displayed, click the Node Pools tab and then the name of the node pool for which an auto scaling policy has been created to view the node pool details.
                            3. On the node pool details page, click the Auto Scaling tab to view the auto scaling configuration and scaling records.

                              You can obtain created auto scaling policies on the Policies page.

                              +
                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                              2. In the navigation pane, choose Nodes. On the page displayed, click the Node Pools tab and then the name of the node pool for which an auto scaling policy has been created to view the node pool details.
                              3. On the node pool details page, click the Auto Scaling tab to view the auto scaling configuration and scaling records.

                                You can obtain created auto scaling policies on the Policies page.

                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                2. In the navigation pane, choose Policies. On the page displayed, click the Node Scaling Policies tab.
                                3. Check the configuration of the auto scaling policies. Choose More > Scaling History for the target policy to check the scaling records of the policy.

                              Deleting a Node Scaling Policy

                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                              2. In the navigation pane, choose Policies. On the page displayed, click the Node Scaling Policies tab, locate the row containing the target policy and choose More > Delete in the Operation column.
                              3. In the Delete Node Scaling Policy dialog box displayed, confirm whether to delete the policy.
                              4. Click Yes to delete the policy.
                              -

                              Editing a Node Scaling Policy

                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                              2. In the navigation pane, choose Policies. On the page displayed, click the Node Scaling Policies tab, locate the row containing the target policy and click Edit in the Operation column.
                              3. On the Edit Node Scaling Policy page displayed, configure policy parameters listed in Table 2.
                              4. After the configuration is complete, click OK.
                              +

                              Editing a Node Scaling Policy

                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                              2. In the navigation pane, choose Policies. On the page displayed, click the Node Scaling Policies tab, locate the row containing the target policy and click Edit in the Operation column.
                              3. On the Edit Node Scaling Policy page displayed, configure policy parameters listed in Table 4.
                              4. After the configuration is complete, click OK.

                              Cloning a Node Scaling Policy

                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                              2. In the navigation pane, choose Policies. On the page displayed, click the Node Scaling Policies tab, locate the row containing the target policy and choose More > Clone in the Operation column.
                              3. On the Create Node Scaling Policy page displayed, certain parameters have been cloned. Add or modify other policy parameters based on service requirements.
                              4. Click OK.
                              diff --git a/docs/cce/umn/cce_10_0066.html b/docs/cce/umn/cce_10_0066.html index 1f964de4a..28213b8de 100644 --- a/docs/cce/umn/cce_10_0066.html +++ b/docs/cce/umn/cce_10_0066.html @@ -8,7 +8,7 @@

                              Installing the Add-on

                              This add-on has been installed by default. If it is uninstalled due to some reasons, you can reinstall it by performing the following steps:

                              1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CCE Container Storage (Everest) on the right, and click Install.
                              2. On the Install Add-on page, configure the specifications as needed.

                                • If you selected Preset, you can choose between Small, Medium, or Large as needed. The system will automatically set the number of add-on pods and resource quotas according to the preset specifications. You can see the configurations on the console.

                                  The small specification is best for clusters with up to 50 nodes and 500 PVCs. The medium specification works well for clusters with up to 200 nodes and 2000 PVCs. The large specification is perfect for clusters with up to 1000 nodes and 10,000 PVCs.

                                  -
                                • If you selected Custom, you can adjust the number of pods and resource quotas as needed. The requested CPU and memory can be adjusted based on the number of nodes and PVCs. For details, see Table 1.

                                  In non-typical scenarios, the formulas for estimating the limits are as follows:

                                  +
                                • If you selected Custom, you can adjust the number of pods and resource quotas as needed. The requested CPUs and memory can be adjusted based on the number of nodes and PVCs. For details, see Table 1.

                                  In non-typical scenarios, the formulas for estimating the limits are as follows:

                                  • everest-csi-controller
                                    • CPU limit: 250m for 200 or fewer nodes, 350m for 1000 nodes, and 500m for 2000 nodes
                                    • Memory limit = (200 MiB + Number of nodes x 1 MiB + Number of PVCs x 0.2 MiB) x 1.2
                                  • everest-csi-driver
                                    • CPU limit: 300m for 200 or fewer nodes, 500m for 1000 nodes, and 800m for 2000 nodes
                                    • Memory limit: 300 MiB for 200 or fewer nodes, 600 MiB for 1000 nodes, and 900 MiB for 2000 nodes
                                  @@ -166,7 +166,7 @@

                            Visualized GUI configuration

                            Number of workers that can be concurrently processed by Everest for detaching EVS volumes. The default value is 60.

                            +

                            Number of workers that can be concurrently processed by Everest for detaching EVS volumes. The default value is 60.

                            Distributed Volume Mounting

                            @@ -231,7 +231,7 @@

                            In the extended parameter settings, you can customize the advanced configurations that are not displayed on the GUI. If the settings in the extended parameters conflict with those on the GUI, the settings in the extended parameters will work.

                            -

                          • Configure deployment policies for the add-on pods.

                            • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                            • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                            +

                          • Configure deployment policies for the add-on pods.

                            • Scheduling policies do not take effect on add-on pods of the DaemonSet type.
                            • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                            - - @@ -410,7 +410,19 @@ - + + + + - -
                            Table 3 Configurations for add-on scheduling

                            Parameter

                            @@ -242,12 +242,12 @@

                            Multi-AZ Deployment

                            • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                            • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                            • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                            +
                            • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                            • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                            • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.

                            Node Affinity

                            • Not configured: Node affinity is disabled for the add-on.
                            • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                            • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                            • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.

                              If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.

                              +
                            • Not configured: Node affinity is disabled for the add-on.
                            • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                            • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pools, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                            • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.

                              If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.

                            2.4.75

                            +

                            2.4.134

                            +

                            v1.25

                            +

                            v1.27

                            +

                            v1.28

                            +

                            v1.29

                            +

                            v1.30

                            +

                            v1.31

                            +

                            Fixed some issues.

                            +

                            2.4.75

                            v1.23

                            v1.25

                            @@ -463,7 +475,7 @@

                            v1.27

                            v1.28

                            CCE clusters 1.28 are supported.

                            +

                            CCE clusters v1.28 are supported.

                            2.1.51

                            diff --git a/docs/cce/umn/cce_10_0068.html b/docs/cce/umn/cce_10_0068.html index ec21045b9..b37036d47 100644 --- a/docs/cce/umn/cce_10_0068.html +++ b/docs/cce/umn/cce_10_0068.html @@ -4,6 +4,8 @@
                            diff --git a/docs/cce/umn/cce_10_0081.html b/docs/cce/umn/cce_10_0081.html index c945b3b9d..690ac5d80 100644 --- a/docs/cce/umn/cce_10_0081.html +++ b/docs/cce/umn/cce_10_0081.html @@ -111,15 +111,14 @@

                            You can configure core components with fine granularity.

                            • This function is supported only in clusters of v1.15 and later. It is not displayed for versions earlier than v1.15.
                            • The default node pool does not support this type of configuration.
                            +
                            • This function is supported only in clusters of v1.15 or later. It is not displayed for versions earlier than v1.15.
                            • The default node pool does not support this type of configuration.
                            -

                            Deploying a Workload in a Specified Node Pool

                            When creating a workload, you can constrain pods to run in a specified node pool.

                            -

                            For example, on the CCE console, you can set the affinity between the workload and the node on the Scheduling Policies tab page on the workload details page to forcibly deploy the workload to a specific node pool. In this way, the workload runs only on nodes in the node pool. To better control where the workload is to be scheduled, you can use affinity or anti-affinity policies between workloads and nodes described in Configuring Node Affinity Scheduling (nodeAffinity).

                            +

                            Deploying a Workload in a Specified Node Pool

                            When configuring a workload, you can set the workload affinity and node affinity on the Scheduling tab to forcibly deploy the workload to a specific node pool. This way, the workload runs only on nodes in that node pool. To better control where the workload is to be scheduled, you can use affinity or anti-affinity policies between workloads and nodes described in Configuring Node Affinity Scheduling (nodeAffinity).

                            For example, you can use container's resource request as a nodeSelector so that workloads will run only on the nodes that meet the resource request.

                            If the workload definition file defines a container that requires four CPUs, the scheduler will not choose the nodes with two CPUs to run workloads.

                            diff --git a/docs/cce/umn/cce_10_0084.html b/docs/cce/umn/cce_10_0084.html index 3b12a01b6..9f133d33d 100644 --- a/docs/cce/umn/cce_10_0084.html +++ b/docs/cce/umn/cce_10_0084.html @@ -3,7 +3,7 @@

                            Enabling ICMP Security Group Rules

                            Scenario

                            If a workload uses UDP for both load balancing and health check, enable ICMP security group rules for the backend servers.

                            -

                            Procedure

                            1. Log in to the CCE console, choose Service List > Networking > Virtual Private Cloud, and choose Access Control > Security Groups in the navigation pane.
                            2. In the security group list, locate the security group of the cluster. Click the Inbound Rules tab page and then Add Rule. In the Add Inbound Rule dialog box, configure inbound parameters.

                              +

                              Procedure

                              1. Log in to the CCE console and choose Networking > Virtual Private Cloud in the service list. In the navigation pane, choose Access Control > Security Groups.
                              2. In the security group list, locate the security group of the cluster. Click the Inbound Rules tab page and then Add Rule. In the Add Inbound Rule dialog box, configure inbound parameters.

                                Cluster Type

                                ELB Type

                                diff --git a/docs/cce/umn/cce_10_0091.html b/docs/cce/umn/cce_10_0091.html index b7309f723..eaeea38d6 100644 --- a/docs/cce/umn/cce_10_0091.html +++ b/docs/cce/umn/cce_10_0091.html @@ -4,7 +4,9 @@
                                  -
                                • Cluster Overview
                                  +
                                • Cluster Overview
                                  +
                                  • +
                                • Cluster Version Release Notes
                                • Creating a Cluster
                                  • diff --git a/docs/cce/umn/cce_10_0094.html b/docs/cce/umn/cce_10_0094.html index 2a6e1e507..81c2a04ac 100644 --- a/docs/cce/umn/cce_10_0094.html +++ b/docs/cce/umn/cce_10_0094.html @@ -1,21 +1,21 @@

                                  Overview

                                  -

                                  Why We Need Ingresses

                                  A Service is generally used to forward access requests based on TCP and UDP and provide layer-4 load balancing for clusters. However, in actual scenarios, if there is a large number of HTTP/HTTPS access requests on the application layer, the Service cannot meet the forwarding requirements. Therefore, the Kubernetes cluster provides an HTTP-based access mode, ingress.

                                  +

                                  Why We Need Ingresses?

                                  A Service is generally used to forward access requests based on TCP and UDP and provide layer-4 load balancing for clusters. However, in actual scenarios, if there is a large number of HTTP/HTTPS access requests on the application layer, the Service cannot meet the forwarding requirements. Therefore, the Kubernetes cluster provides an HTTP-based access mode, ingress.

                                  An ingress is an independent resource in the Kubernetes cluster and defines rules for forwarding external access traffic. As shown in Figure 1, you can customize forwarding rules based on domain names and URLs to implement fine-grained distribution of access traffic.

                                  -
                                  Figure 1 Ingress diagram
                                  +
                                  Figure 1 Ingress diagram

                                  Ingress Overview

                                  Kubernetes uses ingress resources to define how incoming traffic should be handled, while the Ingress Controller is responsible for processing the actual traffic.

                                  -
                                  • Ingress object: a set of access rules that forward requests to specified Services based on domain names or paths. It can be added, deleted, modified, and queried by calling APIs.
                                  • Ingress Controller: an executor for forwarding requests. It monitors the changes of resource objects such as ingresses, Services, endpoints, secrets (mainly TLS certificates and keys), nodes, and ConfigMaps in real time, parses rules defined by ingresses, and forwards requests to the target backend Services.
                                    The way of implementing Ingress Controllers varies depending on their vendors. CCE supports LoadBalancer Ingress Controllers and NGINX Ingress Controllers.
                                    • LoadBalancer Ingress Controllers are deployed on master nodes and they forward traffic based on the ELB. All policy configurations and forwarding behaviors are handled by the ELB.
                                    • NGINX Ingress Controllers are deployed in clusters using charts and images maintained by the Kubernetes community. They provide external access through NodePort and forward external traffic to other services in the cluster through Nginx. All traffic forwarding behaviors and forwarding objects are within the cluster.
                                    +
                                    • Ingress object: a set of access rules that forward requests to specified Services based on domain names or paths. It can be added, deleted, modified, and queried by calling APIs.
                                    • Ingress Controller: an executor for forwarding requests. It monitors the changes of resource objects such as ingresses, Services, endpoints, secrets (mainly TLS certificates and keys), nodes, and ConfigMaps in real time, parses rules defined by ingresses, and forwards requests to the target backend Services.
                                      The way of implementing Ingress Controllers varies depending on their vendors. CCE supports LoadBalancer Ingress Controllers and NGINX Ingress Controllers.
                                      • LoadBalancer Ingress Controllers are deployed on master nodes and forward traffic based on the ELB. All policy configurations and forwarding behaviors are managed on the ELB.
                                      • NGINX Ingress Controllers are deployed in clusters using charts and images maintained by the Kubernetes community. They provide external access through NodePort and forward external traffic to other services in the cluster through Nginx. All traffic forwarding behaviors and forwarding objects are within the cluster.

                                    Ingress Feature Comparison

                                    - - @@ -45,7 +45,7 @@ - @@ -75,27 +75,27 @@
                                    Table 1 Comparison between ingress features

                                    Feature

                                    ELB Ingress Controller

                                    +

                                    LoadBalancer Ingress Controller

                                    Nginx Ingress Controller

                                    +

                                    NGINX Ingress Controller

                                    Component deployment

                                    Deployed on the master node

                                    +

                                    Deployed on master nodes

                                    Deployed on worker nodes, and operations costs required for the Nginx component

                                    The LoadBalancer ingress is essentially different from the open source Nginx Ingress. Therefore, their supported Service types are different. For details, see Services Supported by LoadBalancer Ingresses.

                                    -

                                    LoadBalancer Ingress Controllers are deployed on master nodes. All policy configurations and forwarding behaviors are configured on the ELB. Load balancers outside the cluster can connect to nodes in the cluster only through the IP address of the VPC in non-passthrough networking scenarios. Therefore, LoadBalancer ingresses support only NodePort Services. However, in the passthrough networking scenario (CCE Turbo cluster + dedicated load balancer), ELB can directly forward traffic to pods in the cluster. In this case, the ingress can only interconnect with ClusterIP Services.

                                    -

                                    NGINX Ingress Controller runs in a cluster and is exposed as a Service through NodePort. Traffic is forwarded to other Services in the cluster through Nginx-ingress. The traffic forwarding behavior and forwarding object are in the cluster. Therefore, both ClusterIP and NodePort Services are supported.

                                    +

                                    LoadBalancer Ingress Controllers are deployed on master nodes. All policy configurations and forwarding behaviors are managed on the ELB. Load balancers outside the cluster can connect to nodes in the cluster only through the IP address of the VPC in non-passthrough networking scenarios. Therefore, LoadBalancer ingresses support only NodePort Services. However, in the passthrough networking scenario where a dedicated load balancer is used in a CCE Turbo cluster, ELB can directly forward traffic to pods in the cluster. In this case, the ingress can only interconnect with ClusterIP Services.

                                    +

                                    NGINX Ingress Controller runs in a cluster and is exposed as a Service through NodePort. Traffic is forwarded to other Services in the cluster through Nginx ingresses. The traffic forwarding behavior and forwarding object are in the cluster. Therefore, both ClusterIP and NodePort Services are supported.

                                    In conclusion, LoadBalancer ingresses use enterprise-grade load balancers to forward traffic and delivers high performance and stability. NGINX Ingress Controller is deployed on cluster nodes, which consumes cluster resources but has better configurability.

                                    -

                                    Working Rules of LoadBalancer Ingress Controller

                                    LoadBalancer Ingress Controller developed by CCE implements layer-7 network access for the internet and intranet (in the same VPC) based on ELB and distributes access traffic to the target Services using different paths.

                                    -

                                    LoadBalancer Ingress Controller is deployed on the master node and bound to the load balancer in the VPC where the cluster resides. Different domain names, ports, and forwarding policies can be configured for the same load balancer (with the same IP address). The working rules of LoadBalancer Ingress Controller are as follows:

                                    +

                                    Working Rules of a LoadBalancer Ingress Controller

                                    CCE LoadBalancer Ingress Controllers provide Layer 7 network access for the internet and intranet (within the same VPC) via ELB, routing traffic to target Services through different paths.

                                    +

                                    LoadBalancer Ingress Controllers are deployed on master nodes and bound to load balancers in the cluster's VPC. You can configure different domain names, ports, and forwarding policies for the same load balancer (with the same IP address). The working rules of LoadBalancer Ingress Controllers are as follows:

                                    1. A user creates an ingress and configures a traffic access rule in the ingress, including the load balancer, access path, SSL, and backend Service port.
                                    2. When Ingress Controller detects that the ingress changes, it reconfigures the listener and backend server route on the ELB according to the traffic access rule.
                                    3. When a user attempts to access a workload, the ELB forwards the traffic to the target workload according to the configured forwarding rule.
                                    -

                                    CCE Standard Clusters

                                    Figure 2 Working flow of a LoadBalancer ingress in a CCE standard cluster
                                    +

                                    CCE Standard Clusters

                                    Figure 2 Working flow of a LoadBalancer ingress in a CCE standard cluster
                                    -

                                    CCE Turbo Clusters Where a Shared Load Balancer Is Used

                                    Figure 3 Working flow of a LoadBalancer ingress in a CCE Turbo cluster where a shared load balancer is used
                                    +

                                    CCE Turbo Clusters Where a Shared Load Balancer Is Used

                                    Figure 3 Working flow of a LoadBalancer ingress in a CCE Turbo cluster where a shared load balancer is used

                                    CCE Turbo Clusters Where a Dedicated Load Balancer Is Used

                                    When a CCE Turbo cluster is used, pod IP addresses are directly allocated from the VPC. Dedicated load balancers enable passthrough networking to pods. When creating an ingress for external cluster access, you can use ELB to access a ClusterIP Service and use pods as the backend server of the ELB listener. In this way, external traffic can directly access the pods in the cluster without being forwarded by node ports.

                                    -
                                    Figure 4 Working flow of a LoadBalancer ingress in a CCE Turbo cluster where a dedicated load balancer is used
                                    +
                                    Figure 4 Working flow of a LoadBalancer ingress in a CCE Turbo cluster where a dedicated load balancer is used

                                    Working Rules of NGINX Ingress Controller

                                    Nginx Ingress uses ELB as the traffic ingress. The NGINX Ingress Controller add-on is deployed in a cluster to balance traffic and control access.

                                    NGINX Ingress Controller uses the charts and images provided by the open-source community, and issues may occur during usage. CCE periodically synchronizes the community version to fix known vulnerabilities. Check whether your service requirements can be met.

                                    NGINX Ingress Controller is deployed on worker nodes through pods, which will result in O&M costs and Nginx component running overheads. Figure 5 shows the working rules of NGINX Ingress Controller.

                                    1. After you update ingress resources, NGINX Ingress Controller writes a forwarding rule defined in the ingress resources into the nginx.conf configuration file of Nginx.
                                    2. The built-in Nginx component reloads the updated configuration file to modify and update the Nginx forwarding rule.
                                    3. When traffic accesses a cluster, the traffic is first forwarded by the created load balancer to the Nginx component in the cluster. Then, the Nginx component forwards the traffic to each workload based on the forwarding rule.
                                    -
                                    Figure 5 Working rules of NGINX Ingress Controller
                                    +
                                    Figure 5 Working rules of NGINX Ingress Controller

                                    Services Supported by LoadBalancer Ingresses

                                    - @@ -137,7 +137,9 @@ - diff --git a/docs/cce/umn/cce_10_0107.html b/docs/cce/umn/cce_10_0107.html index 007753638..6a0b70aca 100644 --- a/docs/cce/umn/cce_10_0107.html +++ b/docs/cce/umn/cce_10_0107.html @@ -1,17 +1,17 @@ -

                                    Connecting to a Cluster Using kubectl

                                    -

                                    Scenario

                                    This section uses a CCE standard cluster as an example to describe how to access a CCE cluster using kubectl.

                                    +

                                    Accessing a Cluster Using kubectl

                                    +
                                    kubectl is a command-line tool provided by Kubernetes, enabling you to manage cluster resources, view cluster status, deploy applications, and debug issues through the CLI. To access a CCE cluster using kubectl, you can use either of the following methods:
                                    • Intranet access: The client connects to the cluster's API server using an intranet IP address. This method keeps data traffic within the internal network, enhancing security by avoiding the Internet.
                                    • Internet access: The cluster's API server exposes a public API, allowing clients to access the Kubernetes cluster over the Internet.
                                    -

                                    Permissions

                                    When you access a cluster using kubectl, CCE uses kubeconfig generated on the cluster for authentication. This file contains user information, based on which CCE determines which Kubernetes resources can be accessed by kubectl. The permissions recorded in a kubeconfig file vary from user to user.

                                    -

                                    For details about user permissions, see Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based).

                                    -
                                    -

                                    Using kubectl

                                    To connect to a Kubernetes cluster from a PC, you can use kubectl, a Kubernetes command line tool. You can log in to the CCE console and click the name of the target cluster to access the cluster console. On the Overview page, view the access address and kubectl connection procedure.

                                    -
                                    CCE allows you to access a cluster through a private network or a public network.
                                    • Intranet access: The client that accesses the cluster must be in the same VPC as the cluster.
                                    • Public access: The client that accesses the cluster must be able to access public networks and the cluster has been bound with a public network IP.

                                      To bind an EIP to the cluster, go to the Overview page and click Bind next to EIP in the Connection Information area. In a cluster with an EIP bound, kube-apiserver will be exposed to the Internet and may be attacked. To solve this problem, you can configure Advanced Anti-DDoS for the EIP of the node on which kube-apiserver runs.

                                      +

                                      This section uses a CCE standard cluster as an example to describe how to access a CCE cluster using kubectl.

                                      +

                                      Prerequisites

                                      • Before using intranet access, ensure that the client and the cluster to be accessed are in the same VPC.
                                      • Before using Internet access, ensure that the client can access the Internet and that an EIP has been bound to the target cluster. For details about how to bind an EIP, see Procedure.

                                        In a cluster with an EIP bound, kube-apiserver will be exposed to the Internet and may be attacked. To resolve this issue, you can configure Advanced Anti-DDoS for the EIP of the node on which kube-apiserver runs or configure security group rules.

                                      -

                                      Download kubectl and the configuration file. Copy the file to your client, and configure kubectl. After the configuration is complete, you can access your Kubernetes clusters. The process is as follows:

                                      +

                                      Notes and Constraints

                                      When you access a cluster using kubectl, CCE uses kubeconfig generated on the cluster for authentication. This file contains user information, based on which CCE determines which Kubernetes resources can be accessed via kubectl. Since the kubeconfig file contains user identity details, the permissions associated with that user are inherited when accessing the cluster via kubectl.

                                      +

                                      For details about user permissions, see Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based).

                                      +
                                      +

                                      Procedure

                                      Before using kubectl to access a cluster, install kubectl on the client. Then, download the kubectl configuration file from the cluster and copy it to the client. Once configured, the client can access the target cluster. The process is as follows:

                                      1. Download kubectl.

                                        Prepare a computer that can access the public network and install kubectl in CLI mode. You can run the kubectl version command to check whether kubectl has been installed. If kubectl has been installed, skip this step.

                                        This section uses the Linux environment as an example to describe how to install and configure kubectl. For details, see Installing kubectl.

                                        1. Log in to your client and download kubectl.
                                          cd /home
@@ -20,7 +20,8 @@ curl -LO https://dl.k8s.io/release/{v1.25.
                                        2. Install kubectl.
                                          chmod +x kubectl
 mv -f kubectl /usr/local/bin
                                        -

                                      2. Obtain the kubectl configuration file.

                                        In the Connection Info pane on the Overview page, click Configure next to kubectl to check the kubectl connection. On the displayed page, choose Intranet access or Public network access and download the configuration file.

                                        +

                                      3. Obtain the kubectl configuration file.

                                        1. On the Overview page, locate the Connection Information area, and click Configure next to kubectl.

                                          +
                                        2. In the window that slides out from the right, locate the Download the kubeconfig file area, select Intranet access or Public network access for Current data, and download the configuration file.
                                        • The kubectl configuration file kubeconfig is used for cluster authentication. If the file is leaked, your clusters may be attacked.
                                        • The Kubernetes permissions assigned by the configuration file downloaded by IAM users are the same as those assigned to the IAM users on the CCE console.
                                        • If the KUBECONFIG environment variable is configured in the Linux OS, kubectl preferentially loads the KUBECONFIG environment variable instead of $home/.kube/config.

                                      4. Configure kubectl.

                                        Configure kubectl (A Linux OS is used).
                                        1. Log in to your client and copy the configuration file (for example, kubeconfig.yaml) downloaded in 2 to the /home directory on your client.
                                        2. Configure the kubectl authentication file.
                                          cd /home
@@ -33,13 +34,18 @@ mv -f kubeconfig.
                                    +

                                  • Run the following command on the client to check whether the client can access the cluster using kubectl:

                                    kubectl cluster-info    # Check the cluster information.
                                    +

                                    If the following information is displayed, the client can access the cluster using kubectl:

                                    +
                                    Kubernetes control plane is running at https://xx.xx.xx.xx:5443
+CoreDNS is running at https://xx.xx.xx.xx:5443/api/v1/namespaces/kube-system/services/coredns:dns/proxy
+To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

                                    • -

                                    Two-Way Authentication for Domain Names

                                    CCE supports two-way authentication for domain names.

                                    -
                                    • After an EIP is bound to an API Server, two-way domain name authentication is disabled by default if kubectl is used to access the cluster. You can run kubectl config use-context externalTLSVerify to enable the two-way domain name authentication.
                                    • When an EIP is bound to or unbound from a cluster, or a custom domain name is configured or updated, the cluster server certificate will be added the latest cluster access address (including the EIP bound to the cluster and all custom domain names configured for the cluster).
                                    • Asynchronous cluster synchronization takes about 5 to 10 minutes. You can view the synchronization result in Synchronize Certificate in Operation Records.
                                    • For a cluster that has been bound to an EIP, if the authentication fails (x509: certificate is valid) when two-way authentication is used, bind the EIP again and download kubeconfig.yaml again.
                                    • If the two-way domain name authentication is not supported, kubeconfig.yaml contains the "insecure-skip-tls-verify": true field, as shown in Figure 1. To use two-way authentication, download the kubeconfig.yaml file again and enable two-way authentication for the domain names.
                                      Figure 1 Two-way authentication disabled for domain names
                                      +

                                      Two-Way Authentication for Domain Names

                                      Two-way domain name authentication is a mutual authentication mechanism that verifies the identities of both the client and server. This mode enhances security between clusters and clients, preventing unauthorized access.

                                      +
                                      • After an EIP is bound to an API Server, two-way domain name authentication is disabled by default if kubectl is used to access the cluster. You can run kubectl config use-context externalTLSVerify to enable the two-way domain name authentication.
                                      • When an EIP is bound to or unbound from a cluster, or a custom domain name is configured or updated, the cluster server certificate will be added the latest cluster access address (including the EIP bound to the cluster and all custom domain names configured for the cluster).
                                      • Asynchronous cluster synchronization takes about 5 to 10 minutes. You can view the synchronization result in Synchronize Certificate in Operation Records.
                                      • For a cluster that has been bound to an EIP, if the authentication fails (x509: certificate is valid) when two-way authentication is used, bind the EIP again and download kubeconfig.yaml again.
                                      • If the two-way domain name authentication is not supported, kubeconfig.yaml contains the "insecure-skip-tls-verify": true field, as shown in Figure 1. To use two-way authentication, download the kubeconfig.yaml file again and enable two-way authentication for the domain names.
                                        Figure 1 Two-way authentication disabled for domain names
                                      -

                                      FAQs

                                      • Error from server Forbidden

                                        When you use kubectl to create or query Kubernetes resources, the following output is returned:

                                        +

                                        Common Issues

                                        • Error from server Forbidden

                                          When you use kubectl to create or query Kubernetes resources, the following output is returned:

                                          # kubectl get deploy Error from server (Forbidden): deployments.apps is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "deployments" in API group "apps" in the namespace "default"

                                          The cause is that the user does not have the permissions to operate the Kubernetes resources. For details about how to assign permissions, see Namespace Permissions (Kubernetes RBAC-based).

                                        • The connection to the server localhost:8080 was refused

                                          When you use kubectl to create or query Kubernetes resources, the following output is returned:

                                          diff --git a/docs/cce/umn/cce_10_0111.html b/docs/cce/umn/cce_10_0111.html index 9ead90e46..4905d5568 100644 --- a/docs/cce/umn/cce_10_0111.html +++ b/docs/cce/umn/cce_10_0111.html @@ -1,7 +1,8 @@

                                          Scalable File Service

                                          -
                                          +

                                          +
                                          • Overview
                                            diff --git a/docs/cce/umn/cce_10_0112.html b/docs/cce/umn/cce_10_0112.html index e1354d404..596d8d1fc 100644 --- a/docs/cce/umn/cce_10_0112.html +++ b/docs/cce/umn/cce_10_0112.html @@ -94,7 +94,7 @@ spec: periodSeconds: 5 startupProbe: # Startup probe httpGet: # Checking an HTTP request is used as an example. - path: /healthz # The HTTP check path is /healthz. + path: /healthz # The HTTP check path is /healthz. port: 80 # The check port number is 80. failureThreshold: 30 periodSeconds: 10 diff --git a/docs/cce/umn/cce_10_0113.html b/docs/cce/umn/cce_10_0113.html index 7948b0693..287c14aa8 100644 --- a/docs/cce/umn/cce_10_0113.html +++ b/docs/cce/umn/cce_10_0113.html @@ -10,7 +10,7 @@
                                            • Custom: Enter the environment variable name and parameter value.
                                            • Added from ConfigMap: Import all key values in a ConfigMap as environment variables.
                                            • Added from ConfigMap key: Import the value of a key in a ConfigMap as the value of an environment variable. As shown in Figure 1, if you import configmap_value of configmap_key in configmap-example as the value of environment variable key1, an environment variable named key1 whose value is configmap_value is available in the container.
                                            • Added from secret: Import all key values in a secret as environment variables.
                                            • Added from secret key: Import the value of a key in a secret as the value of an environment variable. As shown in Figure 1, if you import secret_value of secret_key in secret-example as the value of environment variable key2, an environment variable named key2 whose value is secret_value is available in the container.
                                            • Variable Value/Reference: Use the field defined by a pod as the value of the environment variable. As shown in Figure 1, if the pod name is imported as the value of environment variable key3, an environment variable named key3 whose value is the pod name is available in the container.
                                            • Resource Reference: The value of Request or Limit defined by the container is used as the value of the environment variable. As shown in Figure 1, if you import the CPU limit of container-1 as the value of environment variable key4, an environment variable named key4 whose value is the CPU limit of container-1 is available in the container.

                                          Adding Environment Variables

                                          1. Log in to the CCE console.
                                          2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                          3. When creating a workload, modify the container information in Container Settings and click the Environment Variables tab.
                                          4. Configure environment variables.

                                            • To add environment variables one by one, click Adding a Variable and configure its parameters.
                                            • To add environment variables in batches, click Editing Custom Variables in Batches. Then, in the displayed dialog box, enter environment variables in the format of "Variable name=Variable or variable reference".
                                            -
                                            Figure 1 Configuring environment variables
                                            +
                                            Figure 1 Configuring environment variables

                                          YAML Example

                                          apiVersion: apps/v1
diff --git a/docs/cce/umn/cce_10_0125.html b/docs/cce/umn/cce_10_0125.html
index a10995148..b2842e639 100644
--- a/docs/cce/umn/cce_10_0125.html
+++ b/docs/cce/umn/cce_10_0125.html
@@ -1,7 +1,8 @@
 
 
 
                                          SFS Turbo
                                          
-
                                          
+
                                          
+
                                          
 
                                          
 
 
diff --git a/docs/cce/umn/cce_10_0129.html b/docs/cce/umn/cce_10_0129.html
index 5a13f5d08..53ba5eadb 100644
--- a/docs/cce/umn/cce_10_0129.html
+++ b/docs/cce/umn/cce_10_0129.html
@@ -2,19 +2,19 @@
 
 
                                          CoreDNS
                                          
 
                                          Introduction
                                          CoreDNS is a DNS server that provides domain name resolution for Kubernetes clusters through a chain add-on.
                                          
-
                                          CoreDNS is an open-source software and has been a part of CNCF. It provides a means for cloud services to discover each other in cloud-native deployments. Each of the plugins chained by CoreDNS provides a particular DNS function. You can integrate CoreDNS with only the plugins you need to make it fast, efficient, and flexible. When used in a Kubernetes cluster, CoreDNS can automatically discover services in the cluster and provide domain name resolution for these services. By working with DNS server, CoreDNS can resolve external domain names for workloads in a cluster.
                                          
+
                                          CoreDNS is an open-source software and has been a part of CNCF. It provides a means for cloud services to discover each other in cloud native deployments. Each of the plugins chained by CoreDNS provides a particular DNS function. You can integrate CoreDNS with only the plugins you need to make it fast, efficient, and flexible. When used in a Kubernetes cluster, CoreDNS can automatically discover services in the cluster and provide domain name resolution for these services. By working with DNS server, CoreDNS can resolve external domain names for workloads in a cluster.
                                          
 
                                          This add-on is installed by default during cluster creation.
                                          
 
                                          Kubernetes backs CoreDNS as the official default DNS for all clusters going forward.
                                          
 
                                          CoreDNS official website: https://coredns.io/
                                          
-
                                          Open source community: https://github.com/coredns/coredns
                                          
+
                                          Open-source community: https://github.com/coredns/coredns
                                          
 
                                           
                                          For details, see DNS.
                                          
 
                                          
 
                                          
 
                                          Notes and Constraints
                                          To run CoreDNS properly or upgrade CoreDNS in a cluster, ensure the number of available nodes in the cluster is greater than or equal to the number of CoreDNS instances and all CoreDNS instances are running. Otherwise, the add-on will malfunction or the upgrade will fail.
                                          
 
                                          
 
                                          Installing the Add-on
                                          This add-on has been installed by default. If it is uninstalled due to some reasons, you can reinstall it by performing the following steps:
                                          
-
                                          1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CoreDNS on the right, and click Install.
                                          2. On the Install Add-on page, configure the specifications as needed.
                                            • If you selected Preset, you can choose between Small qps, Medium qps, or Large qps as needed. The system will automatically set the number of add-on pods and resource quotas according to the preset specifications. You can see the configurations on the console.
                                              The small one can handle up to 2500 external and 10,000 internal domain names QPS. The medium specification can handle up to 5000 external and 20,000 internal domain names QPS. The large specification can handle up to 10,000 external and 40,000 internal domain names QPS.
                                              
-
                                            • You can adjust the number of pods and resource quotas as needed if you selected Custom. QPS of the CoreDNS add-on is positively correlated with the CPU consumption. If the number of nodes or containers in the cluster grows, the CoreDNS pod will bear heavier workloads. It is recommended that you adjust the number of the CoreDNS pods and their CPU and memory quotas based on the cluster scale. For details, see Table 1.
+
                                              1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CoreDNS on the right, and click Install.
                                              2. On the Install Add-on page, configure the specifications as needed.
                                                • If you selected Preset, you can choose between Small qps, Medium qps, or Large qps as needed. The system will automatically set the number of add-on pods and resource quotas according to the preset specifications. You can see the configurations on the console.
                                                  The small one can handle up to 2500 external and 10,000 internal domain names QPS. The medium specification can handle up to 5000 external and 20,000 internal domain names QPS. The large specification can handle up to 10,000 external and 40,000 internal domain names QPS.
                                                  
+
                                                • If you selected Custom, you can adjust the number of pods and resource quotas as needed. QPS of the CoreDNS add-on is positively correlated with the CPU consumption. If the number of nodes or containers in the cluster grows, the CoreDNS pods will bear heavier workloads. It is recommended that you adjust the number of the CoreDNS pods and their CPU and memory quotas based on the cluster scale. For details, see Table 1.
                                    Table 2 Services supported by LoadBalancer ingresses

                                    Cluster Type

                                    @@ -119,7 +119,7 @@

                                    Dedicated load balancer

                                    Not supported (Failed to access the dedicated load balancers because no ENI is bound to the associated pod of the ClusterIP Service.)

                                    +

                                    Not supported

                                    Supported

                                    Supported

                                    Not supported (Failed to access the dedicated load balancers because an ENI has been bound to the associated pod of the NodePort Service.)

                                    +

                                    Not supported

                                    +
                                    NOTE:

                                    ENIs are separately bound to pods in a CCE Turbo cluster, and ELB directly connects to pods. Therefore, NodePort access is not available.

                                    +
                                    -
                                    Table 1 Recommended CoreDNS quotas

                                    Nodes

                                    Recommended QPS

                                    @@ -106,11 +106,13 @@

                                    A domain name server for a custom domain name. The format is a key-value pair. The key is a domain name suffix, and the value is one or more DNS IP addresses, for example, acme.local -- 1.2.3.4,6.7.8.9.

                                    For details, see Configuring the Stub Domain for CoreDNS.

                                    +
                                    CAUTION:

                                    Uppercase letters are not allowed in custom domain names.

                                    +

                                    Extended Parameter Settings

                                    • parameterSyncStrategy: indicates whether to configure consistency check when the add-on is upgraded.
                                      • ensureConsistent: indicates that the configuration consistency check is enabled. If the configuration provided during the add-on upgrade does not match the current effective configuration, the add-on cannot be upgraded.
                                      • force: indicates that the configuration consistency check is ignored during an upgrade. The configuration provided during the add-on upgrade will be used, so it is important to make sure that it matches the current effective configuration. After the add-on is upgraded, you need to restore the value of parameterSyncStrategy to ensureConsistent to enable the configuration consistency check again.
                                      • inherit: If the configuration provided during the add-on upgrade differs from the current effective configuration, the current effective configuration will be used instead. After the add-on is upgraded, you need to restore the value of parameterSyncStrategy to ensureConsistent to enable the configuration consistency check again.
                                      +
                                    • parameterSyncStrategy: indicates whether to configure consistency check when the add-on is upgraded.
                                      • ensureConsistent: indicates that the configuration consistency check is enabled. If the delivered configuration differs from the current effective configuration, the current effective configuration will be replaced. However, if the delivered configuration is the same as the current effective configuration, the current effective configuration will be preserved. The ensureConsistent parameter ensures the configuration consistency. If a ConfigMap is modified manually, the add-on cannot be upgraded. In such cases, you will need to use the force or inherit policy to upgrade the add-on.
                                      • force: indicates that the configuration consistency check is ignored during an upgrade. The configuration provided during the add-on upgrade will be used, so it is important to make sure that it matches the current effective configuration. After the add-on is upgraded, you need to restore the value of parameterSyncStrategy to ensureConsistent to enable the configuration consistency check again.
                                      • inherit: If the configuration provided during the add-on upgrade differs from the current effective configuration, the current effective configuration will be used instead. After the add-on is upgraded, you need to restore the value of parameterSyncStrategy to ensureConsistent to enable the configuration consistency check again.
                                    • servers: nameservers, which are available in CoreDNS v1.23.1 and later versions. You can customize nameservers. For details, see dns-custom-nameservers.
                                      plugins indicates the configuration of each component in CoreDNS. Retain the default settings typically to prevent CoreDNS from being unavailable due to configuration errors. Each plugin component contains name, parameters (optional), and configBlock (optional). The format of the generated Corefile is as follows:
                                      $name  $parameters {
 $configBlock
 }
                                      @@ -201,6 +203,7 @@ $configBlock

                                    Default configuration

                                    Enables DNS cache. For details, see cache.

                                    +

                                    If the add-on version is 1.25.10 or later, the servfail cache can be disabled. To disable the servfail cache, set configBlock to servfail 0. Otherwise, the unit of the servfail cache is second and cannot be omitted.

                                    errors

                                    @@ -264,7 +267,7 @@ $configBlock

                                    Extended configuration

                                    Enables CoreDNS logging. For details, see log.

                                    -

                                    Example:

                                    +

                                    The following is an example:

                                    {
    "name": "log"
 }
                                    @@ -275,7 +278,7 @@ $configBlock

                                    Extended configuration

                                    A quick response template, where AAAA indicates an IPv6 request. If NXDOMAIN is returned in an rcode response, no IPv6 resolution result is returned. For details, see template.

                                    -

                                    Example:

                                    +

                                    The following is an example:

                                    {
    "configBlock": "rcode NXDOMAIN",
    "name": "template",
@@ -286,7 +289,7 @@ $configBlock
                                    -

                                  • Configure deployment policies for the add-on pods.

                                    • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                    • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                    +

                                  • Configure deployment policies for the add-on pods.

                                    • Scheduling policies do not take effect on add-on pods of the DaemonSet type.
                                    • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                    - - @@ -318,9 +321,9 @@ $configBlock

                                  • Click Install.
                                    • -

                                    Configuring CoreDNS Using Corefile

                                    The Corefile view configuration is not available during CoreDNS installation. This configuration is supported only when you are editing or upgrading the add-on.

                                    +

                                    Configure CoreDNS Using Corefile

                                    If you install the CoreDNS add-on, the Corefile view configuration is not available. This configuration is supported only when you are editing or upgrading the add-on.

                                    -
                                    1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CoreDNS on the right, and click Edit.
                                    2. In the Parameters area, select whether to switch to the Corefile View (supported by add-on 1.30.3 and later versions).

                                      Once the function is enabled, the ConfigMap of CoreDNS in the kube-system namespace will be directly configured in the Corefile format. Any existing stub domain configurations and parameters such as parameterSyncStrategy, servers, and upstream_nameservers in the advanced configuration will no longer be in effect. It is important to verify that the Corefile configuration is accurate.

                                      +
                                      1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CoreDNS on the right, and click Edit.
                                      2. In the Parameters area, select whether to switch to the Corefile View (supported by add-on 1.30.3 and later versions).

                                        Once the function is enabled, the ConfigMap of CoreDNS in the kube-system namespace will be directly configured in the Corefile format. Any existing stub domain configurations and parameters such as parameterSyncStrategy, servers, and upstream_nameservers in the advanced configuration will no longer be in effect. It is important to verify that the Corefile configuration is accurate.

                                        For description of the Corefile format, see Configuration.

                                        • Once the Corefile view is disabled, the ConfigMap of CoreDNS will continue to be configured based on to the stub domain configurations and parameters such as parameterSyncStrategy, servers, and upstream_nameservers in the advanced configuration. It is important to verify that the configuration is correct during the function switchover.
                                        • Once the Corefile view is enabled, the add-on can be upgraded. However, if the Corefile view is disabled again, the add-on upgrade will override the current configurations. To complete the upgrade, parameterSyncStrategy must be set to either force or inherit.
                                        • Once the Corefile configuration is modified, simply wait for CoreDNS' reload mechanism to automatically update the configuration. This typically takes about 10 seconds for the changes to take effect.
                                        @@ -356,7 +359,7 @@ $configBlock
                                        1. The query is first sent to the DNS caching layer in CoreDNS.
                                        2. From the caching layer, the suffix of the request is examined and then the request is forwarded to the corresponding DNS:
                                          • Names with the cluster suffix, for example, .cluster.local: The request is sent to CoreDNS.
                                          • Names with the stub domain suffix, for example, .acme.local: The request is sent to the configured custom DNS resolver that listens, for example, on 1.2.3.4.
                                          • Names that do not match the suffix (for example, widget.com): The request is forwarded to the upstream DNS.
                                        -
                                        Figure 1 Routing
                                        +
                                        Figure 1 Routing

                                    Change History

                                    Table 4 Configurations for add-on scheduling

                                    Parameter

                                    @@ -297,12 +300,12 @@ $configBlock

                                    Multi-AZ Deployment

                                    • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                    • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                    • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                                    +
                                    • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                    • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                    • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.

                                    Node Affinity

                                    • Not configured: Node affinity is disabled for the add-on.
                                    • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                    • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                    • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.

                                      If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.

                                      +
                                    • Not configured: Node affinity is disabled for the add-on.
                                    • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                    • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pools, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                    • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.

                                      If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                    - + + + + + - @@ -393,7 +410,7 @@ $configBlock

                                    v1.28

                                    v1.29

                                    - @@ -432,7 +449,7 @@ $configBlock

                                    v1.27

                                    v1.28

                                    - @@ -469,7 +486,7 @@ $configBlock

                                    v1.23

                                    v1.25

                                    - @@ -495,7 +512,7 @@ $configBlock

                                    v1.21

                                    v1.23

                                    - @@ -507,7 +524,7 @@ $configBlock

                                    v1.19

                                    v1.21

                                    - @@ -528,7 +545,7 @@ $configBlock - diff --git a/docs/cce/umn/cce_10_0132.html b/docs/cce/umn/cce_10_0132.html index 2e45a511d..32801e416 100644 --- a/docs/cce/umn/cce_10_0132.html +++ b/docs/cce/umn/cce_10_0132.html @@ -1,18 +1,18 @@

                                    CCE Node Problem Detector

                                    -

                                    Introduction

                                    CCE Node Problem Detector (NPD) is an add-on that monitors abnormal events of cluster nodes and connects to a third-party monitoring platform. It is a daemon running on each node. It collects node issues from different daemons and reports them to the API server. This add-on can run as a DaemonSet or a daemon.

                                    -

                                    For more information, see node-problem-detector.

                                    +

                                    Introduction

                                    The CCE Node Problem Detector add-on (formerly NPD) monitors abnormal events of cluster nodes and can connect to a third-party monitoring platform. It is a daemon running on each node. It collects node issues from different daemons and reports them to the API server. It can run as a DaemonSet or a daemon.

                                    +

                                    The CCE Node Problem Detector add-on is developed based on the open-source project node-problem-detector. For details, see node-problem-detector.

                                    -

                                    Notes and Constraints

                                    • When using this add-on, do not format or partition node disks.
                                    • Each NPD process occupies 30 m CPU and 100 MiB of memory.
                                    • If the NPD version is 1.18.45 or later, the EulerOS version of the host machine must be 2.5 or later.
                                    +

                                    Notes and Constraints

                                    • When using this add-on, do not format or partition node disks.
                                    • Each NPD process occupies 30m CPUs and 100 MiB of memory.
                                    • If the NPD version is 1.18.45 or later, the EulerOS version of the host machine must be 2.5 or later.

                                    Permissions

                                    To monitor kernel logs, the NPD add-on needs to read the host /dev/kmsg. Therefore, the privileged mode must be enabled. For details, see privileged.

                                    In addition, CCE mitigates risks according to the least privilege principle. Only the following privileges are available for NPD running:

                                    • cap_dac_read_search: permission to access /run/log/journal.
                                    • cap_sys_admin: permission to access /dev/kmsg.
                                    -

                                    Installing the Add-on

                                    1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CCE Node Problem Detector on the right, and click Install.
                                    2. On the Install Add-on page, configure the specifications as needed.

                                      You can adjust the number of add-on instances and resource quotas as required. High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.

                                      +

                                      Installing the Add-on

                                      1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CCE Node Problem Detector on the right, and click Install.
                                      2. On the Install Add-on page, configure the specifications as needed.

                                        You can adjust the number of add-on pods and resource quotas as required. High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.

                                      3. Configure the add-on parameters.

                                        Maximum Number of Isolated Nodes in a Fault: specifies the maximum number of nodes that can be isolated to prevent avalanches in case of a fault occurring on multiple nodes. You can configure this parameter either by percentage or quantity.

                                        -

                                      4. Configure deployment policies for the add-on pods.

                                        • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                        • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                        +

                                      5. Configure deployment policies for the add-on pods.

                                        • Scheduling policies do not take effect on add-on pods of the DaemonSet type.
                                        • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                    Table 6 Release history

                                    Add-on Version

                                    @@ -369,7 +372,21 @@ $configBlock

                                    1.30.6

                                    +

                                    1.30.30

                                    +

                                    v1.25

                                    +

                                    v1.27

                                    +

                                    v1.28

                                    +

                                    v1.29

                                    +

                                    v1.30

                                    +

                                    v1.31

                                    +

                                    Fixed some issues.

                                    +

                                    1.11.4

                                    +

                                    1.30.6

                                    v1.21

                                    v1.23

                                    @@ -379,7 +396,7 @@ $configBlock

                                    v1.29

                                    v1.30

                                    • Supported Corefile configurations.
                                    • CCE clusters 1.30 are supported.
                                    +
                                    • Supported Corefile configurations.
                                    • CCE clusters v1.30 are supported.

                                    1.10.1

                                    CCE clusters 1.29 are supported.

                                    +

                                    CCE clusters v1.29 are supported.

                                    1.10.1

                                    CCE clusters 1.28 are supported.

                                    +

                                    CCE clusters v1.28 are supported.

                                    1.10.1

                                    CCE clusters 1.25 are supported.

                                    +

                                    CCE clusters v1.25 are supported.

                                    1.8.4

                                    CCE clusters 1.23 are supported.

                                    +

                                    CCE clusters v1.23 are supported.

                                    1.8.4

                                    CCE clusters 1.21 are supported.

                                    +

                                    CCE clusters v1.21 are supported.

                                    1.8.4

                                    v1.17

                                    v1.19

                                    CCE clusters 1.19 are supported.

                                    +

                                    CCE clusters v1.19 are supported.

                                    1.6.5
                                    - - @@ -100,7 +100,7 @@

                                    Typical scenario: Disk I/O suspension causes process suspension.

                                    @@ -112,7 +112,7 @@ @@ -237,7 +237,7 @@ - @@ -271,7 +271,7 @@

                                    Typical scenario: When creating a node, a user configures two data disks as an ephemeral volume storage pool. Some data disks are deleted by mistake. As a result, the storage pool becomes abnormal.

                                    @@ -409,7 +409,7 @@ -
                                    Table 1 Configurations for add-on scheduling

                                    Parameter

                                    @@ -23,12 +23,12 @@

                                    Multi-AZ Deployment

                                    • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                    • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                    • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                                    +
                                    • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                    • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                    • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.

                                    Node Affinity

                                    • Not configured: Node affinity is disabled for the add-on.
                                    • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                    • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                    • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.

                                      If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.

                                      +
                                    • Not configured: Node affinity is disabled for the add-on.
                                    • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                    • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pools, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                    • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.

                                      If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.

                                    Warning event

                                    -

                                    Listening object: /dev/kmsg

                                    +

                                    Listening object: /dev/kmsg

                                    Matching rule: "task \\S+:\\w+ blocked for more than \\w+ seconds\\."

                                    Warning event

                                    -

                                    Listening object: /dev/kmsg

                                    +

                                    Listening object: /dev/kmsg

                                    Matching rule: Remounting filesystem read-only

                                    Check whether PID process resources are exhausted.

                                    • Default threshold: 90%
                                    • Usage: nr_threads in /proc/loadavg
                                    • Maximum value: smaller value between /proc/sys/kernel/pid_max and /proc/sys/kernel/threads-max.
                                    +
                                    • Default threshold: 90%
                                    • Usage: denominator of the fourth value in /proc/loadavg, which indicates the total number of processes that can run
                                    • Maximum value: smaller value between /proc/sys/kernel/pid_max and /proc/sys/kernel/threads-max.
                                    • Detection period: 30s
                                    • Source:
                                      vgs -o vg_name, vg_attr
                                      -
                                    • Principle: Check whether the VG (storage pool) is in the P state. If yes, some PVs (data disks) are lost.
                                    • Joint scheduling: The scheduler can automatically identify a PV storage pool error and prevent pods that depend on the storage pool from being scheduled to the node.
                                    • Exceptional scenario: The NPD add-on cannot detect the loss of all PVs (data disks), resulting in the loss of VGs (storage pools). In this case, kubelet automatically isolates the node, detects the loss of VGs (storage pools), and updates the corresponding resources in nodestatus.allocatable to 0. This prevents pods that depend on the storage pool from being scheduled to the node. The damage of a single PV cannot be detected by this check item, but by the ReadonlyFilesystem check item.
                                    +
                                  • Principle: Check whether the VG (storage pool) is in the P state. If yes, some PVs (data disks) are lost.
                                  • Joint scheduling: The scheduler can automatically identify a PV storage pool error and prevent pods that depend on the storage pool from being scheduled to the node.
                                  • Exceptional scenario: The NPD add-on cannot detect the loss of all PVs (data disks), resulting in the loss of VGs (storage pools). In this case, kubelet automatically isolates the node, detects the loss of VGs (storage pools), and updates the corresponding resources in nodestatus.allocatable to 0. This prevents pods that depend on the storage pool from being scheduled to the node. The damage of a single PV cannot be detected by this check item, but by the ReadonlyFilesystem check item.
                                    		•

                                    PV storage pool error

                                    @@ -286,7 +286,7 @@

                                    MountPointProblem

                                    Check the mount point on the node.

                                    -

                                    Exceptional definition: You cannot access the mount point by running the cd command.

                                    +

                                    Definition: You cannot access the mount point by running the cd command.

                                    Typical scenario: Network File System (NFS), for example, obsfs and s3fs is mounted to a node. When the connection is abnormal due to network or peer NFS server exceptions, all processes that access the mount point are suspended. For example, during a cluster upgrade, a kubelet is restarted, and all mount points are scanned. If the abnormal mount point is detected, the upgrade fails.

                                    Alternatively, you can run the following command:

                                    @@ -303,7 +303,7 @@
                                    • Check object: all data disks
                                    • Source:

                                      /proc/diskstat

                                      Alternatively, you can run the following command:
                                      iostat -xmt 1
                                      -
                                    • Thresholds: (All following conditions must be met).
                                      • Average usage (ioutil) ≥ 0.99
                                      • Average I/O queue length (avgqu-sz) ≥ 1
                                      • Average I/O transfer volume ≤ 1

                                        Average I/O transfer volume = Number of writes completed per second (iops, unit: w/s) + Amount of data written per second (ioth, unit: wMB/s)

                                        +
                                      • Thresholds: (All following conditions must be met.)
                                        • Average usage (ioutil) ≥ 0.99
                                        • Average I/O queue length (avgqu-sz) ≥ 1
                                        • Average I/O transfer volume ≤ 1

                                          Average I/O transfer volume = Number of writes completed per second (iops, unit: w/s) + Amount of data written per second (ioth, unit: wMB/s)

                                        NOTE:

                                        In some OSs, no data changes during I/O. In this case, calculate the CPU I/O time usage. The value of iowait should be greater than 0.8.

                                        @@ -367,7 +367,7 @@

                                    Check whether the ResolvConf file is lost.

                                    Check whether the ResolvConf file is normal.

                                    -

                                    Exceptional definition: No upstream domain name resolution server (nameserver) is included.

                                    +

                                    Definition: No upstream domain name resolution server (nameserver) is included.

                                    Object: /etc/resolv.conf

                                    Check whether the allocable memory for the containers is sufficient.

                                    • Interval: 10 seconds
                                    • Threshold: max. 100 MiB
                                    • Allocable = Total memory of a node – Reserved memory of a node
                                    • Defect: This check item checks only the memory consumed by containers, and does not consider that consumed by other elements on the node.
                                    +
                                    • Interval: 10 seconds
                                    • Threshold: Maximum value – 100 MiB
                                    • Allocable = Total memory of a node – Reserved memory of a node
                                    • Defect: This check item checks only the memory consumed by containers, and does not consider that consumed by other elements on the node.

                                    Insufficient disk resources

                                    @@ -428,13 +428,13 @@

                                    Node-problem-controller Fault Isolation

                                    Fault isolation is supported only by add-ons of 1.16.0 and later versions.

                                    By default, if multiple nodes become faulty, NPC adds taints to up to 10% of the nodes. You can set npc.maxTaintedNode to increase the threshold.

                                    -

                                    The open source NPD plugin provides fault detection but not fault isolation. CCE enhances the node-problem-controller (NPC) based on the open source NPD. This component is implemented based on the Kubernetes node controller. For faults reported by NPD, NPC automatically adds taints to nodes for node fault isolation.

                                    +

                                    The open-source NPD plugin provides fault detection but not fault isolation. CCE enhances the node-problem-controller (NPC) based on the open-source NPD. This component is implemented based on the Kubernetes node controller. For faults reported by NPD, NPC automatically adds taints to nodes for node fault isolation.

                                    - @@ -499,7 +499,21 @@ problem_gauge{reason="CRIIsUp",type="CRIProblem"} 0 - + + + + + - diff --git a/docs/cce/umn/cce_10_0140.html b/docs/cce/umn/cce_10_0140.html index 71365f585..9274e77a7 100644 --- a/docs/cce/umn/cce_10_0140.html +++ b/docs/cce/umn/cce_10_0140.html @@ -4,7 +4,7 @@
                                      -
                                    • Connecting to a Cluster Using kubectl
                                      +
                                    • Accessing a Cluster Using kubectl
                                    • Accessing a Cluster Using an X.509 Certificate
                                      • diff --git a/docs/cce/umn/cce_10_0141.html b/docs/cce/umn/cce_10_0141.html index 9b96d0b2e..a74808596 100644 --- a/docs/cce/umn/cce_10_0141.html +++ b/docs/cce/umn/cce_10_0141.html @@ -3,18 +3,20 @@

                                      CCE AI Suite (NVIDIA GPU)

                                      Introduction

                                      NVIDIA GPU is a device management add-on that supports GPUs in containers. To use GPU nodes in a cluster, this add-on must be installed.

                                      -

                                      Notes and Constraints

                                      • The driver to be downloaded must be a .run file.
                                      • Only NVIDIA Tesla drivers are supported, not GRID drivers.
                                      • When installing or reinstalling the add-on, ensure that the driver download address is correct and accessible. CCE does not verify the address validity.
                                      • The gpu-beta add-on only enables you to download the driver and execute the installation script. The add-on status only indicates that how the add-on is running, not whether the driver is successfully installed.
                                      • CCE does not guarantee the compatibility between the GPU driver version and the CUDA library version of your application. You need to check the compatibility by yourself.
                                      • If a custom OS image has had a a GPU driver installed, CCE cannot ensure that the GPU driver is compatible with other GPU components such as the monitoring components used in CCE.
                                      +

                                      Notes and Constraints

                                      • The driver to be downloaded must be a .run file.
                                      • Only NVIDIA Tesla drivers are supported, not GRID drivers.
                                      • When installing or reinstalling the add-on, ensure that the driver download address is correct and accessible. CCE does not verify the address validity.
                                      • The gpu-beta add-on only enables you to download the driver and execute the installation script. The add-on status only indicates that how the add-on is running, not whether the driver is successfully installed.
                                      • CCE does not guarantee the compatibility between the GPU driver version and the CUDA library version of your application. You need to check the compatibility by yourself.
                                      • If a custom OS image has had a GPU driver installed, CCE cannot ensure that the GPU driver is compatible with other GPU components such as the monitoring components used in CCE.
                                      -

                                      Installing the Add-on

                                      1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CCE AI Suite (NVIDIA GPU) on the right, and click Install.
                                      2. Configure the add-on parameters.

                                        -

                                    Table 9 Parameters

                                    Parameter

                                    Description

                                    Default

                                    +

                                    Default Value

                                    1.19.11

                                    +

                                    1.19.20

                                    +

                                    v1.25

                                    +

                                    v1.27

                                    +

                                    v1.28

                                    +

                                    v1.29

                                    +

                                    v1.30

                                    +

                                    v1.31

                                    +

                                    Fixed some issues.

                                    +

                                    0.8.10

                                    +

                                    1.19.11

                                    v1.21

                                    v1.23

                                    @@ -562,7 +576,7 @@ problem_gauge{reason="CRIIsUp",type="CRIProblem"} 0

                                    v1.27

                                    v1.28

                                    CCE clusters 1.28 are supported.

                                    +

                                    CCE clusters v1.28 are supported.

                                    0.8.10
                                    Table 1 Add-on parameters

                                    Parameter

                                    +

                                    Installing the Add-on

                                    1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CCE AI Suite (NVIDIA GPU) on the right, and click Install.
                                    2. Determine whether to enable Use DCGM-Exporter to Observe DCGM Metrics. After this function is enabled, DCGM-Exporter is deployed on the GPU node.

                                      If the add-on version is 2.7.40 or later, DCGM-Exporter can be deployed. DCGM-Exporter maintains the community capability and does not support the sharing mode or GPU virtualization.

                                      +
                                      +

                                    3. Configure the add-on parameters.

                                      +

                                      - - - @@ -22,7 +24,7 @@
                                      Table 1 Add-on parameters

                                      Parameter

                                      Description

                                      +

                                      Description

                                      Default Cluster Driver

                                      +

                                      Default Cluster Driver

                                      All GPU nodes in a cluster use the same driver. You can select a proper GPU driver version or customize the driver link and enter the download link of the NVIDIA driver.
                                      NOTICE:
                                      • If the download link is a public network address, for example, https://us.download.nvidia.com/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run, bind an EIP to each GPU node. For details about how to obtain the driver link, see Obtaining the Driver Link from Public Network.
                                      • If the download link is an OBS URL, you do not need to bind an EIP to GPU nodes. For details about how to obtain the driver link, see Obtaining the Driver Link from OBS.
                                      • Ensure that the NVIDIA driver version matches the GPU node.
                                      • If the driver version is changed, restart the node to apply the change.
                                      +
                                      All GPU nodes in a cluster use the same driver. You can select a proper GPU driver version or customize the driver link and enter the download link of the NVIDIA driver.
                                      NOTICE:
                                      • If the download link is a public network address, for example, https://us.download.nvidia.com/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run, bind an EIP to each GPU node. For details about how to obtain the driver link, see Obtaining the Driver Link from Public Network.
                                      • If the download link is an OBS URL, you do not need to bind an EIP to GPU nodes. For details about how to obtain the driver link, see Obtaining the Driver Link from OBS.
                                      • Ensure that the NVIDIA driver version matches the GPU node.
                                      • If the driver version is changed, restart the node to apply the change.
                                      -

                                      After the add-on is installed, you can configure GPU virtualization and node pool drivers on the Heterogeneous Resources tab in Settings.

                                      +

                                      After the add-on is installed, you can configure GPU virtualization and node pool drivers on the Heterogeneous Resources tab in Settings.

                                    4. Click Install.

                                      If the add-on is uninstalled, GPU pods newly scheduled to the nodes cannot run properly, but GPU pods already running on the nodes will not be affected.

                                      @@ -37,12 +39,12 @@ cd /usr/local/nvidia/bin && ./nvidia-smi
                                    5. Container:
                                      cd /usr/local/nvidia/bin && ./nvidia-smi

                                      6. If GPU information is returned, the device is available and the add-on has been installed.

                                      -

                                      +

                                    -

                                    Obtaining the Driver Link from Public Network

                                    1. Log in to the CCE console.
                                    2. Click Create Node and select the GPU node to be created in the Specifications area. The GPU card model of the node is displayed in the lower part of the page.
                                    1. Visit https://www.nvidia.com/Download/Find.aspx?lang=en.
                                    2. Select the driver information on the NVIDIA Driver Downloads page, as shown in Figure 1. Operating System must be Linux 64-bit.

                                      Figure 1 Setting parameters
                                      -

                                    3. After confirming the driver information, click SEARCH. A page is displayed, showing the driver information, as shown in Figure 2. Click DOWNLOAD.

                                      Figure 2 Driver information
                                      -

                                    4. Obtain the driver link in either of the following ways:

                                      • Method 1: As shown in Figure 3, find url=/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run in the browser address box. Then, supplement it to obtain the driver link https://us.download.nvidia.com/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run. By using this method, you must bind an EIP to each GPU node.
                                      • Method 2: As shown in Figure 3, click AGREE & DOWNLOAD to download the driver. Then, upload the driver to OBS and record the OBS URL. By using this method, you do not need to bind an EIP to GPU nodes.
                                        Figure 3 Obtaining the link
                                        -
                                      +

                                      Obtaining the Driver Link from Public Network

                                      1. Log in to the CCE console.
                                      2. Create a node. In the Specifications area, select the GPU node flavor. The GPU card models are displayed in the lower part of the area.

                                        +

                                      1. Log in to the NVIDIA driver download page and search for the driver information. The OS must be Linux 64-bit.

                                        Figure 1 Selecting parameters
                                        +

                                      2. After confirming the driver information, click Find. On the displayed page, find the driver to be downloaded and click View.

                                        Figure 2 Viewing the driver information
                                        +

                                      3. Click Download and copy the download link.

                                        Figure 3 Obtaining the link

                                      Obtaining the Driver Link from OBS

                                      1. Upload the driver to OBS and set the driver file to public read.

                                        When the node is restarted, the driver will be downloaded and installed again. Ensure that the OBS bucket link of the driver is valid.

                                        @@ -83,132 +85,153 @@ cd /usr/local/nvidia/bin && ./nvidia-smi
                                    +

                                    GPU Metrics

                                    For more details, see GPU Metrics.

                                    +

                                    Change History

                                    -
                                    Table 3 Release history

                                    Add-on Version

                                    +
                                    - - - - + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/docs/cce/umn/cce_10_0142.html b/docs/cce/umn/cce_10_0142.html index 6e57c289b..7f150c14f 100644 --- a/docs/cce/umn/cce_10_0142.html +++ b/docs/cce/umn/cce_10_0142.html @@ -2,9 +2,9 @@

                                    NodePort

                                    Scenario

                                    A Service is exposed on each node's IP address at a static port (NodePort). When you create a NodePort Service, Kubernetes automatically allocates an internal IP address (ClusterIP) of the cluster. When clients outside the cluster access <NodeIP>:<NodePort>, the traffic will be forwarded to the target pod through the ClusterIP of the NodePort Service.

                                    -
                                    Figure 1 NodePort access
                                    +
                                    Figure 1 NodePort access
                                    -

                                    Notes and Constraints

                                    • By default, a NodePort Service is accessed within a VPC. To use an EIP to access a NodePort Service through public networks, bind an EIP to the node in the cluster in advance.
                                    • After a Service is created, if the affinity setting is switched from the cluster level to the node level, the connection tracing table will not be cleared. Do not modify the Service affinity setting after the Service is created. To modify it, create a Service again.
                                    • In a CCE Turbo cluster, node-level affinity is supported only when the Service backend is connected to a HostNetwork pod.
                                    • In VPC network mode, when container A is published through a NodePort service and the service affinity is set to the node level (that is, externalTrafficPolicy is set to local), container B deployed on the same node cannot access container A through the node IP address and NodePort service.
                                    • When a NodePort service is created in a cluster of v1.21.7 or later, the port on the node is not displayed using netstat by default. If the cluster forwarding mode is iptables, run the iptables -t nat -L command to view the port. If the cluster forwarding mode is IPVS, run the ipvsadm -Ln command to view the port.
                                    +

                                    Notes and Constraints

                                    • By default, a NodePort Service is accessed within a VPC. To use an EIP to access a NodePort Service through public networks, bind an EIP to the node in the cluster in advance.
                                    • After a Service is created, if the affinity setting is switched from the cluster level to the node level, the connection tracing table will not be cleared. Do not modify the Service affinity setting after the Service is created. To modify it, create a Service again.
                                    • In a CCE Turbo cluster, node-level affinity is supported only when the Service backend is connected to a hostNetwork pod.
                                    • In VPC network mode, when container A is published through a NodePort service and the service affinity is set to the node level (that is, externalTrafficPolicy is set to local), container B deployed on the same node cannot access container A through the node IP address and NodePort service.
                                    • When a NodePort service is created in a cluster of v1.21.7 or later, the port on the node is not displayed using netstat by default. If the cluster forwarding mode is iptables, run the iptables -t nat -L command to view the port. If the cluster forwarding mode is IPVS, run the ipvsadm -Ln command to view the port.

                                    Creating a NodePort Service

                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                    2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                    3. Configure intra-cluster access parameters.

                                      • Service Name: Specify a Service name, which can be the same as the workload name.
                                      • Service Type: Select NodePort.
                                      • Namespace: namespace that the workload belongs to.
                                      • Service Affinity: For details, see externalTrafficPolicy (Service Affinity).
                                        • Cluster level: The IP addresses and access ports of all nodes in a cluster can access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                        • Node level: Only the IP address and access port of the node where the workload is located can access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                                      • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                      • IPv6: This function is disabled by default. After this function is enabled, the cluster IP address of the Service changes to an IPv6 address. This parameter is available only in clusters of v1.15 or later with IPv6 enabled (set during cluster creation).
                                      • Ports
                                        • Protocol: protocol used by the Service.
                                        • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                        • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                        • Node Port: You are advised to select Auto. You can also specify a port. The default port ranges from 30000 to 32767.
                                        @@ -12,9 +12,8 @@

                                      • Click OK.

                                    Using kubectl

                                    You can configure Service access using kubectl. This section uses an Nginx workload as an example to describe how to configure a NodePort Service using kubectl.

                                    -
                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                    2. Create and edit the nginx-deployment.yaml and nginx-nodeport-svc.yaml files.

                                      The file names are user-defined. nginx-deployment.yaml and nginx-nodeport-svc.yaml are merely example file names.

                                      -

                                      vi nginx-deployment.yaml

                                      -
                                      apiVersion: apps/v1
+
                                      1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                      2. Create and edit the nginx-deployment.yaml file to configure the sample workload. For details, see Creating a Deployment. nginx-deployment.yaml is an example file name. You can rename it as needed.
                                        vi nginx-deployment.yaml
                                        
+
                                        File content:
                                        apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx
@@ -33,7 +32,9 @@ spec:
         name: nginx
       imagePullSecrets:
       - name: default-secret
                                        
-
                                        vi nginx-nodeport-svc.yaml
                                        
+
                                        
+
                                      3. Create and edit the nginx-nodeport-svc.yaml file to configure Service parameters. nginx-nodeport-svc.yaml is an example file name. You can rename it as needed.
                                        vi nginx-nodeport-svc.yaml
                                        
+
                                        File content:
                                        
 
                                        apiVersion: v1
 kind: Service
 metadata:
@@ -44,38 +45,39 @@ spec:
   ports:
   - name: service
     nodePort: 30000     # Node port. The value ranges from 30000 to 32767.
-    port: 8080          # Port for accessing a Service.
+    port: 8080          # Port for accessing a Service
     protocol: TCP       # Protocol used for accessing a Service. The value can be TCP or UDP.
     targetPort: 80      # Port used by a Service to access the target container. This port is closely related to the applications running in a container. In this example, the Nginx image uses port 80 by default.
   selector:             # Label selector. A Service selects a pod based on the label and forwards the requests for accessing the Service to the pod. In this example, select the pod with the app:nginx label.
     app: nginx
   type: NodePort        # Service type. NodePort indicates that the Service is accessed through a node port.
                                        
-
                                      4. Create a workload.
                                        kubectl create -f nginx-deployment.yaml
                                        
-
                                        If information similar to the following is displayed, the workload has been created.
                                        
-
                                        deployment "nginx" created
                                        
-
                                        kubectl get po
                                        
-
                                        If information similar to the following is displayed, the workload is running.
                                        
-
                                        NAME                     READY     STATUS             RESTARTS   AGE
-nginx-2601814895-qhxqv   1/1       Running            0          9s
                                        
-
                                      5. Create a Service.
                                        kubectl create -f nginx-nodeport-svc.yaml
                                        
+
                                      6. Create a workload.
                                        kubectl create -f nginx-deployment.yaml
                                        
+
                                        If information similar to the following is displayed, the workload has been created:
                                        
+
                                        deployment/nginx created
                                        
+
                                        Check the created workload.
                                        
+
                                        kubectl get pod
                                        
+
                                        If information similar to the following is displayed, the workload is running:
                                        
+
                                        NAME                     READY     STATUS             RESTARTS   AGE
+nginx-2601814895-znhbr   1/1       Running            0          15s
                                        
+
                                      7. Create a Service.
                                        kubectl create -f nginx-nodeport-svc.yaml
                                        
 
                                        If information similar to the following is displayed, the Service is being created:
                                        
-
                                        service "nginx-nodeport" created
                                        
-
                                        kubectl get svc
                                        
+
                                        service/nginx-nodeport created
                                        
+
                                        Check the created Service.
                                        
+
                                        kubectl get svc
                                        
 
                                        If information similar to the following is displayed, the Service has been created:
                                        
 
                                        # kubectl get svc
 NAME             TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
 kubernetes       ClusterIP   10.247.0.1     <none>        443/TCP          4d8h
 nginx-nodeport   NodePort    10.247.30.40   <none>        8080:30000/TCP   18s
                                        
-
                                      8. Access the Service.
                                        By default, a NodePort Service can be accessed by using Any node IP address:Node port.
                                        
-
                                        The Service can be accessed from a node in another cluster in the same VPC or in another pod in the cluster. If a public IP address is bound to the node, you can also use the public IP address to access the Service. Create a container in the cluster and access the container by using Node IP address:Node port.
                                        
-
                                        # kubectl get node -owide
-NAME           STATUS   ROLES    AGE    INTERNAL-IP    EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION                CONTAINER-RUNTIME
+
                                      9. Access the Service. By default, a NodePort Service can be accessed using IP-address-of-any-node:node-port. Cloud servers within the same VPC or containers within the cluster can access the Service. If an EIP is bound to a node, you can also use the EIP to access the Service.
                                        Create a container in the cluster and access it using IP-address-of-the-node:node-port.
                                        
+
                                        1. Obtain the node's IP address.
                                          kubectl get node -owide
                                          
+
                                          Command output:
                                          
+
                                          NAME           STATUS   ROLES    AGE    INTERNAL-IP    EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION                CONTAINER-RUNTIME
 10.100.0.136   Ready    <none>   152m   10.100.0.136   <none>        CentOS Linux 7 (Core)   3.10.0-1160.25.1.el7.x86_64   docker://18.9.0
-10.100.0.5     Ready    <none>   152m   10.100.0.5     <none>        CentOS Linux 7 (Core)   3.10.0-1160.25.1.el7.x86_64   docker://18.9.0
-# kubectl run -i --tty --image nginx:alpine test --rm /bin/sh
-If you do not see a command prompt, try pressing Enter.
-/ # curl 10.100.0.136:30000
-<!DOCTYPE html>
+10.100.0.5     Ready    <none>   152m   10.100.0.5     <none>        CentOS Linux 7 (Core)   3.10.0-1160.25.1.el7.x86_64   docker://18.9.0
                                          
+
                                        2. Create a pod and access its container.
                                          kubectl run -i --tty --image nginx:alpine test --rm /bin/sh
                                          
+
                                        3. Run the curl command to access the Service.
                                          curl 10.100.0.136:30000
                                          
+
                                          Command output:
                                          / # <!DOCTYPE html>
 <html>
 <head>
 <title>Welcome to nginx!</title>
@@ -101,6 +103,8 @@ Commercial support is available at
 </body>
 </html>
 / # 
                                          
+
                                          
+
                                    diff --git a/docs/cce/umn/cce_10_0144.html b/docs/cce/umn/cce_10_0144.html index 2cd16288f..2e79109dd 100644 --- a/docs/cce/umn/cce_10_0144.html +++ b/docs/cce/umn/cce_10_0144.html @@ -1,15 +1,16 @@

                                    Deploying an Application Through the Helm v3 Client

                                    -

                                    Prerequisites

                                    • The Kubernetes cluster created on CCE has been connected to kubectl. For details, see Using kubectl.
                                    • To pull a public image when deploying Helm, ensure an EIP has been bound to the node.
                                    +

                                    Prerequisites

                                    • The Kubernetes cluster created on CCE has been connected to kubectl. For details, see Procedure.
                                    • To pull a public image when deploying Helm, ensure an EIP has been bound to the node.

                                    Installing Helm v3

                                    This section uses Helm v3.3.0 as an example.

                                    For other versions, visit https://github.com/helm/helm/releases.

                                    1. Download the Helm client from the VM connected to the cluster.

                                      wget https://get.helm.sh/helm-v3.3.0-linux-amd64.tar.gz

                                    2. Decompress the Helm package.

                                      tar -xzvf helm-v3.3.0-linux-amd64.tar.gz

                                    3. Copy Helm to the system path, for example, /usr/local/bin/helm.

                                      mv linux-amd64/helm /usr/local/bin/helm
                                      -

                                    4. Query the Helm version.

                                      helm version
-version.BuildInfo{Version:"v3.3.0", GitCommit:"e29ce2a54e96cd02ccfce88bee4f58bb6e2a28b6", GitTreeState:"clean", GoVersion:"go1.13.4"}
                                      +

                                    5. Query the Helm version.

                                      helm version
                                      +
                                      Command output:
                                      version.BuildInfo{Version:"v3.3.0", GitCommit:"e29ce2a54e96cd02ccfce88bee4f58bb6e2a28b6", GitTreeState:"clean", GoVersion:"go1.13.4"}
                                      +

                                    Installing the Helm Chart

                                    You can use Helm to install a chart. Before using Helm, you may need to understand the following concepts to better use Helm:

                                    @@ -30,7 +31,7 @@ version.BuildInfo{Version:"v3.3.0", GitCommit:"e29ce2a54e96cd02ccfce88bee4f58bb6

                                  • View the installed chart release.

                                    helm list

                                    • -

                                    Common Issues

                                    • The following error message is displayed after the helm version command is run:
                                      Client:
+
                                      Common Issues
                                      • The following error message is displayed after the Helm version command is executed:
                                        Client:
 &version.Version{SemVer:"v3.3.0",
 GitCommit:"012cb0ac1a1b2f888144ef5a67b8dab6c2d45be6", GitTreeState:"clean"}
 E0718 11:46:10.132102    7023 portforward.go:332] an error occurred
@@ -44,15 +45,18 @@ Error: cannot connect to Tiller
                                        
 Error: Unable to find a match: socat

                                      The node image does not contain socat. In this case, manually download the RPM chart and run the following command to install it (replace the RPM chart name with the actual one):

                                      rpm -i socat-1.7.3.2-8.oe1.x86_64.rpm
                                      -
                                    • When the socat has been installed and the following error message is displayed after the helm version command is run:
                                      $ helm version
-Client: &version.Version{SemVer:"v3.3.0", GitCommit:"021cb0ac1a1b2f888144ef5a67b8dab6c2d45be6", GitTreeState:"clean"}
+
                                    • Socat has been installed. When you check the Helm version, the error message "Error: cannot connect to Tiller" is displayed.
                                      helm version
                                      +

                                      Error information:

                                      +
                                      Client: &version.Version{SemVer:"v3.3.0", GitCommit:"021cb0ac1a1b2f888144ef5a67b8dab6c2d45be6", GitTreeState:"clean"}
 Error: cannot connect to Tiller
                                      -

                                      The Helm chart reads the configuration certificate in .Kube/config to communicate with Kubernetes. The preceding error indicates that the kubectl configuration is incorrect. In this case, reconnect the cluster to kubectl. For details, see Using kubectl.

                                      +

                                      The Helm chart reads the configuration certificate in .Kube/config and communicates with Kubernetes. The preceding error indicates that the kubectl configuration is incorrect. In this case, reconnect the cluster to kubectl. For details, see Procedure.

                                    • Storage fails to be created after you have connected to cloud storage services.

                                      This issue may be caused by the annotation field in the created PVC. Change the chart name and install the chart again.

                                      -
                                    • If kubectl is not properly configured, the following error message is displayed after the helm install command is run:
                                      # helm install prometheus/ --generate-name
-WARNING: This chart is deprecated
+
                                    • If kubectl is not properly configured, the error message "Error: Kubernetes cluster unreachable..." will be displayed when you install Helm.

                                      Example:

                                      +
                                      helm install prometheus/ --generate-name
                                      +
                                      Error information:
                                      WARNING: This chart is deprecated
 Error: Kubernetes cluster unreachable: Get "http://localhost:8080/version?timeout=32s": dial tcp [::1]:8080: connect: connection refused
                                      -

                                      Solution: Configure kubeconfig for the node. For details, see Using kubectl.

                                      +
                                      +

                                      Solution: Configure kubeconfig for the node. For details, see Procedure.

                                    diff --git a/docs/cce/umn/cce_10_0146.html b/docs/cce/umn/cce_10_0146.html index e7fe969f6..b0f714a6c 100644 --- a/docs/cce/umn/cce_10_0146.html +++ b/docs/cce/umn/cce_10_0146.html @@ -33,7 +33,7 @@
                                    @@ -103,7 +103,7 @@

                                    Upgrading a Chart-based Workload

                                    1. Log in to the CCE console and click the cluster name to access the cluster console. Choose App Templates in the navigation pane. In the right pane, click the Releases tab.
                                    2. Click Upgrade in the row where the desired workload resides and set the parameters for the workload.
                                    3. Select a chart version for Chart Version.
                                    4. Follow the prompts to modify the chart parameters. Confirm the modification and click Upgrade.
                                    5. If the execution status is Upgraded, the workload has been upgraded.
                                    -

                                    Rolling Back a Chart-based Workload

                                    1. Log in to the CCE console and click the cluster name to access the cluster console. Choose App Templates in the navigation pane. In the right pane, click the Releases tab.
                                    2. Click More > Roll Back for the workload to be rolled back, select the workload version, and click Roll back to this version.

                                      In the workload list, if the status is Rollback successful, the workload is rolled back successfully.

                                      +

                                      Rolling Back a Chart-based Workload

                                      1. Log in to the CCE console and click the cluster name to access the cluster console. Choose App Templates in the navigation pane. In the right pane, click the Releases tab.
                                      2. Choose More > Roll Back for the release to be rolled back, select the target release version, and roll the release back.

                                        In the workload list, if the status is Rollback successful, the workload is rolled back successfully.

                                      Uninstalling a Chart-based Workload

                                      1. Log in to the CCE console and click the cluster name to access the cluster console. Choose App Templates in the navigation pane. In the right pane, click the Releases tab.
                                      2. Click More > Uninstall next to the release to be uninstalled, and click Yes. Exercise caution when performing this operation because releases cannot be restored after being uninstalled.
                                      diff --git a/docs/cce/umn/cce_10_0150.html b/docs/cce/umn/cce_10_0150.html index 58b21dcd1..e5bf8b7ce 100644 --- a/docs/cce/umn/cce_10_0150.html +++ b/docs/cce/umn/cce_10_0150.html @@ -8,7 +8,7 @@

                                      Prerequisites

                                      Resources have been created. For details, see Creating a Node. If clusters and nodes are available, you need not create them again.

                                      -

                                      Using the CCE Console

                                      1. Log in to the CCE console.
                                      2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                      3. Set basic information about the workload.

                                        Basic Info
                                        • Workload Type: Select Job. For details about workload types, see Overview.
                                        • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                        • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                        • Pods: Enter the number of pods of the workload.
                                        • Container Runtime: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Secure Runtime and Common Runtime.
                                        +

                                        Using the CCE Console

                                        1. Log in to the CCE console.
                                        2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                        3. Set basic information about the workload.

                                          Basic Info
                                          • Workload Type: Select Job. For details about workload types, see Overview.
                                          • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                          • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                          • Pods: Enter the number of pods of the workload.
                                          • Container Runtime: A CCE standard cluster uses a common runtime by default, whereas a CCE Turbo cluster supports both common and secure runtimes. For details about the differences, see Secure Runtime and Common Runtime.
                                          Container Settings
                                          • Container Information
                                            Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
                                            • Basic Info: Configure basic information about the container.
                                    Table 3 Release history

                                    Add-on Version

                                    Supported Cluster Version

                                    +

                                    Supported Cluster Version

                                    New Feature

                                    +

                                    New Feature

                                    2.7.13

                                    +

                                    2.7.63

                                    v1.28

                                    +

                                    v1.28

                                    +

                                    v1.29

                                    +

                                    v1.30

                                    +

                                    v1.31

                                    +

                                    Fixed the security vulnerabilities.

                                    +

                                    2.7.19

                                    +

                                    v1.28

                                    +

                                    v1.29

                                    +

                                    v1.30

                                    +

                                    Fixed the nvidia-container-toolkit CVE-2024-0132 container escape vulnerability.

                                    +

                                    2.7.13

                                    +

                                    v1.28

                                    v1.29

                                    v1.30

                                    • Supported xGPU configuration by node pool.
                                    • Supported GPU rendering.
                                    • Clusters 1.30 are supported.
                                    +
                                    • Supported xGPU configuration by node pool.
                                    • Supported GPU rendering.
                                    • Clusters v1.30 are supported.

                                    2.6.4

                                    +

                                    2.6.4

                                    v1.28

                                    +

                                    v1.28

                                    v1.29

                                    Updated the isolation logic of GPU cards.

                                    +

                                    Updated the isolation logic of GPU cards.

                                    2.6.1

                                    +

                                    2.6.1

                                    v1.28

                                    +

                                    v1.28

                                    v1.29

                                    Upgraded the base images of the add-on.

                                    +

                                    Upgraded the base images of the add-on.

                                    2.5.6

                                    +

                                    2.5.6

                                    v1.28

                                    +

                                    v1.28

                                    Fixed an issue that occurred during the installation of the driver.

                                    +

                                    Fixed an issue that occurred during the installation of the driver.

                                    2.5.4

                                    +

                                    2.5.4

                                    v1.28

                                    +

                                    v1.28

                                    Clusters 1.28 are supported.

                                    +

                                    Clusters v1.28 are supported.

                                    2.0.69

                                    +

                                    2.0.69

                                    v1.21

                                    +

                                    v1.21

                                    v1.23

                                    v1.25

                                    v1.27

                                    Upgraded the base images of the add-on.

                                    +

                                    Upgraded the base images of the add-on.

                                    2.0.48

                                    +

                                    2.0.48

                                    v1.21

                                    +

                                    v1.21

                                    v1.23

                                    v1.25

                                    v1.27

                                    Fixed an issue that occurred during the installation of the driver.

                                    +

                                    Fixed an issue that occurred during the installation of the driver.

                                    2.0.46

                                    +

                                    2.0.46

                                    v1.21

                                    +

                                    v1.21

                                    v1.23

                                    v1.25

                                    v1.27

                                    • Supported Nvidia driver 535.
                                    • Non-root users can use xGPUs.
                                    • Optimized startup logic.
                                    +
                                    • Supported Nvidia driver 535.
                                    • Non-root users can use xGPUs.
                                    • Optimized startup logic.

                                    1.2.28

                                    +

                                    1.2.28

                                    v1.19

                                    +

                                    v1.19

                                    v1.21

                                    v1.23

                                    v1.25

                                    • Adapted to Ubuntu 22.04.
                                    • Optimized the automatic mounting of the GPU driver directory.
                                    +
                                    • Adapted to Ubuntu 22.04.
                                    • Optimized the automatic mounting of the GPU driver directory.

                                    1.2.20

                                    +

                                    1.2.20

                                    v1.19

                                    +

                                    v1.19

                                    v1.21

                                    v1.23

                                    v1.25

                                    Set the add-on alias to gpu.

                                    +

                                    Set the add-on alias to gpu.

                                    1.2.15

                                    +

                                    1.2.15

                                    v1.15

                                    +

                                    v1.15

                                    v1.17

                                    v1.19

                                    v1.21

                                    v1.23

                                    CCE clusters 1.23 are supported.

                                    +

                                    CCE clusters v1.23 are supported.

                                    1.2.9

                                    +

                                    1.2.9

                                    v1.15

                                    +

                                    v1.15

                                    v1.17

                                    v1.19

                                    v1.21

                                    CCE clusters 1.21 are supported.

                                    +

                                    CCE clusters v1.21 are supported.

                                    1.2.2

                                    +

                                    1.2.2

                                    v1.15

                                    +

                                    v1.15

                                    v1.17

                                    v1.19

                                    Supported the new EulerOS kernel.

                                    +

                                    Supported the new EulerOS kernel.

                                    Describes configuration parameters required by templates.

                                    NOTICE:

                                    Make sure that the image address set in the values.yaml file is the same as the image address in the container image repository. Otherwise, an exception occurs when you create a workload, and the system displays a message indicating that the image fails to be pulled.

                                    -

                                    To obtain the image address, perform the following operations: Log in to the CCE console. In the navigation pane, choose Image Repository to access the SWR console. Choose My Images > Private Images and click the name of the uploaded image. On the Image Tags tab page, obtain the image address from the pull command. You can click to copy the command in the Image Pull Command column.

                                    +

                                    To obtain the image address, perform the following operations: Log in to the CCE console. In the navigation pane, choose Image Repository to access the SWR console. Choose My Images > Private Images and click the name of the uploaded image. On the Image Tags tab page, obtain the image address from the pull command. You can click to copy the command in the Image Pull Command column.
                                    - @@ -69,6 +69,13 @@

                                    An init container is a special container that runs before other app containers in a pod are started. Each pod can contain multiple containers. In addition, a pod can contain one or more init containers. Application containers in a pod are started and run only after the running of all init containers completes. For details, see Init Containers.

                                    + + +

                                    Parameter

                                    @@ -30,7 +30,7 @@

                                    Image Name

                                    Click Select Image and select the image used by the container.

                                    -

                                    To use a third-party image, see Using Third-Party Images.

                                    +

                                    To use a third-party image, directly enter image path. Ensure that the image access credential can be used to access the image repository. For details, see Using Third-Party Images.

                                    Image Tag

                                    @@ -52,8 +52,8 @@

                                    (Optional) GPU Quota

                                    Configurable only when the cluster contains GPU nodes and the CCE AI Suite (NVIDIA GPU) add-on is installed.

                                    -
                                    • All: No GPU will be used.
                                    • Dedicated: GPU resources are dedicated for the container.
                                    • Shared: percentage of GPU resources used by the container. For example, if this parameter is set to 10%, the container uses 10% of GPU resources.
                                    +

                                    Configurable only when the cluster contains GPU nodes and the CCE AI Suite (NVIDIA GPU) add-on has been installed.

                                    +
                                    • Do not use: No GPU will be used.
                                    • GPU card: The GPU is dedicated for the container.
                                    • GPU Virtualization: percentage of GPU resources used by the container. For example, if this parameter is set to 10%, the container will use 10% of GPU resources.

                                    For details about how to use GPUs in the cluster, see Default GPU Scheduling in Kubernetes.

                                    (Optional) Run Option

                                    +

                                    Add run options for the container. For details, see Pod. CCE supports the following run options:

                                    +
                                    • stdin: allows containers to receive input from external sources, such as terminals or other input streams.
                                    • tty: allocates a pseudo terminal to containers, allowing you to send commands to them as if you were using a local terminal.

                                      In most cases, tty is enabled along with stdin, indicating that the terminal (tty) is associated with the standard input (stdin) of the container. This allows for interactive operations, similar to the kubectl exec -i -t command. The difference is that this parameter has been configured when the pod is launched.

                                      +
                                    +
                                    @@ -78,7 +85,7 @@
                                  • (Optional) Logging: Report standard container output logs to AOM by default, without requiring manual settings. You can manually configure the log collection path. For details, see Collecting Container Logs Using ICAgent.

                                    To disable the standard output of the current workload, add the annotation kubernetes.AOM.log.stdout: [] in Labels and Annotations. For details about how to use this annotation, see Table 1.

                                    • -
                                  • Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR. For details about default-secret, see default-secret.
                                  • (Optional) GPU: All is selected by default. The workload instance will be scheduled to the node of the specified GPU type.
                                    • +
                                  • Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR Shared Edition. For details about default-secret, see default-secret.
                                  • (Optional) GPU: All is selected by default. The workload instance will be scheduled to the node of the specified GPU type.
                                    • (Optional) Advanced Settings
                                    • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Configuring Labels and Annotations.
                                    • Job Settings
                                      • Parallel Pods: Maximum number of pods that can run in parallel during job execution. The value cannot be greater than the total number of pods in the job.
                                      • Timeout (s): Once a job reaches this time, the job status becomes failed and all pods in this job will be deleted. If you leave this parameter blank, the job will never time out.
                                      • Completion Mode
                                        • Non-indexed: A job is considered complete when all the pods are successfully executed. Each pod completion is homologous to each other.
                                        • Indexed: Each pod gets an associated completion index from 0 to the number of pods minus 1. The job is considered complete when every pod allocated with an index is successfully executed. For an indexed job, pods are named in the format of $(job-name)-$(index).
                                        @@ -86,10 +93,12 @@
                                      • Network Configuration
                                        • Pod ingress/egress bandwidth limitation: You can set ingress/egress bandwidth limitation for pods. For details, see Configuring QoS for a Pod.
                                        • Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will be created using the container subnet and security group in the configuration. For details, see Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration.
                                        • Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.
                                        • IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack ENIs. For details, see Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack ENIs.
                                    -

                                  • Click Create Workload in the lower right corner.
                                    • +

                                  • Click Create Workload in the lower right corner. After a period of time, if the workload status changes to processing, each task will be processed in sequence. After all tasks are processed, the workload status changes to Executed.

                                    +

                                    +

                                    • Using kubectl

                                    A job has the following configuration parameters:

                                    -
                                    • .spec.completions: indicates the number of pods that need to run successfully to end a job. The default value is 1.
                                    • .spec.parallelism: indicates the number of pods that run concurrently. The default value is 1.
                                    • .spec.backoffLimit: indicates the maximum number of retries performed if a pod fails. When the limit is reached, the pod will not try again.
                                    • .spec.activeDeadlineSeconds: indicates the running time of pods. Once the time is reached, all pods of the job are terminated. The priority of .spec.activeDeadlineSeconds is higher than that of .spec.backoffLimit. That is, if a job reaches the .spec.activeDeadlineSeconds, the spec.backoffLimit is ignored.
                                    +
                                    • .spec.completions: indicates the number of pods that need to run successfully to end a job. The default value is 1.
                                    • .spec.parallelism: indicates the number of pods that run concurrently. The default value is 1.
                                    • .spec.backoffLimit: indicates the maximum number of retries performed if a pod fails. When the limit is reached, the pod will not try again.
                                    • .spec.activeDeadlineSeconds: indicates the running time of pods. Once the time is reached, the job and its pods are terminated. .spec.activeDeadlineSeconds has a higher priority than .spec.backoffLimit. If a job reaches .spec.activeDeadlineSeconds, spec.backoffLimit is ignored.

                                    Based on the .spec.completions and .spec.parallelism settings, jobs are classified into the following types.

                                    - - -
                                    Table 1 Job types

                                    Job Type

                                    @@ -160,22 +169,21 @@ spec: imagePullSecrets: - name: default-secret

                                    Run the job.

                                    -
                                    1. Start the job.

                                      [root@k8s-master k8s]# kubectl apply -f myjob.yaml
-job.batch/myjob created
                                      -

                                    2. View the job details.

                                      kubectl get job

                                      -
                                      [root@k8s-master k8s]# kubectl get job
-NAME    COMPLETIONS   DURATION   AGE
+
                                      1. Start the job.
                                        kubectl apply -f myjob.yaml
                                        
+
                                        The command output is as follows:
                                        
+
                                        job.batch/myjob created
                                        
+
                                      2. View the job details.
                                        kubectl get job
                                        
+
                                        The command output is as follows:
                                        
+
                                        NAME    COMPLETIONS   DURATION   AGE
 myjob   50/50         23s        3m45s
                                        
 
                                        If the value of COMPLETIONS is 50/50, the job is successfully executed.
                                        
-
                                      3. View the pod status.
                                        kubectl get pod
                                        
-
                                        [root@k8s-master k8s]# kubectl get pod
-NAME          READY   STATUS      RESTARTS   AGE
+
                                      4. View the pod status.
                                        kubectl get pod
                                        
+
                                        The command output is as follows:
                                        
+
                                        NAME          READY   STATUS      RESTARTS   AGE
 myjob-29qlw   0/1     Completed   0          4m5s
 ...
                                        
 
                                        If the status is Completed, the job is complete.
                                        
-
                                      5. View the pod logs.
                                        kubectl  logs <pod_name>
                                        
-
                                        # kubectl logs myjob-29qlw
-3.1415926535897932384626433832795028841971693993751058209749445923078164062862089986280348253421170679821480865132823066470938446095505822317253594081284811174502841027019385211055596446229489549303819644288109756659334461284756482337867831652712019091456485669234603486104543266482133936072602491412737245870066063155881748815209209628292540917153643678925903600113305305488204665213841469519415116094330572703657595919530921861173819326117931051185480744623799627495673518857527248912279381830119491298336733624406566430860213949463952247371907021798609437027705392171762931767523846748184676694051320005681271452635608277857713427577896091736371787214684409012249534301465495853710507922796892589235420199561121290219608640344181598136297747713099605187072113499999983729780499510597317328160963185950244594553469083026425223082533446850352619311881710100031378387528865875332083814206171776691473035982534904287554687311595628638823537875937519577818577805321712268066130019278766111959092164201989380952572010654858632788659361533818279682303019520353018529689957736225994138912497217752834791315155748572424541506959508295331168617278558890750983817546374649393192550604009277016711390098488240128583616035637076601047101819429555961989467678374494482553797747268471040475346462080466842590694912933136770289891521047521620569660240580381501935112533824300355876402474964732639141992726042699227967823547816360093417216412199245863150302861829745557067498385054945885869269956909272107975093029553211653449872027559602364806654991198818347977535663698074265425278625518184175746728909777727938000816470600161452491921732172147723501414419735685481613611573525521334757418494684385233239073941433345477624168625189835694855620992192221842725502542568876717904946016534668049886272327917860857843838279679766814541009538837863609506800642251252051173929848960841284886269456042419652850222106611863067442786220391949450471237137869609563643719172874677646575739624138908658326459958133904780275901
                                        
+
                                      6. View the pod logs.
                                        kubectl logs myjob-29qlw
                                        
 
                                      
 
 
                                      Related Operations
                                      After a one-off job is created, you can perform operations listed in Table 2.
                                      
@@ -186,9 +194,9 @@ myjob-29qlw   0/1     Completed   0          4m5s

                                    Editing a YAML file

                                    +

                                    Viewing a YAML file

                                    Click More > Edit YAML next to the job name to edit the YAML file of the current job.

                                    +

                                    Locate the row containing the target job and choose More > View YAML to view the YAML file of the job.

                                    Deleting a job

                                    diff --git a/docs/cce/umn/cce_10_0151.html b/docs/cce/umn/cce_10_0151.html index b5a026746..ebd064ac9 100644 --- a/docs/cce/umn/cce_10_0151.html +++ b/docs/cce/umn/cce_10_0151.html @@ -1,15 +1,15 @@ -

                                    Creating a Cron Job

                                    -

                                    Scenario

                                    A cron job runs on a repeating schedule. You can perform time synchronization for all active nodes at a fixed time point.

                                    -
                                    A cron job runs periodically at the specified time. It is similar with Linux crontab. A cron job has the following characteristics:
                                    • Runs only once at the specified time.
                                    • Runs periodically at the specified time.
                                    +

                                    Creating a CronJob

                                    +

                                    Scenario

                                    A CronJob runs on a repeating schedule. You can perform time synchronization for all active nodes at a fixed time point.

                                    +
                                    A CronJob runs periodically at the specified time. It is similar with Linux crontab. A CronJob has the following characteristics:
                                    • Runs only once at the specified time.
                                    • Runs periodically at the specified time.
                                    -

                                    The typical usage of a cron job is as follows:

                                    +

                                    The typical usage of a CronJob is as follows:

                                    • Schedules jobs at the specified time.
                                    • Creates jobs to run periodically, for example, database backup and email sending.

                                    Prerequisites

                                    Resources have been created. For details, see Creating a Node.

                                    -

                                    Using the CCE Console

                                    1. Log in to the CCE console.
                                    2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                    3. Set basic information about the workload.

                                      Basic Info
                                      • Workload Type: Select Cron Job. For details about workload types, see Overview.
                                      • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                      • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                      • Container Runtime: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Secure Runtime and Common Runtime.
                                      +

                                      Using the CCE Console

                                      1. Log in to the CCE console.
                                      2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                      3. Set basic information about the workload.

                                        Basic Info
                                        • Workload Type: Select Cron Job. For details about workload types, see Overview.
                                        • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                        • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                        • Container Runtime: A CCE standard cluster uses a common runtime by default, whereas a CCE Turbo cluster supports both common and secure runtimes. For details about the differences, see Secure Runtime and Common Runtime.
                                        Container Settings
                                        • Container Information
                                          Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
                                          • Basic Info: Configure basic information about the container.
                                            - @@ -70,18 +70,25 @@

                                            An init container is a special container that runs before other app containers in a pod are started. Each pod can contain multiple containers. In addition, a pod can contain one or more init containers. Application containers in a pod are started and run only after the running of all init containers completes. For details, see Init Containers.

                                            + + +

                                            Parameter

                                            @@ -31,7 +31,7 @@

                                            Image Name

                                            Click Select Image and select the image used by the container.

                                            -

                                            To use a third-party image, see Using Third-Party Images.

                                            +

                                            To use a third-party image, directly enter image path. Ensure that the image access credential can be used to access the image repository. For details, see Using Third-Party Images.

                                            Image Tag

                                            @@ -53,8 +53,8 @@

                                            (Optional) GPU Quota

                                            Configurable only when the cluster contains GPU nodes and the CCE AI Suite (NVIDIA GPU) add-on is installed.

                                            -
                                            • All: No GPU will be used.
                                            • Dedicated: GPU resources are dedicated for the container.
                                            • Shared: percentage of GPU resources used by the container. For example, if this parameter is set to 10%, the container uses 10% of GPU resources.
                                            +

                                            Configurable only when the cluster contains GPU nodes and the CCE AI Suite (NVIDIA GPU) add-on has been installed.

                                            +
                                            • Do not use: No GPU will be used.
                                            • GPU card: The GPU is dedicated for the container.
                                            • GPU Virtualization: percentage of GPU resources used by the container. For example, if this parameter is set to 10%, the container will use 10% of GPU resources.

                                            For details about how to use GPUs in the cluster, see Default GPU Scheduling in Kubernetes.

                                            (Optional) Run Option

                                            +

                                            Add run options for the container. For details, see Pod. CCE supports the following run options:

                                            +
                                            • stdin: allows containers to receive input from external sources, such as terminals or other input streams.
                                            • tty: allocates a pseudo terminal to containers, allowing you to send commands to them as if you were using a local terminal.

                                              In most cases, tty is enabled along with stdin, indicating that the terminal (tty) is associated with the standard input (stdin) of the container. This allows for interactive operations, similar to the kubectl exec -i -t command. The difference is that this parameter has been configured when the pod is launched.

                                              +
                                            +
                                          • (Optional) Lifecycle: Configure operations to be performed in a specific phase of the container lifecycle, such as Startup Command, Post-Start, and Pre-Stop. For details, see Configuring Container Lifecycle Parameters.
                                          • (Optional) Environment Variables: Configure variables for the container running environment using key-value pairs. These variables transfer external information to containers running in pods and can be flexibly modified after application deployment. For details, see Configuring Environment Variables.
                                          -
                                        • Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR. For details about default-secret, see default-secret.
                                        • (Optional) GPU: All is selected by default. The workload instance will be scheduled to the node of the specified GPU type.
                                        +
                                      4. Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR Shared Edition. For details about default-secret, see default-secret.
                                      5. (Optional) GPU: All is selected by default. The workload instance will be scheduled to the node of the specified GPU type.

                                      Schedule

                                      -
                                      • Concurrency Policy: The following three modes are supported:
                                        • Forbid: A new job cannot be created before the previous job is completed.
                                        • Allow: The cron job allows concurrently running jobs, which preempt cluster resources.
                                        • Replace: A new job replaces the previous job when it is time to create a job but the previous job is not completed.
                                        -
                                      • Policy Settings: specifies when a new cron job is executed. Policy settings in YAML are implemented using cron expressions.
                                        • A cron job is executed at a fixed interval. The unit can be minute, hour, day, or month. For example, if a cron job is executed every 30 minutes and the corresponding cron expression is */30 * * * *, the execution time starts from 0 in the unit range, for example, 00:00:00, 00:30:00, 01:00:00, and ....
                                        • The cron job is executed at a fixed time (by month). For example, if a cron job is executed at 00:00 on the first day of each month, the cron expression is 0 0 1 */1 *, and the execution time is ****-01-01 00:00:00, ****-02-01 00:00:00, and ....
                                        • The cron job is executed by week. For example, if a cron job is executed at 00:00 every Monday, the cron expression is 0 0 * * 1, and the execution time is ****-**-01 00:00:00 on Monday, ****-**-08 00:00:00 on Monday, and ....
                                        • Custom Cron Expression: For details about how to use cron expressions, see CronJob.
                                        -
                                        • If a cron job is executed at a fixed time (by month) and the number of days in a month does not exist, the cron job will not be executed in this month. For example, the execution will skip February if the date is set to 30.
                                        • Due to the definition of cron, the fixed period is not a strict period. The time unit range is divided from 0 by period. For example, if the unit is minute, the value ranges from 0 to 59. If the value cannot be exactly divided, the last period is reset. Therefore, an accurate period can be represented only when the period can be evenly divided.

                                          Take a cron job that runs hourly as an example. If an interval that can divide 24 hours exactly, such as /2, /3, /4, /6, /8, and /12, the period can be accurately represented. However, if a different period is used, the last period will reset at the beginning of each new day. For example, if the cron expression is * */12 * * *, the task will run at 00:00:00 and 12:00:00 every day. Similarly, if the cron expression is * */13 * * *, the task will run at 00:00:00 and 13:00:00 every day. Note that the last period will reset at 00:00:00 on the following day, even if it has not reached 13 hours.

                                          +
                                          • Concurrency Policy: The following three modes are supported:
                                            • Forbid: A new job cannot be created before the previous job is completed.
                                            • Allow: The CronJob allows concurrently running jobs, which preempt cluster resources.
                                            • Replace: A new job replaces the previous job when it is time to create a job but the previous job is not completed.
                                            +
                                          • Policy Settings: specifies when a new CronJob is executed. Policy settings in YAML are implemented using cron expressions.
                                            • A CronJob is executed at a fixed interval. The unit can be minute, hour, day, or month. For example, if a CronJob is executed every 30 minutes, its cron expression is */30 * * * *. The job will be executed at 30-minute intervals, starting from the top of the hour, for example, 00:00:00, 00:30:00, 01:00:00, and ....
                                            • The CronJob is executed at a fixed time (by month). For example, if a CronJob is executed at 00:00 on the first day of each month, its cron expression is 0 0 1 */1 *. The job will be executed at ****-01-01 00:00:00, ****-02-01 00:00:00, and ....
                                            • The CronJob is executed by week. For example, if a CronJob is executed at 00:00 every Monday, its cron expression is 0 0 * * 1. The job will be executed at ****-**-01 00:00:00 on Monday, ****-**-08 00:00:00 on Monday, and ....
                                            • Custom Cron Expression: For details about how to use cron expressions, see CronJob.
                                            +
                                            • If a CronJob is executed at a fixed time (by month) and the number of days in a month does not exist, the CronJob will not be executed in this month. For example, the execution will skip February if the date is set to 30.
                                            • Due to the definition of cron, the fixed period is not a strict period. The time unit range is divided from 0 by period. For example, if the unit is minute, the value ranges from 0 to 59. If the value cannot be exactly divided, the last period is reset. Therefore, an accurate period can be represented only when the period can be evenly divided.

                                              Take a CronJob that runs hourly as an example. If an interval that can divide 24 hours exactly, such as /2, /3, /4, /6, /8, and /12, the period can be accurately represented. However, if a different period is used, the last period will reset at the beginning of each new day. For example, if the cron expression is * */12 * * *, the task will run at 00:00:00 and 12:00:00 every day. Similarly, if the cron expression is * */13 * * *, the task will run at 00:00:00 and 13:00:00 every day. Note that the last period will reset at 00:00:00 on the following day, even if it has not reached 13 hours.

                                          • Time Zone: You can specify a time zone. If this parameter is not specified, the time zone of the master node will be used by default.
                                          • Job Records: You can set the number of jobs that are successfully executed or fail to be executed. Setting a limit to 0 corresponds to keeping none of the jobs after they finish.
                                          @@ -89,12 +96,14 @@
                                          • Network Configuration
                                            • Pod ingress/egress bandwidth limitation: You can set ingress/egress bandwidth limitation for pods. For details, see Configuring QoS for a Pod.
                                            • Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will be created using the container subnet and security group in the configuration. For details, see Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration.
                                            • Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.
                                            • IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack ENIs. For details, see Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack ENIs.
                                        -

                                      • Click Create Workload in the lower right corner.
                                    +

                                  • Click Create Workload in the lower right corner and check whether the workload status changes to Started.

                                    +

                                    +

                                    • -

                                    Using kubectl

                                    A cron job has the following configuration parameters:

                                    +

                                    Using kubectl

                                    A CronJob has the following configuration parameters:

                                    • .spec.schedule: takes a Cron format string, for example, 0 * * * * or @hourly, as schedule time of jobs to be created and executed.
                                    • .spec.jobTemplate: specifies jobs to be run, and has the same schema as when you are Creating a Job Using kubectl.
                                    • .spec.startingDeadlineSeconds: specifies the deadline for starting a job.
                                    • .spec.concurrencyPolicy: specifies how to treat concurrent executions of a job created by the CronJob. The following options are supported:
                                      • Allow (default value): allows concurrently running jobs.
                                      • Forbid: forbids concurrent runs, skipping next run if previous has not finished yet.
                                      • Replace: cancels the currently running job and replaces it with a new one.
                                    -

                                    The following is an example cron job, which is saved in the cronjob.yaml file.

                                    +

                                    The following is an example CronJob, which is saved in the cronjob.yaml file.

                                    In clusters of v1.21 or later, CronJob apiVersion is batch/v1.

                                    In clusters earlier than v1.21, CronJob apiVersion is batch/v1beta1.

                                    @@ -103,7 +112,7 @@ kind: CronJob metadata: name: hello spec: - schedule: "*/1 * * * *" + schedule: "*/1 * * * *" # The task is executed every minute. jobTemplate: spec: template: @@ -119,26 +128,28 @@ spec: imagePullSecrets: - name: default-secret

                                    Run the job.

                                    -
                                    1. Create a CronJob.

                                      kubectl create -f cronjob.yaml

                                      +
                                      1. Create a CronJob.

                                        kubectl create -f cronjob.yaml

                                        Information similar to the following is displayed:

                                        cronjob.batch/hello created
                                        -

                                      2. Query the running status of the cron job:

                                        kubectl get cronjob

                                        -
                                        NAME      SCHEDULE      SUSPEND   ACTIVE    LAST SCHEDULE   AGE
-hello     */1 * * * *   False     0         <none>          9s
                                        -

                                        kubectl get jobs

                                        -
                                        NAME               COMPLETIONS   DURATION   AGE
+
                                      3. Check the running status of the CronJob:

                                        kubectl get cronjob
                                        +

                                        The command output is as follows:

                                        +
                                        NAME    SCHEDULE      TIMEZONE   SUSPEND   ACTIVE   LAST SCHEDULE   AGE
+hello   */1 * * * *   <none>     False     0        59s             2m36s
                                        +

                                      4. Check the job that is started at a scheduled time.

                                        kubectl get jobs
                                        +

                                        The command output is as follows:

                                        +
                                        NAME               COMPLETIONS   DURATION   AGE
 hello-1597387980   1/1           27s        45s
                                        -

                                        kubectl get pod

                                        -
                                        NAME                           READY     STATUS      RESTARTS   AGE
-hello-1597387980-tjv8f         0/1       Completed   0          114s
-hello-1597388040-lckg9         0/1       Completed   0          39s
                                        -

                                        kubectl logs hello-1597387980-tjv8f

                                        -
                                        Fri Aug 14 06:56:31 UTC 2020
+
                                      5. Check the pods started by the job.

                                        kubectl get pod
                                        +

                                        The command output is as follows:

                                        +
                                        NAME                           READY     STATUS      RESTARTS   AGE
+hello-1597387980-tjv8f         0/1       Completed   0          114s
                                        +

                                      6. Check the pod logs. It is expected that "Hello from the Kubernetes cluster" is displayed in the logs.

                                        kubectl logs hello-1597387980-tjv8f
                                        +

                                        The command output is as follows:

                                        +
                                        Fri Aug 14 06:56:31 UTC 2020
 Hello from the Kubernetes cluster
                                        -

                                        kubectl delete cronjob hello

                                        -
                                        cronjob.batch "hello" deleted
                                        -

                                        When a CronJob is deleted, the related jobs and pods are deleted accordingly.

                                        -
                                        +

                                      7. Delete the cron job. If a cron job is deleted, the related jobs and pods are deleted accordingly.

                                        kubectl delete cronjob hello
                                        +

                                        The command output is as follows:

                                        +
                                        cronjob.batch "hello" deleted

                                    Related Operations

                                    After a CronJob is created, you can perform operations listed in Table 1.

                                    @@ -151,7 +162,7 @@ Hello from the Kubernetes cluster

                                    Editing a YAML file

                                    Click More > Edit YAML next to the cron job name to edit the YAML file of the current job.

                                    +

                                    Click More > Edit YAML next to the CronJob name to edit the YAML file of the current job.

                                    Stopping a CronJob

                                    diff --git a/docs/cce/umn/cce_10_0152.html b/docs/cce/umn/cce_10_0152.html index 111efadf8..14f973889 100644 --- a/docs/cce/umn/cce_10_0152.html +++ b/docs/cce/umn/cce_10_0152.html @@ -33,7 +33,7 @@

                                    Data

                                    Data of a ConfigMap, in the key-value pair format.

                                    -

                                    Click to add data. The value can be in string, JSON, or YAML format.

                                    +

                                    Click to add data. The value can be in string, JSON, or YAML format.

                                    Label

                                    @@ -47,7 +47,8 @@

                                  • Click OK.

                                    The new ConfigMap is displayed in the ConfigMap list.

                                    • -

                                    Creating a ConfigMap Using kubectl

                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                    2. Create a file named cce-configmap.yaml and edit it.

                                      vi cce-configmap.yaml

                                      +

                                      Creating a ConfigMap Using kubectl

                                      1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                      2. Create a file named cce-configmap.yaml and edit it.

                                        vi cce-configmap.yaml
                                        +

                                        File content:

                                        apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -56,38 +57,39 @@ data:
   SPECIAL_LEVEL: Hello
   SPECIAL_TYPE: CCE
                                        -
                                        @@ -67,7 +67,7 @@ data: kind: Secret metadata: name: mysecret #Secret name - namespace: default #Namespace. The default value is default. + namespace: default #Namespace. The default value is default. data: .dockerconfigjson: eyJh***** # Content encoded using Base64. type: kubernetes.io/dockerconfigjson @@ -86,7 +86,7 @@ data: apiVersion: v1 metadata: name: mysecret #Secret name - namespace: default #Namespace. The default value is default. + namespace: default #Namespace. The default value is default. data: tls.crt: LS0tLS1CRU*****FURS0tLS0t # Certificate content, which must be encoded using Base64. tls.key: LS0tLS1CRU*****VZLS0tLS0= # Private key content, which must be encoded using Base64. @@ -96,7 +96,7 @@ data: apiVersion: v1 metadata: name: mysecret #Secret name - namespace: default #Namespace. The default value is default. + namespace: default #Namespace. The default value is default. data: tls.crt: LS0tLS1CRU*****FURS0tLS0t # Certificate content, which must be encoded using Base64. tls.key: LS0tLS1CRU*****VZLS0tLS0= # Private key content, which must be encoded using Base64. @@ -104,9 +104,9 @@ data: -

                                        Creating a Secret Using kubectl

                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                        2. Create and edit the Base64-encoded cce-secret.yaml file.

                                          # echo -n "content to be encoded" | base64
+
                                          Creating a Secret Using kubectl
                                          1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                          2. Encode the secret value using Base64.
                                            # echo -n "content-to-be-encoded" | base64
 ******
                                            
-
                                            vi cce-secret.yaml
                                            
+
                                          3. Create a file named cce-secret.yaml and edit it.
                                            vi cce-secret.yaml
                                            
 
                                            The following YAML file uses the Opaque type as an example. For details about other types, see Secret Resource File Configuration Example.
                                            
 
                                            apiVersion: v1
 kind: Secret
@@ -115,15 +115,15 @@ metadata:
 type: Opaque
 data:
   <your_key>: <your_value>  # Enter a key-value pair. The value must be encoded using Base64.
                                            
-
                                          4. Create a secret.
                                            kubectl create -f cce-secret.yaml
                                            
+
                                          5. Create a secret.
                                            kubectl create -f cce-secret.yaml
                                            
 
                                            You can query the secret after creation.
                                            
-
                                            kubectl get secret -n default
                                            
+
                                            kubectl get secret -n default
                                            
 
                                          
 
                                          
 
                                          Related Operations
                                          After creating a secret, you can update or delete it as described in Table 2.
                                           
                                          The secret list contains system secret resources that can be queried only. The system secret resources cannot be updated or deleted.
                                          
 
                                          
 
-
                                        Table 2 Key parameters

                                        Parameter

                                        +
                                        - - - - - - - - -
                                        Table 2 Key parameters

                                        Parameter

                                        Description

                                        +

                                        Description

                                        apiVersion

                                        +

                                        apiVersion

                                        The value is fixed at v1.

                                        +

                                        The value is fixed at v1.

                                        kind

                                        +

                                        kind

                                        The value is fixed at ConfigMap.

                                        +

                                        The value is fixed at ConfigMap.

                                        metadata.name

                                        +

                                        metadata.name

                                        ConfigMap name, which can be customized.

                                        +

                                        ConfigMap name, which can be customized.

                                        data

                                        +

                                        data

                                        ConfigMap data. The value must be key-value pairs.

                                        +

                                        ConfigMap data. The value must be key-value pairs.
                                        -

                                      3. Run the following commands to create a ConfigMap.

                                        kubectl create -f cce-configmap.yaml

                                        +

                                      4. Run the following commands to create a ConfigMap.

                                        kubectl create -f cce-configmap.yaml

                                        Run the following commands to view the created ConfigMap:

                                        -

                                        kubectl get cm

                                        +
                                        kubectl get cm
                                        +

                                        Command output:

                                        NAME               DATA            AGE
 cce-configmap      3               7m

                                        5. diff --git a/docs/cce/umn/cce_10_0153.html b/docs/cce/umn/cce_10_0153.html index ea2bbd5ba..c5e3edc4a 100644 --- a/docs/cce/umn/cce_10_0153.html +++ b/docs/cce/umn/cce_10_0153.html @@ -36,7 +36,7 @@

                                        Secret Data

                                        Workload secret data can be used in containers.

                                        -
                                        • If Secret Type is Opaque, click . In the dialog box displayed, enter a key-value pair and select Auto Base64 Encoding.
                                        • If Secret Type is kubernetes.io/dockerconfigjson, enter the account and password for logging in to the private image repository.
                                        • If Secret Type is kubernetes.io/tls or IngressTLS, upload the certificate file and private key file.
                                          NOTE:
                                          • A certificate is a self-signed or CA-signed credential used for identity authentication.
                                          • A certificate request is a request for a signature with a private key.
                                          +
                                          • If Secret Type is Opaque, click . In the dialog box displayed, enter a key-value pair and select Auto Base64 Encoding.
                                          • If Secret Type is kubernetes.io/dockerconfigjson, enter the account and password for logging in to the private image repository.
                                          • If Secret Type is kubernetes.io/tls or IngressTLS, upload the certificate file and private key file.
                                            NOTE:
                                            • A certificate is a self-signed or CA-signed credential used for identity authentication.
                                            • A certificate request is a request for a signature with a private key.
                                        Table 2 Related Operations

                                        Operation

                                        +
                                        diff --git a/docs/cce/umn/cce_10_0154.html b/docs/cce/umn/cce_10_0154.html index 91e6e201d..6d6245f07 100644 --- a/docs/cce/umn/cce_10_0154.html +++ b/docs/cce/umn/cce_10_0154.html @@ -1,10 +1,8 @@

                                        CCE Cluster Autoscaler

                                        -

                                        Introduction

                                        Autoscaler is an important Kubernetes controller. It supports microservice scaling and is key to serverless design.

                                        -

                                        When the CPU or memory usage of a microservice is too high, horizontal pod autoscaling is triggered to add pods to reduce the load. These pods can be automatically reduced when the load is low, allowing the microservice to run as efficiently as possible.

                                        -

                                        CCE simplifies the creation, upgrade, and manual scaling of Kubernetes clusters, in which traffic loads change over time. To balance resource usage and workload performance of nodes, Kubernetes introduces the Autoscaler add-on to automatically adjust the number of nodes a cluster based on the resource usage required for workloads deployed in the cluster. For details, see Creating a Node Scaling Policy.

                                        -

                                        Open source community: https://github.com/kubernetes/autoscaler

                                        +

                                        Introduction

                                        The CCE Cluster Autoscaler add-on is built on the Autoscaler component of the community. It can automatically adjust the number of cluster nodes based on the resource needs of applications, optimizing resource utilization and performance. Autoscaler is the main controller in Kubernetes. It can automatically scale nodes in or out based on resource requirements. When there are not enough node resources to schedule pods in a cluster, Autoscaler adds more nodes with additional resources for those pods. Furthermore, if the resource utilization of the added nodes is low, Autoscaler will automatically remove them. For details about how to implement node auto scaling, see Creating a Node Scaling Policy.

                                        +

                                        Open-source community: https://github.com/kubernetes/autoscaler

                                        How the Add-on Works

                                        Autoscaler controls auto scale-out and scale-in.

                                        • Auto scale-out
                                          You can choose either of the following methods:
                                          • If a pod cannot be scheduled due to insufficient resources of worker nodes, CCE will add more nodes to the cluster. The new nodes have the same resource quotas as those configured for the node pools that the new nodes are in.
                                            Auto scale-out will be performed when:
                                            • Node resources are insufficient.
                                            • No node affinity policy is set in the scheduling configurations of the pod. If the pod is configured affinity for a node, the system will not automatically add more nodes in the cluster. For details about how to configure node affinity policies, see Configuring Node Affinity Scheduling (nodeAffinity).
                                            @@ -19,11 +17,11 @@
                                          -

                                          Notes and Constraints

                                          • Ensure that there are sufficient resources for installing the add-on.
                                          • The default node pool does not support auto scaling. For details, see Description of DefaultPool.
                                          • Node scale-in will cause PVC/PV data loss for the local PVs associated with the node. These PVCs and PVs cannot be restored or used again. In a node scale-in, a pod that uses the local PV will be evicted from the node. A new pod will be created, but it remains in a pending state because the label of the PVC bound to it conflicts with the node label.
                                          • When Autoscaler is used, some taints or annotations may affect auto scaling. Therefore, do not use the following taints or annotations in clusters:
                                            • ignore-taint.cluster-autoscaler.kubernetes.io: The taint works on nodes. Kubernetes-native Autoscaler supports protection against abnormal scale outs and periodically evaluates the proportion of available nodes in the cluster. When the proportion of non-ready nodes exceeds 45%, protection will be triggered. In this case, all nodes with the ignore-taint.cluster-autoscaler.kubernetes.io taint in the cluster are filtered out from the Autoscaler template and recorded as non-ready nodes, which affects cluster scaling.
                                            • cluster-autoscaler.kubernetes.io/enable-ds-eviction: The annotation works on pods, which determines whether DaemonSet pods can be evicted by Autoscaler. For details, see Well-Known Labels, Annotations and Taints.
                                            +

                                            Notes and Constraints

                                            • There must be enough resources in the cluster during the add-on installation.
                                            • The default node pool does not support auto scaling. For details, see Description of DefaultPool.
                                            • Node scale-in will cause PVC/PV data loss for the local PVs associated with the node. These PVCs and PVs cannot be restored or used again. In a node scale-in, a pod that uses the local PV will be evicted from the node. A new pod will be created, but it remains in a pending state because the label of the PVC bound to it conflicts with the node label.
                                            • When CCE Cluster Autoscaler is used, some taints or annotations may affect auto scaling. Therefore, do not use the following taints or annotations in clusters:
                                              • ignore-taint.cluster-autoscaler.kubernetes.io: The taint works on nodes. Kubernetes-native Autoscaler supports protection against abnormal scale-outs and periodically evaluates the proportion of available nodes in the cluster. When the proportion of non-ready nodes exceeds 45%, protection will be triggered. In this case, all nodes with the ignore-taint.cluster-autoscaler.kubernetes.io taint in the cluster are filtered out from the Autoscaler template and recorded as non-ready nodes, which affect cluster scaling.
                                              • cluster-autoscaler.kubernetes.io/enable-ds-eviction: The annotation works on pods, which determines whether DaemonSet pods can be evicted by Autoscaler. For details, see Well-Known Labels, Annotations and Taints.

                                            Installing the Add-on

                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CCE Cluster Autoscaler on the right, and click Install.
                                            2. On the Install Add-on page, configure the specifications as needed.

                                              There are three types of preset specifications based on the cluster scale. You can select one as required. The system will configure the number of pods and resource quotas for the add-on based on the selected preset specifications. You can see the configurations on the console.

                                              -

                                            3. Configure deployment policies for the add-on pods.

                                              • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                              • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                              +

                                            4. Configure deployment policies for the add-on pods.

                                              • Scheduling policies do not take effect on add-on pods of the DaemonSet type.
                                              • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                        Table 2 Related operations

                                        Operation

                                        Description
                                        - - @@ -76,558 +74,752 @@

                                        Change History

                                        -
                                        Table 1 Configurations for add-on scheduling

                                        Parameter

                                        @@ -34,12 +32,12 @@

                                        Multi-AZ Deployment

                                        • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                        • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                        • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                                        +
                                        • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                        • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                        • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.

                                        Node Affinity

                                        • Not configured: Node affinity is disabled for the add-on.
                                        • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                        • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                        • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.

                                          If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.

                                          +
                                        • Not configured: Node affinity is disabled for the add-on.
                                        • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                        • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pools, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                        • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.

                                          If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                        Table 3 Release history for the add-on adapted to clusters 1.30

                                        Add-on Version

                                        +
                                        - - - - - - - - - - -
                                        Table 3 Release history for the add-on adapted to clusters v1.31

                                        Add-on Version

                                        Supported Cluster Version

                                        +

                                        Supported Cluster Version

                                        New Feature

                                        +

                                        New Feature

                                        Community Version

                                        +

                                        Community Version

                                        1.30.18

                                        +

                                        1.31.13

                                        v1.30

                                        +

                                        v1.31

                                        Fixed some issues.

                                        +

                                        The scale-down delay and scale-down utilization thresholds can be configured for node pools.

                                        1.30.1

                                        +

                                        1.31.1

                                        1.30.15

                                        +

                                        1.31.8

                                        v1.30

                                        +

                                        v1.31

                                        • Clusters 1.30 are supported.
                                        • Included the name of the target node pool to the reported event.
                                        +

                                        CCE clusters v1.31 are supported.

                                        1.30.1

                                        +

                                        1.31.1
                                        -
                                        Table 4 Release history for the add-on adapted to clusters 1.29

                                        Add-on Version

                                        +
                                        - - - - - - - - - - - - - - -
                                        Table 4 Release history for the add-on adapted to clusters v1.30

                                        Add-on Version

                                        Supported Cluster Version

                                        +

                                        Supported Cluster Version

                                        New Feature

                                        +

                                        New Feature

                                        Community Version

                                        +

                                        Community Version

                                        1.29.53

                                        +

                                        1.30.51

                                        v1.29

                                        +

                                        v1.30

                                        Fixed some issues.

                                        +

                                        The scale-down delay and scale-down utilization thresholds can be configured for node pools.

                                        1.29.1

                                        +

                                        1.30.1

                                        1.29.17

                                        +

                                        1.30.18

                                        v1.29

                                        +

                                        v1.30

                                        Optimized events.

                                        +

                                        Fixed some issues.

                                        1.29.1

                                        +

                                        1.30.1

                                        1.29.13

                                        +

                                        1.30.15

                                        v1.29

                                        +

                                        v1.30

                                        Clusters 1.29 are supported.

                                        +
                                        • Clusters v1.30 are supported.
                                        • Added the name of the target node pool to the events.

                                        1.29.1

                                        +

                                        1.30.1
                                        -
                                        Table 5 Release history for the add-on adapted to clusters 1.28

                                        Add-on Version

                                        +
                                        - - - - - - - - - - - - - - - - - - -
                                        Table 5 Release history for the add-on adapted to clusters v1.29

                                        Add-on Version

                                        Supported Cluster Version

                                        +

                                        Supported Cluster Version

                                        New Feature

                                        +

                                        New Feature

                                        Community Version

                                        +

                                        Community Version

                                        1.28.55

                                        +

                                        1.29.84

                                        v1.28

                                        +

                                        v1.29

                                        Optimized events.

                                        +

                                        The scale-down delay and scale-down utilization thresholds can be configured for node pools.

                                        1.28.1

                                        +

                                        1.29.1

                                        1.28.22

                                        +

                                        1.29.53

                                        v1.28

                                        +

                                        v1.29

                                        Fixed some issues.

                                        +

                                        Fixed some issues.

                                        1.28.1

                                        +

                                        1.29.1

                                        1.28.20

                                        +

                                        1.29.17

                                        v1.28

                                        +

                                        v1.29

                                        Fixed some issues.

                                        +

                                        Optimized events.

                                        1.28.1

                                        +

                                        1.29.1

                                        1.28.17

                                        +

                                        1.29.13

                                        v1.28

                                        +

                                        v1.29

                                        Fixed the issue that scale-in cannot be performed when there are custom pod controllers in a cluster.

                                        +

                                        Clusters v1.29 are supported.

                                        1.28.1

                                        +

                                        1.29.1
                                        -
                                        Table 6 Release history for the add-on adapted to clusters 1.27

                                        Add-on Version

                                        +
                                        - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + +
                                        Table 6 Release history for the add-on adapted to clusters v1.28

                                        Add-on Version

                                        Supported Cluster Version

                                        +

                                        Supported Cluster Version

                                        New Feature

                                        +

                                        New Feature

                                        Community Version

                                        +

                                        Community Version

                                        1.27.55

                                        +

                                        1.28.123

                                        v1.27

                                        +

                                        v1.28

                                        Fixed some issues.

                                        +

                                        The scale-down delay and scale-down utilization thresholds can be configured for node pools.

                                        1.27.1

                                        +

                                        1.28.1

                                        1.27.53

                                        +

                                        1.28.92

                                        v1.27

                                        +

                                        v1.28

                                        Fixed some issues.

                                        +

                                        Fixed some issues.

                                        1.27.1

                                        +

                                        1.28.1

                                        1.27.51

                                        +

                                        1.28.91

                                        v1.27

                                        +

                                        v1.28

                                        Fixed some issues.

                                        +

                                        Fixed some issues.

                                        1.27.1

                                        +

                                        1.28.1

                                        1.27.14

                                        +

                                        1.28.88

                                        v1.27

                                        +

                                        v1.28

                                        Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.

                                        +

                                        Added the name of the target node pool to the events.

                                        1.27.1

                                        +

                                        1.28.1

                                        +

                                        1.28.55

                                        +

                                        v1.28

                                        +

                                        Optimized events.

                                        +

                                        1.28.1

                                        +

                                        1.28.22

                                        +

                                        v1.28

                                        +

                                        Fixed some issues.

                                        +

                                        1.28.1

                                        +

                                        1.28.20

                                        +

                                        v1.28

                                        +

                                        Fixed some issues.

                                        +

                                        1.28.1

                                        +

                                        1.28.17

                                        +

                                        v1.28

                                        +

                                        Fixed the issue that scale-in cannot be performed when there are custom pod controllers in a cluster.

                                        +

                                        1.28.1
                                        -
                                        Table 7 Release history for the add-on adapted to clusters 1.25

                                        Add-on Version

                                        +
                                        - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + +
                                        Table 7 Release history for the add-on adapted to clusters v1.27

                                        Add-on Version

                                        Supported Cluster Version

                                        +

                                        Supported Cluster Version

                                        New Feature

                                        +

                                        New Feature

                                        Community Version

                                        +

                                        Community Version

                                        1.25.88

                                        +

                                        1.27.155

                                        v1.25

                                        +

                                        v1.27

                                        Fixed some issues.

                                        +

                                        The scale-down delay and scale-down utilization thresholds can be configured for node pools.

                                        1.25.0

                                        +

                                        1.27.1

                                        1.25.86

                                        +

                                        1.27.123

                                        v1.25

                                        +

                                        v1.27

                                        Fixed some issues.

                                        +

                                        Fixed some issues.

                                        1.25.0

                                        +

                                        1.27.1

                                        1.25.84

                                        +

                                        1.27.122

                                        v1.25

                                        +

                                        v1.27

                                        Fixed some issues.

                                        +

                                        Fixed some issues.

                                        1.25.0

                                        +

                                        1.27.1

                                        1.25.46

                                        +

                                        1.27.119

                                        v1.25

                                        +

                                        v1.27

                                        Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.

                                        +

                                        Added the name of the target node pool to the events.

                                        1.25.0

                                        +

                                        1.27.1

                                        1.25.21

                                        +

                                        1.27.88

                                        v1.25

                                        +

                                        v1.27

                                        • Fixed the issue that the autoscaler's least-waste is disabled by default.
                                        • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                        • The default taint tolerance duration is changed to 60s.
                                        • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.
                                        +

                                        Optimized events.

                                        1.25.0

                                        +

                                        1.27.1

                                        1.25.7

                                        +

                                        1.27.55

                                        v1.25

                                        +

                                        v1.27

                                        • CCE clusters 1.25 are supported.
                                        • Modified the memory request and limit of a customized flavor.
                                        • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                        +

                                        Fixed some issues.

                                        1.25.0

                                        +

                                        1.27.1

                                        +

                                        1.27.53

                                        +

                                        v1.27

                                        +

                                        Fixed some issues.

                                        +

                                        1.27.1

                                        +

                                        1.27.51

                                        +

                                        v1.27

                                        +

                                        Fixed some issues.

                                        +

                                        1.27.1

                                        +

                                        1.27.14

                                        +

                                        v1.27

                                        +

                                        Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.

                                        +

                                        1.27.1
                                        -
                                        Table 8 Release history for the add-on adapted to clusters 1.23

                                        Add-on Version

                                        +
                                        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + +
                                        Table 8 Release history for the add-on adapted to clusters v1.25

                                        Add-on Version

                                        Supported Cluster Version

                                        +

                                        Supported Cluster Version

                                        New Feature

                                        +

                                        New Feature

                                        Community Version

                                        +

                                        Community Version

                                        1.23.95

                                        +

                                        1.25.184

                                        v1.23

                                        +

                                        v1.25

                                        Fixed some issues.

                                        +

                                        The scale-down delay and scale-down utilization thresholds can be configured for node pools.

                                        1.23.0

                                        +

                                        1.25.0

                                        1.23.93

                                        +

                                        1.25.153

                                        v1.23

                                        +

                                        v1.25

                                        Fixed some issues.

                                        +

                                        Fixed some issues.

                                        1.23.0

                                        +

                                        1.25.0

                                        1.23.91

                                        +

                                        1.25.152

                                        v1.23

                                        +

                                        v1.25

                                        Fixed some issues.

                                        +

                                        Added the name of the target node pool to the events.

                                        1.23.0

                                        +

                                        1.25.0

                                        1.23.54

                                        +

                                        1.25.120

                                        v1.23

                                        +

                                        v1.25

                                        Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.

                                        +

                                        Optimized events.

                                        1.23.0

                                        +

                                        1.25.0

                                        1.23.31

                                        +

                                        1.25.88

                                        v1.23

                                        +

                                        v1.25

                                        • Fixed the issue that the autoscaler's least-waste is disabled by default.
                                        • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                        • The default taint tolerance duration is changed to 60s.
                                        • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.
                                        +

                                        Fixed some issues.

                                        1.23.0

                                        +

                                        1.25.0

                                        1.23.17

                                        +

                                        1.25.86

                                        v1.23

                                        +

                                        v1.25

                                        • Supported node scaling policies without a step.
                                        • Fixed a bug so that deleted node pools are automatically removed.
                                        • Supported scheduling by priority.
                                        • Supported the emptyDir scheduling policy.
                                        • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                        • Modified the memory request and limit of a customized flavor.
                                        • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                        +

                                        Fixed some issues.

                                        1.23.0

                                        +

                                        1.25.0

                                        1.23.10

                                        +

                                        1.25.84

                                        v1.23

                                        +

                                        v1.25

                                        • Optimized logging.
                                        • Supported scale-in waiting so that operations such as data dump can be performed before a node is deleted.
                                        +

                                        Fixed some issues.

                                        1.23.0

                                        +

                                        1.25.0

                                        +

                                        1.25.46

                                        +

                                        v1.25

                                        +

                                        Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.

                                        +

                                        1.25.0

                                        +

                                        1.25.21

                                        +

                                        v1.25

                                        +
                                        • Fixed the issue that the autoscaler's least-waste is disabled by default.
                                        • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                        • The default taint tolerance duration is changed to 60s.
                                        • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.
                                        +

                                        1.25.0

                                        +

                                        1.25.7

                                        +

                                        v1.25

                                        +
                                        • CCE clusters v1.25 are supported.
                                        • Modified the memory request and limit of a customized flavor.
                                        • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                        +

                                        1.25.0
                                        -
                                        Table 9 Release history for the add-on adapted to clusters 1.21

                                        Add-on Version

                                        +
                                        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + +
                                        Table 9 Release history for the add-on adapted to clusters v1.23

                                        Add-on Version

                                        Supported Cluster Version

                                        +

                                        Supported Cluster Version

                                        New Feature

                                        +

                                        New Feature

                                        Community Version

                                        +

                                        Community Version

                                        1.21.89

                                        +

                                        1.23.157

                                        v1.21

                                        +

                                        v1.23

                                        Fixed some issues.

                                        +

                                        Fixed some issues.

                                        1.21.0

                                        +

                                        1.23.0

                                        1.21.87

                                        +

                                        1.23.156

                                        v1.21

                                        +

                                        v1.23

                                        Fixed some issues.

                                        +

                                        Added the name of the target node pool to the events.

                                        1.21.0

                                        +

                                        1.23.0

                                        1.21.86

                                        +

                                        1.23.125

                                        v1.21

                                        +

                                        v1.23

                                        Fixed the issue that the node pool auto scaling cannot meet expectations after AZ topology constraints are configured for nodes.

                                        +

                                        Optimized events.

                                        1.21.0

                                        +

                                        1.23.0

                                        1.21.51

                                        +

                                        1.23.95

                                        v1.21

                                        +

                                        v1.23

                                        Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.

                                        +

                                        Fixed some issues.

                                        1.21.0

                                        +

                                        1.23.0

                                        1.21.29

                                        +

                                        1.23.93

                                        v1.21

                                        +

                                        v1.23

                                        • Supported anti-affinity scheduling of add-on pods on nodes in different AZs.
                                        • Added the tolerance time during which the pods with temporary storage volumes cannot be scheduled.
                                        • Fixed the issue that the number of node pools cannot be restored when scaling group resources are insufficient.
                                        • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                        • The default taint tolerance duration is changed to 60s.
                                        • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.
                                        +

                                        Fixed some issues.

                                        1.21.0

                                        +

                                        1.23.0

                                        1.21.16

                                        +

                                        1.23.91

                                        v1.21

                                        +

                                        v1.23

                                        • Supported node scaling policies without a step.
                                        • Fixed a bug so that deleted node pools are automatically removed.
                                        • Supported scheduling by priority.
                                        • Supported the emptyDir scheduling policy.
                                        • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                        • Modified the memory request and limit of a customized flavor.
                                        • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                        +

                                        Fixed some issues.

                                        1.21.0

                                        +

                                        1.23.0

                                        1.21.9

                                        +

                                        1.23.54

                                        v1.21

                                        +

                                        v1.23

                                        • Optimized logging.
                                        • Supported scale-in waiting so that operations such as data dump can be performed before a node is deleted.
                                        +

                                        Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.

                                        1.21.0

                                        +

                                        1.23.0

                                        1.21.1

                                        +

                                        1.23.31

                                        v1.21

                                        +

                                        v1.23

                                        Fixed the issue that the node pool modification in the existing periodic auto scaling rule does not take effect.

                                        +
                                        • Fixed the issue that the autoscaler's least-waste is disabled by default.
                                        • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                        • The default taint tolerance duration is changed to 60s.
                                        • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.

                                        1.21.0

                                        +

                                        1.23.0

                                        +

                                        1.23.17

                                        +

                                        v1.23

                                        +
                                        • Supported node scaling policies without a step.
                                        • Fixed a bug so that deleted node pools are automatically removed.
                                        • Supported scheduling by priority.
                                        • Supported the emptyDir scheduling policy.
                                        • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                        • Modified the memory request and limit of a customized flavor.
                                        • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                        +

                                        1.23.0

                                        +

                                        1.23.10

                                        +

                                        v1.23

                                        +
                                        • Optimized logging.
                                        • Supported scale-in waiting so that operations such as data dump can be performed before a node is deleted.
                                        +

                                        1.23.0
                                        -
                                        Table 10 Release history for the add-on adapted to clusters 1.19

                                        Add-on Version

                                        +
                                        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                        Table 10 Release history for the add-on adapted to clusters v1.21

                                        Add-on Version

                                        Supported Cluster Version

                                        +

                                        Supported Cluster Version

                                        New Feature

                                        +

                                        New Feature

                                        Community Version

                                        +

                                        Community Version

                                        1.19.76

                                        +

                                        1.21.89

                                        v1.19

                                        +

                                        v1.21

                                        • Optimized the method of identifying GPUs and NPUs.
                                        • Used the remaining node quota of a cluster for the extra nodes that are beyond the cluster scale.
                                        +

                                        Fixed some issues.

                                        1.19.0

                                        +

                                        1.21.0

                                        1.19.56

                                        +

                                        1.21.87

                                        v1.19

                                        +

                                        v1.21

                                        Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.

                                        +

                                        Fixed some issues.

                                        1.19.0

                                        +

                                        1.21.0

                                        1.19.35

                                        +

                                        1.21.86

                                        v1.19

                                        +

                                        v1.21

                                        • Supported anti-affinity scheduling of add-on pods on nodes in different AZs.
                                        • Added the tolerance time during which the pods with temporary storage volumes cannot be scheduled.
                                        • Fixed the issue that the number of node pools cannot be restored when scaling group resources are insufficient.
                                        • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                        • The default taint tolerance duration is changed to 60s.
                                        • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.
                                        +

                                        Fixed the issue that the node pool auto scaling cannot meet expectations after AZ topology constraints are configured for nodes.

                                        1.19.0

                                        +

                                        1.21.0

                                        1.19.22

                                        +

                                        1.21.51

                                        v1.19

                                        +

                                        v1.21

                                        • Supported node scaling policies without a step.
                                        • Fixed a bug so that deleted node pools are automatically removed.
                                        • Supported scheduling by priority.
                                        • Supported the emptyDir scheduling policy.
                                        • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                        • Modified the memory request and limit of a customized flavor.
                                        • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                        +

                                        Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.

                                        1.19.0

                                        +

                                        1.21.0

                                        1.19.14

                                        +

                                        1.21.29

                                        v1.19

                                        +

                                        v1.21

                                        • Optimized logging.
                                        • Supported scale-in waiting so that operations such as data dump can be performed before a node is deleted.
                                        +
                                        • Supported anti-affinity scheduling of add-on pods on nodes in different AZs.
                                        • Added the tolerance time during which the pods with temporary storage volumes cannot be scheduled.
                                        • Fixed the issue that the number of node pools cannot be restored when scaling group resources are insufficient.
                                        • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                        • The default taint tolerance duration is changed to 60s.
                                        • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.

                                        1.19.0

                                        +

                                        1.21.0

                                        1.19.11

                                        +

                                        1.21.16

                                        v1.19

                                        +

                                        v1.21

                                        Fixed the issue that authentication fails due to incorrect signature in the add-on request retries.

                                        +
                                        • Supported node scaling policies without a step.
                                        • Fixed a bug so that deleted node pools are automatically removed.
                                        • Supported scheduling by priority.
                                        • Supported the emptyDir scheduling policy.
                                        • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                        • Modified the memory request and limit of a customized flavor.
                                        • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.

                                        1.19.0

                                        +

                                        1.21.0

                                        1.19.8

                                        +

                                        1.21.9

                                        v1.19

                                        +

                                        v1.21

                                        Fixed the issue that the node pool modification in the existing periodic auto scaling rule does not take effect.

                                        +
                                        • Optimized logging.
                                        • Supported scale-in waiting so that operations such as data dump can be performed before a node is deleted.

                                        1.19.0

                                        +

                                        1.21.0

                                        1.19.7

                                        +

                                        1.21.1

                                        v1.19

                                        +

                                        v1.21

                                        Regular upgrade of add-on dependencies

                                        +

                                        Fixed the issue that the node pool modification in the existing periodic auto scaling rule does not take effect.

                                        1.19.0

                                        +

                                        1.21.0
                                        -
                                        - diff --git a/docs/cce/umn/cce_10_0186.html b/docs/cce/umn/cce_10_0186.html index b18836976..ef13b06c7 100644 --- a/docs/cce/umn/cce_10_0186.html +++ b/docs/cce/umn/cce_10_0186.html @@ -1,10 +1,10 @@

                                        Deleting a Node

                                        -

                                        Scenario

                                        You can delete a pay-per-use node that is not needed from the node list.

                                        +

                                        Scenario

                                        If a node is no longer needed, delete it from the node list on the CCE console if the node is billed on a pay-per-use basis. Do not manually remove nodes using kubectl delete node, as this may lead to unexpected results.

                                        Deleting or unsubscribing from a node in a CCE cluster will release the node and services running on the node. Drain the node and back up data before the deletion or unsubscription to prevent services running on the node from being affected.

                                        -

                                        Precautions

                                        • Deleting a node will lead to pod migration, which may affect services. Perform this operation during off-peak hours. It is a good practice to drain the node before deletion. For details, see Draining a Node.
                                        • Unexpected risks may occur during the operation. Back up data beforehand.
                                        +

                                        Precautions

                                        • Deleting a node will lead to pod migration, which may affect services. Perform this operation during off-peak hours. It is a good practice to drain the node before deletion. For details, see Draining a Node.
                                        • After a node is deleted, its data will be destroyed. Back up node data beforehand.
                                        • Deleting a node will cause PVC/PV data loss for the local PV associated with the node. These PVCs and PVs cannot be restored or used again. In this scenario, the pod that uses the local PV is evicted from the node. A new pod is created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled.

                                        Deleting a Node

                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                        2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                        3. Locate the target node and choose More > Delete in the Operation column.
                                        4. In the Delete Node dialog box, enter DELETE and click Yes.

                                          • After the node is deleted, workload pods on the node are automatically migrated to other available nodes.
                                          • If the disks and EIPs bound to the node are important resources, unbind them first. Otherwise, they will be deleted with the node.
                                          diff --git a/docs/cce/umn/cce_10_0187.html b/docs/cce/umn/cce_10_0187.html index b4b8de8ee..a493133ab 100644 --- a/docs/cce/umn/cce_10_0187.html +++ b/docs/cce/umn/cce_10_0187.html @@ -9,7 +9,7 @@

                                        In general, you configure CCE permissions in two scenarios. The first is creating and managing clusters and related resources, such as nodes. The second is creating and using Kubernetes resources in the cluster, such as workloads and Services.

                                        -
                                        Figure 1 Illustration on CCE permissions
                                        +
                                        Figure 1 Illustration on CCE permissions

                                        These permissions allow you to manage resource users at a finer granularity.

                                        Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based)

                                        Users with different cluster permissions (assigned using IAM) have different namespace permissions (assigned using Kubernetes RBAC). Table 1 lists the namespace permissions of different users.

                                        diff --git a/docs/cce/umn/cce_10_0188.html b/docs/cce/umn/cce_10_0188.html index 5c9b545d4..82d3aabed 100644 --- a/docs/cce/umn/cce_10_0188.html +++ b/docs/cce/umn/cce_10_0188.html @@ -8,20 +8,19 @@

                                        Configuration

                                        On the CCE console, when you choose Permissions > Cluster-Level Permissions to create a user group, you will be directed to the IAM console to complete the process. After the user group is created and its permissions are configured, you can view the information on the Cluster-Level Permissions tab page. This section describes the operations in IAM.

                                        -

                                        Process Flow

                                        Figure 1 Process of assigning CCE permissions
                                        -

                                        -
                                        1. Create a user group and assign permissions to it.

                                          Create a user group on the IAM console, and assign CCE permissions, for example, the CCE ReadOnlyAccess policy to the group.

                                          +

                                          Process Flow

                                          Figure 1 Process of granting CCE permissions
                                          +
                                          1. Create a user group and assign permissions to it.

                                            On the IAM console, create a user group and grant it CCE permissions (CCE ReadOnlyAccess as an example).

                                            CCE is deployed by region. On the IAM console, select Region-specific projects when assigning CCE permissions.

                                          2. Create a user and add it to a user group.

                                            Create a user on the IAM console and add the user to the group created in 1.

                                            IAM users need programmatic and management console access to use CCE.

                                          3. Log in and verify permissions.

                                            Log in to the management console as the user you created, and verify that the user has the assigned permissions.

                                            -
                                            • Log in to the management console, switch to the CCE console, and create a cluster. If you fail to do so (assuming that only the CCE ReadOnlyAccess permission is assigned), the CCE ReadOnlyAccess policy has already taken effect.
                                            • Switch to the console of any other service. If a message appears indicating that you do not have the required permissions for accessing the service, the CCE ReadOnlyAccess policy has already taken effect.
                                            +
                                            • Choose Service List > Cloud Container Engine. Then click Create Cluster on the CCE console. If the operation failed, the CCE ReadOnlyAccess policy is in effect.
                                            • Choose another service from Service List. If a message appears indicating that you have insufficient permissions to perform the operation, the CCE ReadOnlyAccess policy is in effect.

                                          System-defined Roles

                                          Roles are a type of coarse-grained authorization mechanism that defines service-level permissions based on user responsibilities. Only a limited number of service-level roles are available for authorization. Roles are not ideal for fine-grained authorization and least privilege access.

                                          -

                                          The preset system role for CCE in IAM is CCE Administrator. When assigning this role to a user group, you must also select other roles and policies on which this role depends, such as Tenant Guest, Server Administrator, ELB Administrator, OBS Administrator, SFS Administrator, SWR Admin, and APM FullAccess.

                                          +

                                          The preset system role for CCE in IAM is CCE Administrator. When assigning this role to a user group, you must also select other roles and policies on which this role depends, such as Tenant Guest, Server Administrator, ELB Administrator, OBS Administrator, SFS Administrator, APM FullAccess, and SWR Admin.

                                          System-defined Policies

                                          The system policies preset for CCE in IAM are CCE FullAccess and CCE ReadOnlyAccess.

                                          • CCE FullAccess: common operation permissions on CCE cluster resources, excluding the namespace-level permissions for the clusters (with Kubernetes RBAC enabled) and the privileged administrator operations, such as agency configuration and cluster certificate generation
                                          • CCE ReadOnlyAccess: permissions to view CCE cluster resources, excluding the namespace-level permissions of the clusters (with Kubernetes RBAC enabled)
                                          @@ -30,10 +29,10 @@

                                          Custom Policies

                                          Custom policies can be created as a supplement to the system-defined policies of CCE.

                                          You can create custom policies in either of the following ways:

                                          -
                                          • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
                                          • JSON: Edit JSON policies from scratch or based on an existing policy.
                                          -

                                          This section provides examples of common custom CCE policies.

                                          +
                                          • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
                                          • JSON: Create a JSON policy or edit an existing one.
                                          +

                                          The following lists examples of common CCE custom policies.

                                          -

                                          Example Custom Policies:

                                          +

                                          Examples

                                          • Example 1: Creating a cluster named test
                                            {
     "Version": "1.1",
     "Statement": [
@@ -46,7 +45,7 @@
     ]
 }
                                          • Example 2: Denying node deletion

                                            A policy with only "Deny" permissions must be used with other policies. If the permissions assigned to a user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.

                                            -

                                            The following method can be used if you need to assign permissions of the CCEFullAccess policy to a user but you want to prevent the user from deleting nodes (cce:node:delete). Create a custom policy for denying node deletion, and attach both policies to the group to which the user belongs. Then, the user can perform all operations on CCE except deleting nodes. The following is an example of a deny policy:

                                            +

                                            If you want to grant the CCEFullAccess permission to a user but prevent them from deleting nodes (cce:node:delete), you can create a custom policy that denies node deletion. Then, attach this policy with the CCEFullAccess policy to the user. Since an explicit denial in any policy takes precedence over any allowances, the user will have permission to perform all operations on nodes except for deleting them. The following is an example of a deny policy:

                                            {
     "Version": "1.1",
     "Statement": [
@@ -58,7 +57,7 @@
         }
     ]
 }
                                            -
                                          • Example 3: Defining permissions for multiple services in a policy

                                            A custom policy can contain the actions of multiple services that are of the global or project-level type. The following is an example policy containing actions of multiple services:

                                            +
                                          • Example 3: Creating a custom policy containing multiple actions

                                            A custom policy can contain the actions of multiple services that are of the global or project-level type. The following is an example policy containing multiple actions:

                                            {
     "Version": "1.1",
     "Statement": [
@@ -80,11 +79,11 @@
 
                                            • Basic IAM roles:
                                              • te_admin (Tenant Administrator): Users with this role can call all APIs of all services except IAM.
                                              • readonly (Tenant Guest): Users with this role can call APIs with the read-only permissions of all services except IAM.
                                              
 
                                            • Custom CCE administrator role: CCE Administrator
                                            
 
                                             
                                            If a user has the Tenant Administrator or CCE Administrator system role, the user has the cluster-admin permissions in Kubernetes RBAC and the permissions cannot be removed after the cluster is created.
                                            
-
                                            If the user is the cluster creator, the cluster-admin permissions in Kubernetes RBAC are granted to the user by default. The permissions can be manually removed after the cluster is created.
                                            • Method 1: Choose Permissions Management > Namespace-Level Permissions > Delete in the same role as cluster-creator on the CCE console.
                                            • Method 2: Delete ClusterRoleBinding: cluster-creator through the API or kubectl.
                                            
+
                                            If the user is the cluster creator, the cluster-admin permissions in Kubernetes RBAC are granted to the user by default. The permissions can be manually removed after the cluster is created.
                                            • Method 1: Choose Permissions > Namespace-Level Permissions > Delete in the same role as cluster-creator on the CCE console.
                                            • Method 2: Delete ClusterRoleBinding: cluster-creator through the API or kubectl.
                                            
 
                                            
 
                                            
 
                                            When RBAC and IAM policies co-exist, the backend authentication logic for open APIs or console operations on CCE is as follows.
                                            
-
                                            
+
                                        diff --git a/docs/cce/umn/cce_10_0189.html b/docs/cce/umn/cce_10_0189.html index 1225e64f9..d9b586bf4 100644 --- a/docs/cce/umn/cce_10_0189.html +++ b/docs/cce/umn/cce_10_0189.html @@ -4,12 +4,12 @@

                                        Namespace Permissions (Kubernetes RBAC-based)

                                        You can regulate users' or user groups' access to Kubernetes resources in a single namespace based on their Kubernetes RBAC roles. The RBAC API declares four kinds of Kubernetes objects: Role, ClusterRole, RoleBinding, and ClusterRoleBinding, which are described as follows:

                                        • Role: defines a set of rules for accessing Kubernetes resources in a namespace.
                                        • RoleBinding: defines the relationship between users and roles.
                                        • ClusterRole: defines a set of rules for accessing Kubernetes resources in a cluster (including all namespaces).
                                        • ClusterRoleBinding: defines the relationship between users and cluster roles.

                                        Role and ClusterRole specify actions that can be performed on specific resources. RoleBinding and ClusterRoleBinding bind roles to specific users, user groups, or ServiceAccounts. Illustration:

                                        -
                                        Figure 1 Role binding
                                        -
                                        On the CCE console, you can assign permissions to a user or user group to access resources in one or multiple namespaces. By default, the CCE console provides the following ClusterRoles:
                                        • view (read-only): read-only permission on most resources in all or selected namespaces.
                                        • edit (development): read and write permissions on most resources in all or selected namespaces. If this ClusterRole is configured for all namespaces, its capability is the same as the O&M permission.
                                        • admin (O&M): read and write permissions on most resources in all namespaces, and read-only permission on nodes, storage volumes, namespaces, and quota management.
                                        • cluster-admin (administrator): read and write permissions on all resources in all namespaces.
                                        • drainage-editor: drain a node.
                                        • drainage-viewer: view the nodal drainage status but cannot drain a node.
                                        +
                                        Figure 1 Role binding
                                        +
                                        On the CCE console, you can assign permissions to a user or user group to access resources in one or multiple namespaces. By default, the CCE console provides the following ClusterRoles:
                                        • view (read-only): read-only permissions on most resources in all or selected namespaces.
                                        • edit (development): read-write permissions on most resources in all or selected namespaces. If this ClusterRole is configured for all namespaces, its capability is the same as the O&M permission.
                                        • admin (O&M): read and write permissions on most resources in all namespaces, and read-only permission on nodes, storage volumes, namespaces, and quota management.
                                        • cluster-admin (administrator): read and write permissions on all resources in all namespaces.
                                        • drainage-editor: drain a node.
                                        • drainage-viewer: view the nodal drainage status but cannot drain a node.

                                        In addition to the preceding typical ClusterRoles, you can define Role and RoleBinding to grant the permissions to add, delete, modify, and obtain global resources (such as nodes, PVs, and CustomResourceDefinitions) and different resources (such as pods, Deployments, and Services) in namespaces for refined permission control.

                                        -

                                        Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based)

                                        Users with different cluster permissions (assigned using IAM) have different namespace permissions (assigned using Kubernetes RBAC). Table 1 lists the namespace permissions of different users.

                                        +

                                        Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based)

                                        Users with different cluster permissions (assigned using IAM) have different namespace permissions (assigned using Kubernetes RBAC). Table 1 lists the namespace permissions of different users.

                                        Table 11 Release history for the add-on adapted to clusters 1.17

                                        Add-on Version

                                        +
                                        - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + +
                                        Table 11 Release history for the add-on adapted to clusters v1.19

                                        Add-on Version

                                        Supported Cluster Version

                                        +

                                        Supported Cluster Version

                                        New Feature

                                        +

                                        New Feature

                                        Community Version

                                        +

                                        Community Version

                                        1.17.27

                                        +

                                        1.19.76

                                        v1.17

                                        +

                                        v1.19

                                        • Optimized logging.
                                        • Fixed a bug so that deleted node pools are automatically removed.
                                        • Supported scheduling by priority.
                                        • Fixed the issue that taints on newly added nodes are overwritten.
                                        • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                        • Modified the memory request and limit of a customized flavor.
                                        • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                        +
                                        • Optimized the method of identifying GPUs and NPUs.
                                        • Used the remaining node quota of a cluster for the extra nodes that are beyond the cluster scale.

                                        1.17.0

                                        +

                                        1.19.0

                                        1.17.22

                                        +

                                        1.19.56

                                        v1.17

                                        +

                                        v1.19

                                        Optimized logging.

                                        +

                                        Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.

                                        1.17.0

                                        +

                                        1.19.0

                                        1.17.19

                                        +

                                        1.19.35

                                        v1.17

                                        +

                                        v1.19

                                        Fixed the issue that authentication fails due to incorrect signature in the add-on request retries.

                                        +
                                        • Supported anti-affinity scheduling of add-on pods on nodes in different AZs.
                                        • Added the tolerance time during which the pods with temporary storage volumes cannot be scheduled.
                                        • Fixed the issue that the number of node pools cannot be restored when scaling group resources are insufficient.
                                        • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                        • The default taint tolerance duration is changed to 60s.
                                        • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.

                                        1.17.0

                                        +

                                        1.19.0

                                        1.17.16

                                        +

                                        1.19.22

                                        v1.17

                                        +

                                        v1.19

                                        Fixed the issue that the node pool modification in the existing periodic auto scaling rule does not take effect.

                                        +
                                        • Supported node scaling policies without a step.
                                        • Fixed a bug so that deleted node pools are automatically removed.
                                        • Supported scheduling by priority.
                                        • Supported the emptyDir scheduling policy.
                                        • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                        • Modified the memory request and limit of a customized flavor.
                                        • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.

                                        1.17.0

                                        +

                                        1.19.0

                                        1.17.15

                                        +

                                        1.19.14

                                        v1.17

                                        +

                                        v1.19

                                        Unified resource specification configuration unit.

                                        +
                                        • Optimized logging.
                                        • Supported scale-in waiting so that operations such as data dump can be performed before a node is deleted.

                                        1.17.0

                                        +

                                        1.19.0

                                        1.17.2

                                        +

                                        1.19.11

                                        v1.17

                                        +

                                        v1.19

                                        Clusters 1.17 are supported.

                                        +

                                        Fixed the issue that authentication fails due to incorrect signature in the add-on request retries.

                                        1.17.0

                                        +

                                        1.19.0

                                        +

                                        1.19.8

                                        +

                                        v1.19

                                        +

                                        Fixed the issue that the node pool modification in the existing periodic auto scaling rule does not take effect.

                                        +

                                        1.19.0

                                        +

                                        1.19.7

                                        +

                                        v1.19

                                        +

                                        Regular upgrade of add-on dependencies

                                        +

                                        1.19.0

                                        +
                                        +
                                        + +
                                        + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/cce/umn/cce_10_0163.html b/docs/cce/umn/cce_10_0163.html index 843ab2b5d..17adbb721 100644 --- a/docs/cce/umn/cce_10_0163.html +++ b/docs/cce/umn/cce_10_0163.html @@ -6,7 +6,7 @@

                                        Request and Limit

                                        For CPU and Memory, the meanings of Request and Limit are as follows:
                                        • Request: The system schedules a pod to the node that meets the requirements for workload deployment based on the request value.
                                        • Limit: The system limits the resources used by the workload based on the limit value.

                                        If a node has sufficient resources, the pod on this node can use more resources than requested, but no more than limited.

                                        -

                                        For example, if you set the memory request of a container to 1 GiB and the limit value to 2 GiB, a pod is scheduled to a node with 8 GiB CPUs with no other pod running. In this case, the pod can use more than 1 GiB memory when the load is heavy, but the memory usage cannot exceed 2 GiB. If a process in a container attempts to use more than 2 GiB resources, the system kernel attempts to terminate the process. As a result, an out of memory (OOM) error occurs.

                                        +

                                        For example, if you set a pod's memory request to 1 GiB and its limit to 2 GiB, and the pod is scheduled on a node with 8 GiB of memory (with no other pods running), the pod can use more than 1 GiB of memory under heavy load, but its memory usage will be capped at 2 GiB. If a process in a container attempts to use more than 2 GiB resources, the system kernel attempts to terminate the process. As a result, an out of memory (OOM) error occurs.

                                        When creating a workload, you are advised to set the upper and lower limits of CPU and memory resources. If the upper and lower resource limits are not set for a workload, a resource leak of this workload will make resources unavailable for other workloads deployed on the same node. In addition, workloads that do not have upper and lower resource limits cannot be accurately monitored.

                                        @@ -55,7 +55,7 @@
                                        Table 12 Release history for the add-on adapted to clusters v1.17

                                        Add-on Version

                                        +

                                        Supported Cluster Version

                                        +

                                        New Feature

                                        +

                                        Community Version

                                        +

                                        1.17.27

                                        +

                                        v1.17

                                        +
                                        • Optimized logging.
                                        • Fixed a bug so that deleted node pools are automatically removed.
                                        • Supported scheduling by priority.
                                        • Fixed the issue that taints on newly added nodes are overwritten.
                                        • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                        • Modified the memory request and limit of a customized flavor.
                                        • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                        +

                                        1.17.0

                                        +

                                        1.17.22

                                        +

                                        v1.17

                                        +

                                        Optimized logging.

                                        +

                                        1.17.0

                                        +

                                        1.17.19

                                        +

                                        v1.17

                                        +

                                        Fixed the issue that authentication fails due to incorrect signature in the add-on request retries.

                                        +

                                        1.17.0

                                        +

                                        1.17.16

                                        +

                                        v1.17

                                        +

                                        Fixed the issue that the node pool modification in the existing periodic auto scaling rule does not take effect.

                                        +

                                        1.17.0

                                        +

                                        1.17.15

                                        +

                                        v1.17

                                        +

                                        Unified resource specification configuration unit.

                                        +

                                        1.17.0

                                        +

                                        1.17.2

                                        +

                                        v1.17

                                        +

                                        Clusters v1.17 are supported.

                                        +

                                        1.17.0

                                        Recommended configuration

                                        -

                                        Actual available memory of a node ≥ Sum of memory limits of all containers on the current node ≥ Sum of memory requests of all containers on the current node. You can view the actual available memory of a node on the CCE console (Resource Management > Nodes > Allocatable).

                                        +

                                        Actual available memory of a node ≥ Sum of memory limits of all containers on the current node ≥ Sum of memory requests of all containers on the current node. You can view the actual available memory of a node on the CCE console (Resource Management > Nodes > Allocatable).

                                        The allocatable resources are calculated based on the resource request value (Request), which indicates the upper limit of resources that can be requested by pods on this node, but does not indicate the actual available resources of the node (for details, see Example of CPU and Memory Quota Usage). The calculation formula is as follows:

                                        • Allocatable CPU = Total CPU – Requested CPU of all pods – Reserved CPU for other resources
                                        • Allocatable memory = Total memory – Requested memory of all pods – Reserved memory for other resources
                                        diff --git a/docs/cce/umn/cce_10_0164.html b/docs/cce/umn/cce_10_0164.html index 07de0fd6c..ef2253841 100644 --- a/docs/cce/umn/cce_10_0164.html +++ b/docs/cce/umn/cce_10_0164.html @@ -10,6 +10,8 @@
                                      5. Namespace Permissions (Kubernetes RBAC-based)
                                        6. +
                                      6. Using the AccessPolicy API to Manage Namespace Permissions (Kubernetes RBAC-based)
                                        +
                                      7. Example: Designing and Configuring Permissions for Users in a Department
                                      8. Permission Dependency of the CCE Console
                                        diff --git a/docs/cce/umn/cce_10_0175.html b/docs/cce/umn/cce_10_0175.html index daf8e5794..c3f2614ce 100644 --- a/docs/cce/umn/cce_10_0175.html +++ b/docs/cce/umn/cce_10_0175.html @@ -1,13 +1,19 @@

                                        Accessing a Cluster Using an X.509 Certificate

                                        -

                                        Scenario

                                        This section describes how to obtain the cluster certificate from the console and use it to access Kubernetes clusters.

                                        -
                                        -

                                        Procedure

                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                        2. On the Overview page, locate the Connection Info area, and click Download next to X.509 certificate.
                                        3. In the Obtain Certificate dialog box displayed, select the certificate expiration time and download the X.509 certificate of the cluster as prompted.

                                          Figure 1 Downloading a certificate
                                          +

                                          X.509 certificates are essential for verifying identities and encrypting communication within CCE clusters. These certificates enable authorized clients to access target clusters while encrypting data transmission between them. This prevents threats like eavesdropping and tampering, ensuring secure communication, authenticated identities, and valid access. To initiate a connection using X.509 certificates, obtain the cluster certificate from the CCE console and use it to configure the client accordingly.

                                          +

                                          Procedure

                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                          2. On the Overview page, locate the Connection Information area, and click Download next to X.509 certificate.
                                          3. In the Obtain Certificate dialog box displayed, select the certificate expiration time and download the X.509 certificate of the cluster as prompted.

                                            Figure 1 Downloading a certificate
                                            • The downloaded certificate contains three files: client.key, client.crt, and ca.crt. Keep these files secure.
                                            • Certificates are not required for mutual access between containers in a cluster.
                                            -

                                          4. Call native Kubernetes APIs using the cluster certificate.

                                            For example, run the curl command to call an API to obtain the pod information. In the following information, 192.168.0.18:5443 indicates the private IP address or EIP and port number of the API server in the cluster.

                                            +

                                          5. Import the X.509 certificate to the client and use the certificate to call Kubernetes native APIs.

                                            For example, run the curl command to call an API to obtain the pod information. The following is an example:

                                            curl --cacert ./ca.crt --cert ./client.crt --key ./client.key  https://192.168.0.18:5443/api/v1/namespaces/default/pods/
                                            +
                                            • ./ca.crt, ./client.crt, and ./client.key are the paths for uploading the client.key, client.crt, and ca.crt files, respectively.
                                            • 192.168.0.18:5443 is the private or public network address of the API server in the cluster.
                                            +
                                            +

                                            If the following information is displayed, the X.509 certificate is correctly configured and the API Server of the cluster is running properly:

                                            +
                                            {
+  "kind": "PodList",
+  "apiVersion": "v1",
+...

                                            For more cluster APIs, see Kubernetes API.

                                          diff --git a/docs/cce/umn/cce_10_0180.html b/docs/cce/umn/cce_10_0180.html index 441ef9c43..4a94ba4f8 100644 --- a/docs/cce/umn/cce_10_0180.html +++ b/docs/cce/umn/cce_10_0180.html @@ -9,7 +9,7 @@

                                          Supported Node Specifications

                                          Different regions support different node flavors, and node flavors may be changed. Log in to the CCE console and check whether the required node flavors are supported on the page for creating nodes.

                                          Underlying File Storage System of Containers

                                          Docker

                                          -
                                          • In clusters of v1.15.6 or earlier, the underlying Docker file storage system is in XFS format.
                                          • In clusters of v1.15.11 or later, after a node is created or reset, the underlying Docker file storage system changes to the ext4 format.
                                          +
                                          • In clusters of v1.15.6 or earlier, the underlying Docker file storage system is in XFS format.
                                          • In clusters of v1.15.11 or later, after a node is created or reset, the underlying Docker file storage system changes to the ExtFS format.

                                          For containerized applications that use the XFS format, pay attention to the impact of the underlying file storage format change. (The sequence of files in different file systems is different. For example, some Java applications reference a JAR package, but the directory contains multiple versions of the JAR package. If the version is not specified, the actual referenced package is determined by the system file.)

                                          Run the docker info | grep "Backing Filesystem" command to check the format of the underlying Docker storage file used by the current node.

                                          containerd

                                          diff --git a/docs/cce/umn/cce_10_0182.html b/docs/cce/umn/cce_10_0182.html index a8b1d6324..4a374cc6b 100644 --- a/docs/cce/umn/cce_10_0182.html +++ b/docs/cce/umn/cce_10_0182.html @@ -4,6 +4,8 @@
                                          diff --git a/docs/cce/umn/cce_10_0185.html b/docs/cce/umn/cce_10_0185.html index 4bb3462ba..c8aac4b0b 100644 --- a/docs/cce/umn/cce_10_0185.html +++ b/docs/cce/umn/cce_10_0185.html @@ -1,13 +1,13 @@

                                          Logging In to a Node

                                          -

                                          Prerequisites

                                          • Before you log in to a node using SSH, ensure that the SSH port (22 by default) is enabled in the security group of the node.
                                          • Before you log in to a node (an ECS) using SSH through the Internet, ensure that the ECS already has an EIP bound.
                                          • Only login to a running ECS is allowed.
                                          • Only the user linux can log in to a Linux server.
                                          +

                                          Prerequisites

                                          • Before you log in to a node using SSH, ensure that the SSH port (22 by default) is enabled in the security group of the node.
                                          • Before you log in to a node (an ECS) using SSH through the Internet, ensure that the ECS already has an EIP bound.
                                          • Only login to a running ECS is allowed.
                                          • Only the user linux can log in to a Linux server.

                                          Login Modes

                                          You can log in to an ECS in either of the following modes:

                                          • Management console (VNC)

                                            If an ECS has no EIP, log in to the ECS console and click Remote Login in the same row as the ECS.

                                            For details, see Login Using VNC.

                                          • SSH

                                            This mode applies only to ECSs running Linux. Usually, you can use a remote login tool, such as PuTTY, Xshell, and SecureCRT, to log in to your ECS. If none of the remote login tools can be used, log in to the ECS console and click Remote Login in the same row as the ECS to view the connection status and running status of the ECS.

                                            -
                                            • When you use the Windows OS to log in to a Linux node, set Auto-login username to linux.
                                            • The CCE console does not support node OS upgrade. Do not upgrade the node OS using the yum update command. Otherwise, the container networking components will be unavailable.
                                            +
                                            • When you use the Windows OS to log in to a Linux node, set Auto-login username to linux.
                                            • The CCE console does not support node OS upgrade. Do not upgrade the node OS using the yum update command. Otherwise, the container networking components will be unavailable.
                                          @@ -25,7 +25,7 @@

                                        9. Windows

                                        Use a remote login tool, such as PuTTY or Xshell.

                                        - +

                                        Yes

                                        @@ -33,14 +33,14 @@

                                        Linux

                                        Run commands.

                                        - +

                                        Yes/No

                                        Windows/Linux

                                        Remote login using the management console: Login Using VNC

                                        +

                                        Remote login using the management console: Login Using VNC
                                        @@ -41,17 +41,17 @@
                                        Table 1 Differences in namespace permissions

                                        User

                                        -

                                        Precautions

                                        • After you create a cluster, CCE automatically assigns the cluster-admin permission to you, which means you have full control on all resources in all namespaces in the cluster. The ID of a federated user changes upon each login and logout. Therefore, the user with the permissions is displayed as deleted. In this case, do not delete the permissions. Otherwise, the authentication fails. You are advised to grant the cluster-admin permission to a user group on CCE and add federated users to the user group.
                                        • A user with the Security Administrator role has all IAM permissions except role switching. For example, an account in the admin user group has this role by default. Only these users can assign permissions on the Permissions page on the CCE console.
                                        +

                                        Precautions

                                        • After you create a cluster, CCE automatically assigns the cluster-admin permission to you, which means you have full control on all resources and all namespaces in this cluster. The ID of a federated user changes upon each login and logout. Therefore, the user with the permissions is displayed as deleted. In this case, do not delete the permissions. Otherwise, the authentication fails. You are advised to grant the cluster-admin permission to a user group on CCE and add federated users to the user group.
                                        • A user with the Security Administrator role has all IAM permissions except role switching. For example, an account in the admin user group has this role by default. Only these users can assign permissions on the Permissions page on the CCE console.

                                        Configuring Namespace Permissions (on the Console)

                                        You can regulate users' or user groups' access to Kubernetes resources in a single namespace based on their Kubernetes RBAC roles.

                                        -
                                        1. Log in to the CCE console. In the navigation pane, choose Permissions.
                                        2. Select a cluster for which you want to add permissions from the drop-down list on the right.
                                        3. Click Add Permissions in the upper right corner.
                                        4. Confirm the cluster name and select the namespace to assign permissions for. For example, select All namespaces, the target user or user group, and select the permissions.

                                          If you do not have IAM permissions, you cannot select users or user groups when configuring permissions for other users or user groups. In this case, you can enter a user ID or user group ID.

                                          +
                                          1. Log in to the CCE console. In the navigation pane, choose Permissions.
                                          2. Select a cluster for which you want to add permissions from the drop-down list on the right.
                                          3. Click Add Permission in the upper right corner.
                                          4. Confirm the cluster name and select the namespace to assign permissions for. For example, select All namespaces, the target user or user group, and select the permissions.

                                            If you do not have IAM permissions, you cannot select users or user groups when configuring permissions for other users or user groups. In this case, you can enter a user ID or user group ID.

                                            Permissions can be customized as required. After selecting Custom for Permission Type, click Add Custom Role on the right of the Custom parameter. In the dialog box displayed, enter a name and select a rule. After the custom rule is created, you can select a value from the Custom drop-down list box.

                                            Custom permissions are classified into ClusterRole and Role. Each ClusterRole or Role contains a group of rules that represent related permissions. For details, see Using RBAC Authorization.

                                            • A ClusterRole is a cluster-level resource that can be used to configure cluster access permissions.
                                            • A Role is used to configure access permissions in a namespace. When creating a Role, specify the namespace to which the Role belongs.

                                          5. Click OK.
                                          -

                                          Using kubectl to Configure Namespace Permissions

                                          When you access a cluster using kubectl, CCE uses kubeconfig.json generated on the cluster for authentication. This file contains user information, based on which CCE determines which Kubernetes resources can be accessed by kubectl. The permissions recorded in a kubeconfig.json file vary from user to user. The permissions that a user has are listed in Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based).

                                          +

                                          Using kubectl to Configure Namespace Permissions

                                          When you access a cluster using kubectl, CCE uses the kubeconfig file generated on the cluster for authentication. This file contains user information, based on which CCE determines which Kubernetes resources can be accessed via kubectl. Since the kubeconfig file contains user identity details, the permissions associated with that user are inherited when accessing the cluster via kubectl. For details about user permissions, see Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based).

                                          In addition to cluster-admin, admin, edit, and view, you can define Roles and RoleBindings to configure the permissions to add, delete, modify, and obtain resources, such as pods, Deployments, and Services, in the namespace.

                                          The procedure for creating a Role is very simple. To be specific, specify a namespace and then define rules. The rules in the following example are to allow GET and LIST operations on pods in the default namespace.

                                          @@ -85,38 +85,41 @@ subjects:

                                          The subjects section binds a Role with an IAM user so that the IAM user can obtain the permissions defined in the Role, as shown in the following figure.

                                          Figure 2 Binding a role to a user

                                          You can also specify a user group in the subjects section. In this case, all users in the user group obtain the permissions defined in the Role.

                                          -
                                          subjects:
+
                                          ...
+subjects:
 - kind: Group
   name: 0c96fad22880f32a3f84c009862af6f7    # User group ID
   apiGroup: rbac.authorization.k8s.io
                                          
-
                                          Use the IAM user user-example to connect to the cluster and obtain the pod information. The following is an example of the returned pod information.
                                          
-
                                          # kubectl get pod
-NAME                                   READY   STATUS    RESTARTS   AGE
+
                                          To verify namespace permissions, perform the following operations:
                                          
+
                                          1. Log in to the CCE console as the IAM user user-example, obtain the kubeconfig file, and use it to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                          2. Obtain the pod information.
                                            kubectl get pod
                                            
+
                                            The following shows the pod information:
                                            NAME                                   READY   STATUS    RESTARTS   AGE
 deployment-389584-2-6f6bd4c574-2n9rk   1/1     Running   0          4d7h
 deployment-389584-2-6f6bd4c574-7s5qw   1/1     Running   0          4d7h
 deployment-3895841-746b97b455-86g77    1/1     Running   0          4d7h
 deployment-3895841-746b97b455-twvpn    1/1     Running   0          4d7h
 nginx-658dff48ff-7rkph                 1/1     Running   0          4d9h
-nginx-658dff48ff-njdhj                 1/1     Running   0          4d9h
-# kubectl get pod nginx-658dff48ff-7rkph
-NAME                     READY   STATUS    RESTARTS   AGE
-nginx-658dff48ff-7rkph   1/1     Running   0          4d9h
                                            
-
                                            Try querying Deployments and Services in the namespace. The output shows that user-example does not have the required permissions. Try querying the pods in namespace kube-system. The output shows that user-example does not have the required permissions. This indicates that the IAM user user-example has only the GET and LIST Pod permissions in the default namespace, which is the same as expected.
                                            
-
                                            # kubectl get deploy
-Error from server (Forbidden): deployments.apps is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "deployments" in API group "apps" in the namespace "default"
-# kubectl get svc
-Error from server (Forbidden): services is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "services" in API group "" in the namespace "default"
-# kubectl get pod --namespace=kube-system
-Error from server (Forbidden): pods is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "pods" in API group "" in the namespace "kube-system"
                                            
+nginx-658dff48ff-njdhj                 1/1     Running   0          4d9h
                                          
+
                                          +
                                        5. Check other types of resources, for example, Deployments.
                                          kubectl get deploy
                                          +
                                          If the following information is displayed, you do not have permission to view the Deployments:
                                          # kubectl get deploy
+Error from server (Forbidden): deployments.apps is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "deployments" in API group "apps" in the namespace "default"
                                          +
                                          +
                                        6. Check the pod information in the kube-system namespace.
                                          kubectl get pod --namespace=kube-system
                                          +
                                          If the following information is displayed, you do not have permission to view the pod information in the kube-system namespace:
                                          Error from server (Forbidden): pods is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "pods" in API group "" in the namespace "kube-system"
                                          +
                                          +
                                        +

                                        This indicates that the IAM user user-example has only the GET and LIST Pod permissions in the default namespace, which is the same as expected.

                                        Example: Assigning Cluster Administrator Permissions (cluster-admin)

                                        You can use the cluster-admin role to assign all permissions on a cluster. This role contains the permissions for all cluster resources.

                                        -

                                        In the following example kubectl output, a ClusterRoleBinding has been created and the cluster-admin role is bound to the user group cce-role-group.

                                        -
                                        # kubectl get clusterrolebinding
-NAME                                                              ROLE                           AGE
-clusterrole_cluster-admin_group0c96fad22880f32a3f84c009862af6f7   ClusterRole/cluster-admin      61s
-
-# kubectl get clusterrolebinding clusterrole_cluster-admin_group0c96fad22880f32a3f84c009862af6f7 -oyaml
-apiVersion: rbac.authorization.k8s.io/v1
+
                                        In the following example kubectl output, a ClusterRoleBinding has been created to associate the cluster-admin role with the user group cce-role-group.
                                        
+
                                        kubectl get clusterrolebinding
                                        
+
                                        Command output:
                                        
+
                                        NAME                                                              ROLE                           AGE
+clusterrole_cluster-admin_group0c96fad22880f32a3f84c009862af6f7   ClusterRole/cluster-admin      61s
                                        
+
                                        Run the following command to view the ClusterRoleBinding details:
                                        
+
                                        kubectl get clusterrolebinding clusterrole_cluster-admin_group0c96fad22880f32a3f84c009862af6f7 -oyaml
                                        
+
                                        Command output:
                                        
+
                                        apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   annotations:
@@ -134,31 +137,33 @@ subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: Group
   name: 0c96fad22880f32a3f84c009862af6f7
                                        
-
                                        Connect to the cluster as an authorized user. If the PVs and StorageClasses can be queried, the permission configuration takes effect.
                                        
-
                                        # kubectl get pv
-No resources found
-# kubectl get sc
-NAME                PROVISIONER                     RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
+
                                        Access the cluster as an authorized user. If cluster-level resources like StorageClasses can be accessed, the permission configuration is effective.
                                        
+
                                        kubectl get sc
                                        
+
                                        If the following information is displayed, the permission configuration is effective:
                                        
+
                                        NAME                PROVISIONER                     RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
 csi-disk            everest-csi-provisioner         Delete          Immediate              true                   75d
 csi-disk-topology   everest-csi-provisioner         Delete          WaitForFirstConsumer   true                   75d
 csi-nas             everest-csi-provisioner         Delete          Immediate              true                   75d
-csi-obs             everest-csi-provisioner         Delete          Immediate              false                  75d
                                        
+csi-obs             everest-csi-provisioner         Delete          Immediate              false                  75d
+...

                                        Example: Assigning Namespace O&M Permissions (admin)

                                        The admin role has the read and write permissions on most namespace resources. You can grant the admin permission on all namespaces to a user or user group.

                                        -

                                        In the following example kubectl output, a RoleBinding has been created and the admin role is bound to the user group cce-role-group.

                                        -
                                        # kubectl get rolebinding
-NAME                                                      ROLE                AGE
-clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7   ClusterRole/admin   18s
-# kubectl get rolebinding clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7 -oyaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
+
                                        In the following example kubectl output, a ClusterRoleBinding has been created to associate the admin role with the user group cce-role-group.
                                        
+
                                        kubectl get clusterrolebinding
                                        
+
                                        Command output:
                                        
+
                                        NAME                                                      ROLE                AGE
+clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7   ClusterRole/admin   18s
                                        
+
                                        Run the following command to view the ClusterRoleBinding details:
                                        
+
                                        kubectl get clusterrolebinding clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7 -oyaml
                                        
+
                                        Command output:
                                        
+
                                        apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
   annotations:
     CCE.com/IAM: "true"
   creationTimestamp: "2021-06-24T01:30:08Z"
   name: clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7
   resourceVersion: "36963685"
-  selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/default/rolebindings/clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7
   uid: 6c6f46a6-8584-47da-83f5-9eef1f7b75d6
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -168,34 +173,38 @@ subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: Group
   name: 0c96fad22880f32a3f84c009862af6f7
                                        
-
                                        Connect to the cluster as an authorized user. If the PVs and StorageClasses can be queried but a namespace cannot be created, the permission configuration takes effect.
                                        
-
                                        # kubectl get pv
-No resources found
-# kubectl get sc
-NAME                PROVISIONER                     RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
+
                                        Access the cluster as an authorized user. Cluster-level resources like StorageClasses can be accessed.
                                        
+
                                        kubectl get sc
                                        
+
                                        Command output:
                                        
+
                                        NAME                PROVISIONER                     RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
 csi-disk            everest-csi-provisioner         Delete          Immediate              true                   75d
 csi-disk-topology   everest-csi-provisioner         Delete          WaitForFirstConsumer   true                   75d
 csi-nas             everest-csi-provisioner         Delete          Immediate              true                   75d
 csi-obs             everest-csi-provisioner         Delete          Immediate              false                  75d
-# kubectl apply -f namespaces.yaml
-Error from server (Forbidden): namespaces is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot create resource "namespaces" in API group "" at the cluster scope
                                        
+...
                                        
+
                                        If the namespace cannot be created, the permission configuration is effective.
                                        
+
                                        kubectl create namespace my-namespace
                                        
+
                                        Command output:
                                        
+
                                        Error from server (Forbidden): namespaces is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot create resource "namespaces" in API group "" at the cluster scope
                                        -

                                        Example: Assigning Namespace Developer Permissions (edit)

                                        The edit role has the read and write permissions on most namespace resources. You can grant the edit permission on all namespaces to a user or user group.

                                        +

                                        Example: Assigning Namespace Developer Permissions (edit)

                                        The edit role has the read and write permissions on most namespace resources. You can assign this role to a user or user group for specific namespaces.

                                        In the following example kubectl output, a RoleBinding has been created, the edit role is bound to the user group cce-role-group, and the target namespace is the default namespace.

                                        -
                                        # kubectl get rolebinding
-NAME                                                      ROLE                AGE
-clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7   ClusterRole/admin   18s
-# kubectl get rolebinding clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7 -oyaml
-apiVersion: rbac.authorization.k8s.io/v1
+
                                        kubectl get rolebinding
                                        
+
                                        Command output:
                                        
+
                                        NAME                                                      ROLE                AGE
+clusterrole_edit_group0c96fad22880f32a3f84c009862af6f7   ClusterRole/edit    18s
                                        
+
                                        Run the following command to view the ClusterRoleBinding details:
                                        
+
                                        kubectl get clusterrolebinding clusterrole_edit_group0c96fad22880f32a3f84c009862af6f7 -oyaml
                                        
+
                                        Command output:
                                        
+
                                        apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   annotations:
     CCE.com/IAM: "true"
   creationTimestamp: "2021-06-24T01:30:08Z"
-  name: clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7
+  name: clusterrole_edit_group0c96fad22880f32a3f84c009862af6f7
   namespace: default
   resourceVersion: "36963685"
-  selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/default/rolebindings/clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7
   uid: 6c6f46a6-8584-47da-83f5-9eef1f7b75d6
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -205,24 +214,31 @@ subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: Group
   name: 0c96fad22880f32a3f84c009862af6f7
                                        
-
                                        Connect to the cluster as an authorized user. In this example, you can create and obtain resources in the default namespace, but cannot query resources in the kube-system namespace or cluster resources.
                                        
-
                                        # kubectl get pod
-NAME                    READY   STATUS    RESTARTS   AGE
+
                                        Access the cluster as an authorized user. Then, you can obtain and create resources in the default namespace.
                                        
+
                                        kubectl get pod
                                        
+
                                        Command output:
                                        
+
                                        NAME                    READY   STATUS    RESTARTS   AGE
 test-568d96f4f8-brdrp   1/1     Running   0          33m
-test-568d96f4f8-cgjqp   1/1     Running   0          33m
-# kubectl get pod -nkube-system
-Error from server (Forbidden): pods is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "pods" in API group "" in the namespace "kube-system"
-# kubectl get pv
-Error from server (Forbidden): persistentvolumes is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "persistentvolumes" in API group "" at the cluster scope
                                        
+test-568d96f4f8-cgjqp   1/1     Running   0          33m
                                        
+
                                        However, you do not have permission to access resources in the kube-system namespace.
                                        
+
                                        kubectl get pod -n kube-system
                                        
+
                                        Command output:
                                        
+
                                        Error from server (Forbidden): pods is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "pods" in API group "" in the namespace "kube-system"
                                        
+
                                        You do not have permission to access cluster-level resources, such as PVs.
                                        
+
                                        kubectl get pv
                                        
+
                                        Command output:
                                        
+
                                        Error from server (Forbidden): persistentvolumes is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "persistentvolumes" in API group "" at the cluster scope

                                        Example: Assigning Read-Only Namespace Permissions (view)

                                        The view role has the read-only permissions on a namespace. You can assign permissions to users to view one or multiple namespaces.

                                        In the following example kubectl output, a RoleBinding has been created, the view role is bound to the user group cce-role-group, and the target namespace is the default namespace.

                                        -
                                        # kubectl get rolebinding
-NAME                                                     ROLE               AGE
-clusterrole_view_group0c96fad22880f32a3f84c009862af6f7   ClusterRole/view   7s
-
-# kubectl get rolebinding clusterrole_view_group0c96fad22880f32a3f84c009862af6f7 -oyaml
-apiVersion: rbac.authorization.k8s.io/v1
+
                                        kubectl get rolebinding
                                        
+
                                        Command output:
                                        
+
                                        NAME                                                     ROLE               AGE
+clusterrole_view_group0c96fad22880f32a3f84c009862af6f7   ClusterRole/view   7s
                                        
+
                                        Run the following command to view the ClusterRoleBinding details:
                                        
+
                                        kubectl get rolebinding clusterrole_view_group0c96fad22880f32a3f84c009862af6f7 -oyaml
                                        
+
                                        Command output:
                                        
+
                                        apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   annotations:
@@ -241,13 +257,18 @@ subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: Group
   name: 0c96fad22880f32a3f84c009862af6f7
                                        
-
                                        Connect to the cluster as an authorized user. In this example, you can query resources in the default namespace but cannot create resources.
                                        
-
                                        # kubectl get pod
-NAME                    READY   STATUS    RESTARTS   AGE
+
                                        Access the cluster as an authorized user. Then, you can obtain resources in the default namespace.
                                        
+
                                        kubectl get pod
                                        
+
                                        Command output:
                                        
+
                                        NAME                    READY   STATUS    RESTARTS   AGE
 test-568d96f4f8-brdrp   1/1     Running   0          40m
 test-568d96f4f8-cgjqp   1/1     Running   0          40m
 # kubectl run -i --tty --image tutum/dnsutils dnsutils --restart=Never --rm /bin/sh
 Error from server (Forbidden): pods is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot create resource "pods" in API group "" in the namespace "default"
                                        
+
                                        Failed to create the resource.
                                        
+
                                        kubectl run -i --tty --image tutum/dnsutils dnsutils --restart=Never --rm /bin/sh
                                        
+
                                        Command output:
                                        
+
                                        Error from server (Forbidden): pods is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot create resource "pods" in API group "" in the namespace "default"

                                        Example: Assigning Permissions for a Specific Kubernetes Resource Object

                                        You can assign permissions on a specific Kubernetes resource object, such as pod, Deployment, and Service. For details, see Using kubectl to Configure Namespace Permissions.

                                        diff --git a/docs/cce/umn/cce_10_0190.html b/docs/cce/umn/cce_10_0190.html index 24053dc78..0c7be4f3b 100644 --- a/docs/cce/umn/cce_10_0190.html +++ b/docs/cce/umn/cce_10_0190.html @@ -6,7 +6,7 @@

                                        Dependency Policy Configuration

                                        To grant an IAM user the permissions to view or use resources of other cloud services on the CCE console, you must first grant the CCE Administrator, CCE FullAccess, or CCE ReadOnlyAccess policy to the user group to which the user belongs and then grant the dependency policies listed in Table 1 to the user. These dependency policies will allow the IAM user to access resources of other cloud services.

                                        CCE supports fine-grained permissions configuration, but has the following restrictions:

                                        -
                                        • AOM does not support resource-level monitoring. After operation permissions on specific resources are configured using IAM's fine-grained cluster resource management function, IAM users can view cluster monitoring information on the Dashboard page of the CCE console, but cannot view the data on non-fine-grained metrics.
                                        +
                                        • AOM does not support resource-level monitoring. After operation permissions on specific resources are configured using IAM's fine-grained cluster resource management function, IAM users can view cluster monitoring information on the Overview page of the CCE console, but cannot view the data on non-fine-grained metrics.
                                        - - - - - - - - - -
                                        Table 1 Dependency policies

                                        Console Function

                                        @@ -17,11 +17,11 @@

                                        Cluster overview

                                        +

                                        Overview

                                        Application Operations Management (AOM)

                                        • An IAM user with the CCE Administrator permission assigned can use this function only after the AOM FullAccess permission is assigned.
                                        • IAM users with IAM ReadOnlyAccess, CCE FullAccess, or CCE ReadOnlyAccess assigned can directly use this function.
                                        +
                                        • An IAM user with the CCE Administrator permission assigned can access the data in Overview only after the AOM FullAccess permission is assigned.
                                        • IAM users with IAM ReadOnlyAccess, CCE FullAccess, or CCE ReadOnlyAccess assigned can directly access the data in Overview.

                                        Workload management

                                        @@ -76,44 +76,44 @@

                                        Namespace management

                                        /

                                        +

                                        N/A

                                        /

                                        +

                                        N/A

                                        Chart management

                                        /

                                        +

                                        N/A

                                        Cloud accounts and the IAM users with CCE Administrator assigned can use this function.

                                        Add-ons

                                        /

                                        +

                                        N/A

                                        Cloud accounts and the IAM users with CCE Administrator, CCE FullAccess, or CCE ReadOnlyAccess assigned can use this function.

                                        Permissions management

                                        /

                                        +

                                        N/A
                                        • For cloud accounts, no additional policy/role is required.
                                        • IAM users with the CCE Administrator or global Security Administrator permission assigned can use this function.
                                        • IAM users with the CCE FullAccess or CCE ReadOnlyAccess permission can use this function. In addition, the IAM users must have the administrator permissions (cluster-admin) on the namespace.

                                        ConfigMaps and Secrets

                                        /

                                        +

                                        N/A
                                        • Creating ConfigMaps does not require any additional policy.
                                        • Viewing secrets requires that the cluster-admin, admin, or edit permission be configured for the namespace. The DEW KeypairFullAccess or DEW KeypairReadOnlyAccess policy must be assigned for dependent services.

                                        Help center

                                        /

                                        +

                                        N/A

                                        /

                                        +

                                        N/A

                                        Switching to other related services

                                        diff --git a/docs/cce/umn/cce_10_0191.html b/docs/cce/umn/cce_10_0191.html index 885e59f96..7c447c096 100644 --- a/docs/cce/umn/cce_10_0191.html +++ b/docs/cce/umn/cce_10_0191.html @@ -6,7 +6,7 @@

                                        The relationship between Helm and Kubernetes is as follows:

                                        • Helm <–> Kubernetes
                                        • Apt <–> Ubuntu
                                        • Yum <–> CentOS
                                        • Pip <–> Python

                                        The following figure shows the solution architecture:

                                        -

                                        +

                                        Helm can help application orchestration for Kubernetes:

                                        • Manages, edits, and updates a large number of Kubernetes configuration files.
                                        • Deploys a complex Kubernetes application that contains a large number of configuration files.
                                        • Shares and reuses Kubernetes configurations and applications.
                                        • Supports multiple environments with parameter-based configuration templates.
                                        • Manages the release of applications, including rolling back the application, finding differences (using the diff command), and viewing the release history.
                                        • Controls phases in a deployment cycle.
                                        • Tests and verifies the released version.
                                        diff --git a/docs/cce/umn/cce_10_0193.html b/docs/cce/umn/cce_10_0193.html index 722d7ec2c..4ad835b5a 100644 --- a/docs/cce/umn/cce_10_0193.html +++ b/docs/cce/umn/cce_10_0193.html @@ -10,143 +10,194 @@

                                        When using Volcano as a scheduler, use it to schedule all workloads in the cluster. This prevents resource scheduling conflicts caused by simultaneous working of multiple schedulers.

                                        -

                                        Installing the Add-on

                                        1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate Volcano Scheduler on the right, and click Install.
                                        2. On the Install Add-on page, configure the specifications as needed.

                                          • If you selected Preset, the system will configure the number of pods and resource quotas for the add-on based on the preset specifications. You can see the configurations on the console.
                                          • If you selected Custom, you can adjust the number of pods and resource quotas as needed. High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.

                                            The resource quotas of the volcano-admission component are irrelevant to the number of cluster nodes and pods. You can retain the default value. The resource quotas of volcano-controller and volcano-scheduler are related to the number of cluster nodes and pods. The recommended values are as follows:

                                            +

                                            Notes and Constraints

                                            If the Volcano Scheduler add-on is upgraded from 1.4.7 or earlier to a version later than 1.4.7, the webhooks.admissionReviewVersions field information in the new version may be incompatible with that in the old version. As a result, VolcanoJob (vcjob) resources cannot be created.

                                            +
                                            +

                                            Installing the Add-on

                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate Volcano Scheduler on the right, and click Install.
                                            2. On the Install Add-on page, configure the specifications as needed.

                                              • If you selected Preset, the system will configure the number of pods and resource quotas for the add-on based on the preset specifications. You can see the configurations on the console.
                                              • If you selected Custom, you can adjust the number of pods and resource quotas as needed. High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.

                                                The resource quotas of the volcano-admission component are related to the cluster scale. For details, see Table 1. The resource quotas of volcano-controller and volcano-scheduler are related to the number of cluster nodes and pods. The recommended values are as follows:

                                                • If the number of nodes is less than 100, retain the default configuration. The requested vCPUs are 500m, and the limit is 2000m. The requested memory is 500 MiB, and the limit is 2000 MiB.
                                                • If the number of nodes is greater than 100, increase the requested vCPUs by 500m and the requested memory by 1000 MiB each time 100 nodes (10,000 pods) are added. Increase the vCPU limit by 1500m and the memory limit by 1000 MiB.

                                                  Recommended formula for calculating the requested value:

                                                  -
                                                  • Requested vCPUs: Calculate the number of target nodes multiplied by the number of target pods, perform interpolation search based on the number of nodes in the cluster multiplied by the number of target pods in Table 1, and round up the request value and limit value that are closest to the specifications.

                                                    For example, for 2000 nodes and 20,000 pods, Number of target nodes x Number of target pods = 40 million, which is close to the specification of 700/70,000 (Number of cluster nodes x Number of pods = 49 million). According to the following table, set the requested vCPUs to 4000m and the limit value to 5500m.

                                                    -
                                                  • Requested memory: It is recommended that 2.4 GiB memory be allocated to every 1000 nodes and 1 GiB memory be allocated to every 10,000 pods. The requested memory is the sum of these two values. (The obtained value may be different from the recommended value in Table 1. You can use either of them.)

                                                    Requested memory = Number of target nodes/1000 x 2.4 GiB + Number of target pods/10,000 x 1 GiB

                                                    -

                                                    For example, for 2000 nodes and 20,000 pods, the requested memory is 6.8 GiB (2000/1000 x 2.4 GiB + 20,000/10,000 x 1 GiB).

                                                    +
                                                    • Requested vCPUs: Calculate the number of target nodes multiplied by the number of target pods, perform interpolation search based on the number of nodes in the cluster multiplied by the number of target pods in Table 2, and round up the request value and limit value that are closest to the specifications.

                                                      For example, for 2000 nodes and 20,000 pods, Number of target nodes x Number of target pods = 40 million, which is close to the specification of 700/70,000 (Number of cluster nodes x Number of pods = 49 million). According to the following table, set the requested vCPUs to 4000m and the limit value to 5500m.

                                                      +
                                                    • Requested memory: It is recommended that 2.4 GiB memory be allocated to every 1000 nodes and 1 GiB memory be allocated to every 10,000 pods. The requested memory is the sum of these two values. (The obtained value may be different from the recommended value in Table 2. You can use either of them.)

                                                      Requested memory = Number of target nodes/1000 × 2.4 GiB + Number of target pods/10,000 × 1 GiB

                                                      +

                                                      For example, for 2000 nodes and 20,000 pods, the requested memory is 6.8 GiB (2000/1000 × 2.4 GiB + 20,000/10,000 × 1 GiB).

                                                -
                                                Table 1 Recommended requested resources and resource limits for volcano-controller and volcano-scheduler

                                                Nodes/Pods in a Cluster

                                                +
                                                - - - - - - - - - - - - - - - - - - - - +
                                                Table 1 Recommended requested resources and resource limits for volcano-admission

                                                Cluster Scale

                                                CPU Request (m)

                                                +

                                                CPU Request(m)

                                                CPU Limit (m)

                                                +

                                                vCPU Limit (m)

                                                Memory Request (MiB)

                                                +

                                                Requested Memory (MiB)

                                                Memory Limit (MiB)

                                                +

                                                Memory Limit (MiB)

                                                50/5000

                                                +

                                                50 nodes

                                                500

                                                +

                                                200

                                                2000

                                                +

                                                500

                                                500

                                                +

                                                500

                                                2000

                                                +

                                                500

                                                100/10000

                                                +

                                                200 nodes

                                                1000

                                                +

                                                500

                                                2500

                                                +

                                                1000

                                                1500

                                                +

                                                1000

                                                2500

                                                +

                                                2000

                                                200/20000

                                                +

                                                1000 or more nodes

                                                1500

                                                +

                                                1500

                                                3000

                                                +

                                                2500

                                                2500

                                                +

                                                3000

                                                3500

                                                +

                                                4000

                                                300/30000

                                                +
                                                +
                                                + +
                                                + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + +
                                                Table 2 Recommended requested resources and resource limits for volcano-controller and volcano-scheduler

                                                Nodes/Pods in a Cluster

                                                +

                                                CPU Request (m)

                                                +

                                                CPU Limit (m)

                                                +

                                                Memory Request (MiB)

                                                +

                                                Memory Limit (MiB)

                                                +

                                                50/5000

                                                2000

                                                +

                                                500

                                                3500

                                                +

                                                2000

                                                3500

                                                +

                                                500

                                                4500

                                                +

                                                2000

                                                400/40000

                                                +

                                                100/10000

                                                2500

                                                +

                                                1000

                                                4000

                                                +

                                                2500

                                                4500

                                                +

                                                1500

                                                5500

                                                +

                                                2500

                                                500/50000

                                                +

                                                200/20000

                                                3000

                                                +

                                                1500

                                                4500

                                                +

                                                3000

                                                5500

                                                +

                                                2500

                                                6500

                                                +

                                                3500

                                                600/60000

                                                +

                                                300/30000

                                                3500

                                                +

                                                2000

                                                5000

                                                +

                                                3500

                                                6500

                                                +

                                                3500

                                                7500

                                                +

                                                4500

                                                700/70000

                                                +

                                                400/40000

                                                4000

                                                +

                                                2500

                                                5500

                                                +

                                                4000

                                                7500

                                                +

                                                4500

                                                8500

                                                +

                                                5500

                                                +

                                                500/50000

                                                +

                                                3000

                                                +

                                                4500

                                                +

                                                5500

                                                +

                                                6500

                                                +

                                                600/60000

                                                +

                                                3500

                                                +

                                                5000

                                                +

                                                6500

                                                +

                                                7500

                                                +

                                                700/70000

                                                +

                                                4000

                                                +

                                                5500

                                                +

                                                7500

                                                +

                                                8500
                                                -

                                              • Configure the extended functions supported by the add-on.

                                                • Descheduling: After this function is enabled, the volcano-descheduler component is automatically deployed. The scheduler will evict and reschedule pods that do not meet your policy configuration requirements. This helps to balance cluster load and reduce resource fragmentation. For details, see Descheduling.
                                                • Hybrid Service Deployment: After this function is enabled, the volcano-agent component is automatically deployed in the node pool with the hybrid deployment capability enabled, which improves resource utilization by ensuring node QoS, enabling CPU bursts, and allowing for dynamic resource oversubscription. This helps to reduce resource usage costs.
                                                • NUMA Topology Scheduling: After this function is enabled, the resource-exporter component is automatically deployed. The scheduler will schedule pods in NUMA affinity mode, which enhances the performance of high-performance training jobs. For details, see NUMA Affinity Scheduling.
                                                -

                                              • Configure deployment policies for the add-on pods.

                                                • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                                • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                                +

                                              • Configure the extended functions supported by the add-on.

                                                • Descheduling: After this function is enabled, the volcano-descheduler component is automatically deployed. The scheduler will evict and reschedule pods that do not meet your policy configuration requirements. This helps to balance cluster load and reduce resource fragmentation. For details, see Descheduling.
                                                • NUMA Topology Scheduling: After this function is enabled, the resource-exporter component is automatically deployed. The scheduler will schedule pods in NUMA affinity mode, which enhances the performance of high-performance training jobs. For details, see NUMA Affinity Scheduling.
                                                +

                                              • Configure deployment policies for the add-on pods.

                                                • Scheduling policies do not take effect on add-on pods of the DaemonSet type.
                                                • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                                -
                                                Table 2 Configurations for add-on scheduling

                                                Parameter

                                                +
                                                - - - - - - - @@ -154,134 +205,233 @@
                                                Table 3 Configurations for add-on scheduling

                                                Parameter

                                                Description

                                                +

                                                Description

                                                Multi-AZ Deployment

                                                +

                                                Multi-AZ Deployment

                                                • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                                • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                                                +
                                                • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                                • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.

                                                Node Affinity

                                                +

                                                Node Affinity

                                                • Not configured: Node affinity is disabled for the add-on.
                                                • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.

                                                  If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.

                                                  +
                                                • Not configured: Node affinity is disabled for the add-on.
                                                • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pools, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.

                                                  If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.

                                                Toleration

                                                +

                                                Toleration

                                                Using both taints and tolerations allows (not forcibly) the add-on Deployment to be scheduled to a node with the matching taints, and controls the Deployment eviction policies after the node where the Deployment is located is tainted.

                                                +

                                                Using both taints and tolerations allows (not forcibly) the add-on Deployment to be scheduled to a node with the matching taints, and controls the Deployment eviction policies after the node where the Deployment is located is tainted.

                                                The add-on adds the default tolerance policy for the node.kubernetes.io/not-ready and node.kubernetes.io/unreachable taints, respectively. The tolerance time window is 60s.

                                                For details, see Configuring Tolerance Policies.
                                                -

                                              • Click Install.

                                                After the add-on is installed, you can choose Settings in the navigation pane, switch to the Scheduling tab, select Volcano scheduler, and find the corresponding expert mode. You can customize advanced scheduling policies based on actual service scenarios. The following is an example:
                                                colocation_enable: ''
+
                                              • Click Install.

                                                After the add-on is installed, you can choose Settings in the navigation pane, switch to the Scheduling tab, select Volcano scheduler, and find the corresponding expert mode. You can customize advanced scheduling policies based on actual service scenarios. The following is an example:
                                                admission_kube_api_qps: 200
+admissions: /jobs/mutate,/jobs/validate,/podgroups/mutate,/pods/validate,/pods/mutate,/queues/mutate,/queues/validate,/eas/pods/mutate,/eas/pods/validate,/npu/jobs/validate,/resource/validate,/resource/mutate,/workloadbalancer/balancer/validate,/workloadbalancer/balancerpolicytemplate/validate
+annotations: {}
+colocation_enable: 'false'
+controller_kube_api_qps: 200
 default_scheduler_conf:
-  actions: 'allocate, backfill, preempt'
+  actions: allocate, backfill, preempt
+  metrics:
+    interval: 30s
+    type: ''
   tiers:
     - plugins:
-        - name: 'priority'
-        - name: 'gang'
-        - name: 'conformance'
-        - name: 'lifecycle'
-          arguments:
-            lifecycle.MaxGrade: 10
-            lifecycle.MaxScore: 200.0
-            lifecycle.SaturatedTresh: 1.0
-            lifecycle.WindowSize: 10
+        - name: priority
+        - enableJobStarving: false
+          enablePreemptable: false
+          name: gang
+        - name: conformance
     - plugins:
-        - name: 'drf'
-        - name: 'predicates'
-        - name: 'nodeorder'
+        - enablePreemptable: false
+          name: drf
+        - name: predicates
+        - name: nodeorder
     - plugins:
-        - name: 'cce-gpu-topology-predicate'
-        - name: 'cce-gpu-topology-priority'
-        - name: 'cce-gpu'
+        - name: cce-gpu-topology-predicate
+        - name: cce-gpu-topology-priority
+        - name: xgpu
     - plugins:
-        - name: 'nodelocalvolume'
-        - name: 'nodeemptydirvolume'
-        - name: 'nodeCSIscheduling'
-        - name: 'networkresource'
-tolerations:
-  - effect: NoExecute
-    key: node.kubernetes.io/not-ready
-    operator: Exists
-    tolerationSeconds: 60
-  - effect: NoExecute
-    key: node.kubernetes.io/unreachable
-    operator: Exists
-    tolerationSeconds: 60
                                                + - name: nodelocalvolume + - name: nodeemptydirvolume + - name: nodeCSIscheduling + - name: networkresource +deschedulerPolicy: + profiles: + - name: ProfileName + pluginConfig: + - args: + nodeFit: true + name: DefaultEvictor + - args: + evictableNamespaces: + exclude: + - kube-system + thresholds: + cpu: 20 + memory: 20 + name: HighNodeUtilization + - args: + evictableNamespaces: + exclude: + - kube-system + metrics: + type: prometheus_adaptor + nodeFit: true + targetThresholds: + cpu: 80 + memory: 85 + thresholds: + cpu: 30 + memory: 30 + name: LoadAware + plugins: + balance: + enabled: null +descheduler_enable: 'false' +deschedulingInterval: 10m +enable_workload_balancer: false +oversubscription_method: nodeResource +oversubscription_profile_period: 300 +oversubscription_ratio: 60 +recommendation_enable: '' +scheduler_kube_api_qps: 200 +update_pod_status_qps: 50 +workload_balancer_score_annotation_key: '' +workload_balancer_third_party_types: '' -
                                                Table 3 Advanced Volcano configuration parameters

                                                Plugin

                                                +
                                                - - - - - - - - - - - - - - - + + + + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + +
                                                Table 4 Advanced Volcano configuration parameters

                                                Function

                                                Function

                                                +

                                                Parameter

                                                Description

                                                +

                                                Function

                                                Demonstration

                                                +

                                                Description

                                                colocation_enable

                                                +

                                                Basic scheduling functions

                                                +

                                                +

                                                +

                                                Whether to enable hybrid deployment.

                                                +

                                                admission_kube_api_qps

                                                Value:

                                                -
                                                • true: hybrid enabled
                                                • false: hybrid disabled
                                                +

                                                QPS of requests sent by volcano-admission to Kubernetes API server

                                                None

                                                +

                                                Value range: greater than 0; parameter type: float

                                                default_scheduler_conf

                                                +

                                                controller_kube_api_qps

                                                Used to schedule pods. It consists of a series of actions and plugins and features high scalability. You can specify and implement actions and plugins based on your requirements.

                                                +

                                                QPS of requests sent by volcano-controller to Kubernetes API server

                                                It consists of actions and tiers.

                                                -
                                                • actions: defines the types and sequence of actions to be executed by the scheduler.
                                                • tiers: configures the plugin list.
                                                -

                                                None

                                                +

                                                Value range: greater than 0; parameter type: float

                                                actions

                                                +

                                                scheduler_kube_api_qps

                                                Actions to be executed in each scheduling phase. The configured action sequence is the scheduler execution sequence. For details, see Actions.

                                                -

                                                The scheduler traverses all jobs to be scheduled and performs actions such as enqueue, allocate, preempt, and backfill in the configured sequence to find the most appropriate node for each job.

                                                +

                                                QPS of requests sent by volcano-scheduler to Kubernetes API server

                                                The following options are supported:

                                                -
                                                • enqueue: uses a series of filtering algorithms to filter out tasks to be scheduled and sends them to the queue to wait for scheduling. After this action, the task status changes from pending to inqueue.
                                                • allocate: selects the most suitable node based on a series of pre-selection and selection algorithms.
                                                • preempt: performs preemption scheduling for tasks with higher priorities in the same queue based on priority rules.
                                                • backfill: schedules pending tasks as much as possible to maximize the utilization of node resources.
                                                +

                                                Value range: greater than 0; parameter type: float

                                                actions: 'allocate, backfill, preempt'
                                                -
                                                NOTE:

                                                When configuring actions, use either preempt or enqueue.

                                                +

                                                update_pod_status_qps

                                                +

                                                QPS of the requests for updating the pod status by volcano-scheduler

                                                +

                                                Value range: greater than 0; parameter type: int

                                                +

                                                default_scheduler_conf

                                                +

                                                Used to schedule pods. It consists of a series of actions and plugins and features high scalability. You can specify and implement actions and plugins based on your requirements.

                                                +

                                                It consists of:

                                                +
                                                • actions: defines the types and sequence of actions to be executed by the scheduler.
                                                • tiers: configures the plugin list.
                                                +

                                                default_scheduler_conf.actions

                                                +

                                                Actions to be executed in each scheduling phase. The configured action sequence is the scheduler execution sequence. For details, see Actions.

                                                +

                                                The scheduler traverses all jobs to be scheduled and performs actions such as enqueue, allocate, preempt, and backfill in the configured sequence to find the most appropriate node for each job.

                                                +

                                                The following options are supported:

                                                +
                                                • enqueue: uses a series of filtering algorithms to filter out tasks to be scheduled and sends them to the queue to wait for scheduling. After this action, the task status changes from pending to inqueue.
                                                • allocate: selects the most suitable node based on a series of pre-selection and selection algorithms.
                                                • preempt: performs preemption scheduling for tasks with higher priorities in the same queue based on priority rules.
                                                • backfill: schedules tasks in the pending state as much as possible to maximize node resource utilization.
                                                +

                                                Example:

                                                +
                                                actions: 'allocate, backfill, preempt'
                                                +
                                                NOTE:

                                                When configuring actions, use either preempt or enqueue.

                                                plugins

                                                +

                                                default_scheduler_conf.tier.plugin

                                                Implementation details of algorithms in actions based on different scenarios. For details, see Plugins.

                                                +

                                                Implementation details of algorithms in actions based on different scenarios. For details, see Plugins.

                                                For details, see Table 4.

                                                -

                                                None

                                                +

                                                For details, see Table 5.

                                                tolerations

                                                +

                                                +

                                                Descheduling

                                                Tolerance of the add-on to node taints.

                                                +

                                                descheduler_enable

                                                By default, the add-on can run on nodes with the node.kubernetes.io/not-ready or node.kubernetes.io/unreachable taint and the taint effect value is NoExecute, but it'll be evicted in 60 seconds.

                                                +

                                                Used to enable descheduling.

                                                tolerations:
-  - effect: NoExecute
-    key: node.kubernetes.io/not-ready
-    operator: Exists
-    tolerationSeconds: 60
-  - effect: NoExecute
-    key: node.kubernetes.io/unreachable
-    operator: Exists
-    tolerationSeconds: 60
                                                +

                                                This function is disabled by default. Options:

                                                +
                                                • true: The function is enabled.
                                                • false or empty: The function is disabled.
                                                +

                                                deschedulerPolicy

                                                +

                                                Descheduling policy

                                                +

                                                For details about the parameters, see Table 2.

                                                +

                                                deschedulingInterval

                                                +

                                                Descheduling period

                                                +

                                                Value range: > 0s; parameter type: time

                                                +

                                                Cloud native hybrid deployment

                                                +

                                                colocation_enable

                                                +

                                                Used to enable cloud native hybrid deployment.

                                                +

                                                This function is disabled by default. Options:

                                                +
                                                • true: The function is enabled.
                                                • false or empty: The function is disabled.
                                                +

                                                oversubscription_method

                                                +

                                                Method for calculating the oversubscription

                                                +

                                                nodeResource and podProfile are supported. The default value is nodeResource.

                                                +
                                                • nodeResource: calculates the oversubscription based on the node resource usage.
                                                • podProfile: calculates the oversubscription based on pod profiling.
                                                +

                                                oversubscription_ratio

                                                +

                                                Percentage of idle resource oversubscription of a node

                                                +

                                                Value range: 1 to 100; parameter type: int

                                                +

                                                For example, 60 indicates that the maximum oversubscription resources on a node is calculated based on 60% × Idle resources on the node.

                                                +

                                                oversubscription_profile_period

                                                +

                                                Period of pod profiling

                                                +

                                                Value range: 60 to 2592000, in seconds, that is, from 1 minute to 1 month. If a pod's metrics are not collected for the entire period, the node's resources will be evaluated according to the resources requested by the pod.

                                                +

                                                When the oversubscription algorithm based on pod profiling is enabled for the first time, the amount of collected data may not be sufficient to cover the entire period. In this case, the oversubscription on the node is temporarily 0 due to lack of initialization data. After the data of the first period is collected, the oversubscription is updated to the actual value.
                                                -
                                                Table 4 Supported plugins

                                                Plugin

                                                +
                                                - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                                Table 5 Supported plugins

                                                Plugins

                                                Function

                                                +

                                                Function

                                                Description

                                                +

                                                Description

                                                Demonstration

                                                +

                                                Demonstration

                                                binpack

                                                +

                                                binpack

                                                Schedule pods to nodes with high resource usage (not allocating pods to light-loaded nodes) to reduce resource fragments.

                                                +

                                                Schedule pods to nodes with high resource usage (not allocating pods to light-loaded nodes) to reduce resource fragments.

                                                arguments:

                                                -
                                                • binpack.weight: weight of the binpack plugin.
                                                • binpack.cpu: ratio of CPUs to all resources. The parameter value defaults to 1.
                                                • binpack.memory: ratio of memory resources to all resources. The parameter value defaults to 1.
                                                • binpack.resources: other custom resource types requested by the pod, for example, nvidia.com/gpu. Multiple types can be configured and be separated by commas (,).
                                                • binpack.resources.<your_resource>: weight of your custom resource in all resources. Multiple types of resources can be added. <your_resource> indicates the resource type defined in binpack.resources, for example, binpack.resources.nvidia.com/gpu.
                                                +

                                                arguments:

                                                +
                                                • binpack.weight: weight of the binpack plugin.
                                                • binpack.cpu: ratio of CPUs to all resources. The parameter value defaults to 1.
                                                • binpack.memory: ratio of memory resources to all resources. The parameter value defaults to 1.
                                                • binpack.resources: other custom resource types requested by the pod, for example, nvidia.com/gpu. Multiple types can be configured and be separated by commas (,).
                                                • binpack.resources.<your_resource>: weight of your custom resource in all resources. Multiple types of resources can be added. <your_resource> indicates the resource type defined in binpack.resources, for example, binpack.resources.nvidia.com/gpu.
                                                - plugins:
+
                                                - plugins:
   - name: binpack
     arguments:
       binpack.weight: 10
@@ -292,33 +442,33 @@ tolerations:
       binpack.resources.example.com/foo: 3

                                                conformance

                                                +

                                                conformance

                                                Prevent key pods, such as the pods in the kube-system namespace from being preempted.

                                                +

                                                Prevent key pods, such as the pods in the kube-system namespace from being preempted.

                                                None

                                                +

                                                None

                                                - plugins:
+
                                                - plugins:
   - name: 'priority'
   - name: 'gang'
     enablePreemptable: false
   - name: 'conformance'

                                                lifecycle

                                                +

                                                lifecycle

                                                By collecting statistics on service scaling rules, pods with similar lifecycles are preferentially scheduled to the same node. With the horizontal scaling capability of the Autoscaler, resources can be quickly scaled in and released, reducing costs and improving resource utilization.

                                                +

                                                By collecting statistics on service scaling rules, pods with similar lifecycles are preferentially scheduled to the same node. With the horizontal scaling capability of the Autoscaler, resources can be quickly scaled in and released, reducing costs and improving resource utilization.

                                                1. Collects statistics on the lifecycle of pods in the service load and schedules pods with similar lifecycles to the same node.

                                                2. For a cluster configured with an automatic scaling policy, adjust the scale-in annotation of the node to preferentially scale in the node with low usage.

                                                arguments:
                                                • lifecycle.WindowSize: The value is an integer greater than or equal to 1 and defaults to 10.

                                                  Record the number of times that the number of replicas changes. If the load changes regularly and periodically, decrease the value. If the load changes irregularly and the number of replicas changes frequently, increase the value. If the value is too large, the learning period is prolonged and too many events are recorded.

                                                  -
                                                • lifecycle.MaxGrade: The value is an integer greater than or equal to 3 and defaults to 3.

                                                  It indicates levels of replicas. For example, if the value is set to 3, the replicas are classified into three levels. If the load changes regularly and periodically, decrease the value. If the load changes irregularly, increase the value. Setting an excessively small value may result in inaccurate lifecycle forecasts.

                                                  -
                                                • lifecycle.MaxScore: float64 floating point number. The value must be greater than or equal to 50.0. The default value is 200.0.

                                                  Maximum score (equivalent to the weight) of the lifecycle plugin.

                                                  -
                                                • lifecycle.SaturatedTresh: float64 floating point number. If the value is less than 0.5, use 0.5. If the value is greater than 1, use 1. The default value is 0.8.

                                                  Threshold for determining whether the node usage is too high. If the node usage exceeds the threshold, the scheduler preferentially schedules jobs to other nodes.

                                                  +
                                                arguments:
                                                • lifecycle.WindowSize: The value is an integer greater than or equal to 1 and defaults to 10.

                                                  Record the number of times that the number of replicas changes. If the load changes regularly and periodically, decrease the value. If the load changes irregularly and the number of replicas changes frequently, increase the value. If the value is too large, the learning period is prolonged and too many events are recorded.

                                                  +
                                                • lifecycle.MaxGrade: The value is an integer greater than or equal to 3 and defaults to 3.

                                                  It indicates levels of replicas. For example, if the value is set to 3, the replicas are classified into three levels. If the load changes regularly and periodically, decrease the value. If the load changes irregularly, increase the value. Setting an excessively small value may result in inaccurate lifecycle forecasts.

                                                  +
                                                • lifecycle.MaxScore: float64 floating point number. The value must be greater than or equal to 50.0. The default value is 200.0.

                                                  Maximum score (equivalent to the weight) of the lifecycle plugin.

                                                  +
                                                • lifecycle.SaturatedTresh: float64 floating point number. If the value is less than 0.5, use 0.5. If the value is greater than 1, use 1. The default value is 0.8.

                                                  Threshold for determining whether the node usage is too high. If the node usage exceeds the threshold, the scheduler preferentially schedules jobs to other nodes.

                                                - plugins:
+
                                                - plugins:
   - name: priority
   - name: gang
     enablePreemptable: false
@@ -329,23 +479,23 @@ tolerations:
       lifecycle.MaxScore: 200.0
       lifecycle.SaturatedTresh: 0.8
       lifecycle.WindowSize: 10
                                                -
                                                NOTE:
                                                • For nodes that do not want to be scaled in, manually mark them as long-period nodes and add the annotation volcano.sh/long-lifecycle-node: true to them. For an unmarked node, the lifecycle plugin automatically marks the node based on the lifecycle of the load on the node.
                                                • The default value of MaxScore is 200.0, which is twice the weight of other plugins. When the lifecycle plugin does not have obvious effect or conflicts with other plugins, disable other plugins or increase the value of MaxScore.
                                                • After the scheduler is restarted, the lifecycle plugin needs to re-record the load change. The optimal scheduling effect can be achieved only after several periods of statistics are collected.
                                                +
                                                NOTE:
                                                • For nodes that do not want to be scaled in, manually mark them as long-period nodes and add the annotation volcano.sh/long-lifecycle-node: true to them. For an unmarked node, the lifecycle plugin automatically marks the node based on the lifecycle of the load on the node.
                                                • The default value of MaxScore is 200.0, which is twice the weight of other plugins. When the lifecycle plugin does not have obvious effect or conflicts with other plugins, disable other plugins or increase the value of MaxScore.
                                                • After the scheduler is restarted, the lifecycle plugin needs to re-record the load change. The optimal scheduling effect can be achieved only after several periods of statistics are collected.

                                                Gang

                                                +

                                                Gang

                                                Consider a group of pods as a whole for resource allocation. This plugin checks whether the number of scheduled pods in a job meets the minimum requirements for running the job. If yes, all pods in the job will be scheduled. If no, the pods will not be scheduled.

                                                +

                                                Consider a group of pods as a whole for resource allocation. This plugin checks whether the number of scheduled pods in a job meets the minimum requirements for running the job. If yes, all pods in the job will be scheduled. If no, the pods will not be scheduled.

                                                NOTE:

                                                If a gang scheduling policy is used, if the remaining resources in the cluster are greater than or equal to half of the minimum number of resources for running a job but less than the minimum of resources for running the job, Autoscaler scale-outs will not be triggered.

                                                • enablePreemptable:
                                                  • true: Preemption enabled
                                                  • false: Preemption not enabled
                                                  -
                                                • enableJobStarving:
                                                  • true: Resources are preempted based on the minAvailable setting of jobs.
                                                  • false: Resources are preempted based on job replicas.
                                                  -
                                                  NOTE:
                                                  • The default value of minAvailable for Kubernetes-native workloads (such as Deployments) is 1. It is a good practice to set enableJobStarving to false.
                                                  • In AI and big data scenarios, you can specify the minAvailable value when creating a vcjob. It is a good practice to set enableJobStarving to true.
                                                  • In Volcano versions earlier than v1.11.5, enableJobStarving is set to true by default. In Volcano versions later than v1.11.5, enableJobStarving is set to false by default.
                                                  +
                                                • enablePreemptable:
                                                  • true: Preemption enabled
                                                  • false: Preemption not enabled
                                                  +
                                                • enableJobStarving:
                                                  • true: Resources are preempted based on the minAvailable setting of jobs.
                                                  • false: Resources are preempted based on job replicas.
                                                  +
                                                  NOTE:
                                                  • The default value of minAvailable for Kubernetes-native workloads (such as Deployments) is 1. It is a good practice to set enableJobStarving to false.
                                                  • In AI and big data scenarios, you can specify the minAvailable value when creating a vcjob. It is a good practice to set enableJobStarving to true.
                                                  • In Volcano versions earlier than v1.11.5, enableJobStarving is set to true by default. In Volcano versions later than v1.11.5, enableJobStarving is set to false by default.
                                                - plugins:
+
                                                - plugins:
   - name: priority
   - name: gang
     enablePreemptable: false
@@ -353,66 +503,66 @@ tolerations:
   - name: conformance

                                                priority

                                                +

                                                priority

                                                Schedule based on custom load priorities.

                                                +

                                                Schedule based on custom load priorities.

                                                None

                                                +

                                                None

                                                - plugins:
+
                                                - plugins:
   - name: priority
   - name: gang
     enablePreemptable: false
   - name: conformance

                                                overcommit

                                                +

                                                overcommit

                                                Resources in a cluster are scheduled after being accumulated in a certain multiple to improve the workload enqueuing efficiency. If all workloads are Deployments, remove this plugin or set the raising factor to 2.0.

                                                +

                                                Resources in a cluster are scheduled after being accumulated in a certain multiple to improve the workload enqueuing efficiency. If all workloads are Deployments, remove this plugin or set the raising factor to 2.0.

                                                NOTE:

                                                This plugin is supported in Volcano 1.6.5 and later versions.

                                                arguments:

                                                -
                                                • overcommit-factor: inflation factor, which defaults to 1.2.
                                                +

                                                arguments:

                                                +
                                                • overcommit-factor: inflation factor, which defaults to 1.2.
                                                - plugins:
+
                                                - plugins:
   - name: overcommit
     arguments:
       overcommit-factor: 2.0

                                                drf

                                                +

                                                drf

                                                The Dominant Resource Fairness (DRF) scheduling algorithm, which schedules jobs based on their dominant resource share. Jobs with a smaller resource share will be scheduled with a higher priority.

                                                +

                                                The Dominant Resource Fairness (DRF) scheduling algorithm, which schedules jobs based on their dominant resource share. Jobs with a smaller resource share will be scheduled with a higher priority.

                                                None

                                                +

                                                None

                                                - plugins:
+
                                                - plugins:
   - name: 'drf'
   - name: 'predicates'
   - name: 'nodeorder'

                                                predicates

                                                +

                                                predicates

                                                Determine whether a task is bound to a node by using a series of evaluation algorithms, such as node/pod affinity, taint tolerance, node repetition, volume limits, and volume zone matching.

                                                +

                                                Determine whether a task is bound to a node by using a series of evaluation algorithms, such as node/pod affinity, taint tolerance, node repetition, volume limits, and volume zone matching.

                                                None

                                                +

                                                None

                                                - plugins:
+
                                                - plugins:
   - name: 'drf'
   - name: 'predicates'
   - name: 'nodeorder'

                                                nodeorder

                                                +

                                                nodeorder

                                                A common algorithm for selecting nodes. Nodes are scored in simulated resource allocation to find the most suitable node for the current job.

                                                +

                                                A common algorithm for selecting nodes. Nodes are scored in simulated resource allocation to find the most suitable node for the current job.

                                                Scoring parameters:

                                                -
                                                • nodeaffinity.weight: Pods are scheduled based on node affinity. This parameter defaults to 2.
                                                • podaffinity.weight: Pods are scheduled based on pod affinity. This parameter defaults to 2.
                                                • leastrequested.weight: Pods are scheduled to the node with the least requested resources. This parameter defaults to 1.
                                                • balancedresource.weight: Pods are scheduled to the node with balanced resource allocation. This parameter defaults to 1.
                                                • mostrequested.weight: Pods are scheduled to the node with the most requested resources. This parameter defaults to 0.
                                                • tainttoleration.weight: Pods are scheduled to the node with a high taint tolerance. This parameter defaults to 3.
                                                • imagelocality.weight: Pods are scheduled to the node where the required images exist. This parameter defaults to 1.
                                                • podtopologyspread.weight: Pods are scheduled based on the pod topology. This parameter defaults to 2.
                                                +

                                                Scoring parameters:

                                                +
                                                • nodeaffinity.weight: Pods are scheduled based on node affinity. This parameter defaults to 2.
                                                • podaffinity.weight: Pods are scheduled based on pod affinity. This parameter defaults to 2.
                                                • leastrequested.weight: Pods are scheduled to the node with the least requested resources. This parameter defaults to 1.
                                                • balancedresource.weight: Pods are scheduled to the node with balanced resource allocation. This parameter defaults to 1.
                                                • mostrequested.weight: Pods are scheduled to the node with the most requested resources. This parameter defaults to 0.
                                                • tainttoleration.weight: Pods are scheduled to the node with a high taint tolerance. This parameter defaults to 3.
                                                • imagelocality.weight: Pods are scheduled to the node where the required images exist. This parameter defaults to 1.
                                                • podtopologyspread.weight: Pods are scheduled based on the pod topology. This parameter defaults to 2.
                                                - plugins:
+
                                                - plugins:
   - name: nodeorder
     arguments:
       leastrequested.weight: 1
@@ -425,50 +575,50 @@ tolerations:
       podtopologyspread.weight: 2

                                                cce-gpu-topology-predicate

                                                +

                                                cce-gpu-topology-predicate

                                                GPU-topology scheduling preselection algorithm

                                                +

                                                GPU-topology scheduling preselection algorithm

                                                None

                                                +

                                                None

                                                - plugins:
+
                                                - plugins:
   - name: 'cce-gpu-topology-predicate'
   - name: 'cce-gpu-topology-priority'
-  - name: 'cce-gpu'
                                                + - name: 'xgpu'

                                                cce-gpu-topology-priority

                                                +

                                                cce-gpu-topology-priority

                                                GPU-topology scheduling priority algorithm

                                                +

                                                GPU-topology scheduling priority algorithm

                                                None

                                                +

                                                None

                                                - plugins:
+
                                                - plugins:
   - name: 'cce-gpu-topology-predicate'
   - name: 'cce-gpu-topology-priority'
-  - name: 'cce-gpu'
                                                + - name: 'xgpu'

                                                cce-gpu

                                                +

                                                cce-gpu

                                                GPU resource allocation that supports decimal GPU configurations by working with the gpu add-on.

                                                +

                                                GPU resource allocation that supports decimal GPU configurations by working with the CCE AI Suite (NVIDIA GPU) add-on.

                                                None

                                                +

                                                None

                                                - plugins:
+
                                                - plugins:
   - name: 'cce-gpu-topology-predicate'
   - name: 'cce-gpu-topology-priority'
   - name: 'cce-gpu'

                                                numa-aware

                                                +

                                                numa-aware

                                                NUMA affinity scheduling. For details, see NUMA Affinity Scheduling.

                                                +

                                                NUMA affinity scheduling. For details, see NUMA Affinity Scheduling.

                                                arguments:

                                                -
                                                • weight: weight of the numa-aware plugin
                                                +

                                                arguments:

                                                +
                                                • weight: weight of the numa-aware plugin
                                                - plugins:
+
                                                - plugins:
   - name: 'nodelocalvolume'
   - name: 'nodeemptydirvolume'
   - name: 'nodeCSIscheduling'
@@ -480,14 +630,14 @@ tolerations:
       weight: 10

                                                networkresource

                                                +

                                                networkresource

                                                The ENI requirement node can be preselected and filtered. The parameters are transferred by CCE and do not need to be manually configured.

                                                +

                                                The ENI requirement node can be preselected and filtered. The parameters are transferred by CCE and do not need to be manually configured.

                                                arguments:

                                                -
                                                • NetworkType: network type (eni or vpc-router)
                                                +

                                                arguments:

                                                +
                                                • NetworkType: network type (eni or vpc-router)
                                                - plugins:
+
                                                - plugins:
   - name: 'nodelocalvolume'
   - name: 'nodeemptydirvolume'
   - name: 'nodeCSIscheduling'
@@ -496,39 +646,39 @@ tolerations:
       NetworkType: vpc-router

                                                nodelocalvolume

                                                +

                                                nodelocalvolume

                                                Filter out nodes that do not meet local volume requirements.

                                                +

                                                Filter out nodes that do not meet local volume requirements.

                                                None

                                                +

                                                None

                                                - plugins:
+
                                                - plugins:
   - name: 'nodelocalvolume'
   - name: 'nodeemptydirvolume'
   - name: 'nodeCSIscheduling'
   - name: 'networkresource'

                                                nodeemptydirvolume

                                                +

                                                nodeemptydirvolume

                                                Filter out nodes that do not meet the emptyDir requirements.

                                                +

                                                Filter out nodes that do not meet the emptyDir requirements.

                                                None

                                                +

                                                None

                                                - plugins:
+
                                                - plugins:
   - name: 'nodelocalvolume'
   - name: 'nodeemptydirvolume'
   - name: 'nodeCSIscheduling'
   - name: 'networkresource'

                                                nodeCSIscheduling

                                                +

                                                nodeCSIscheduling

                                                Filter out nodes with malfunctional Everest.

                                                +

                                                Filter out nodes with malfunctional Everest.

                                                None

                                                +

                                                None

                                                - plugins:
+
                                                - plugins:
   - name: 'nodelocalvolume'
   - name: 'nodeemptydirvolume'
   - name: 'nodeCSIscheduling'
@@ -542,68 +692,68 @@ tolerations:
 
                                                
 
 
                                                Components
                                                
-
                                                Table 5 Add-on components
                                                Component
                                                
+
                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -615,7 +765,7 @@ tolerations:
 
                                                This section describes how to configure volcano-scheduler.
                                                 
                                                Only Volcano of v1.7.1 and later support this function. 
                                                
 
                                                
-
                                                Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Settings and click the Scheduling tab. In the Select Cluster Scheduler area, select Volcano scheduler, find the expert mode, and click Try Now.
                                                
+
                                                Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Settings and click the Scheduling tab. In the Select Cluster Scheduler area, select Volcano scheduler, find the expert mode, and click Try Now.
                                                • Using resource_exporter:
                                                  ...
@@ -690,183 +840,183 @@ tolerations:
 
                                                   
                                                  Prometheus metrics can be exposed only by the Volcano add-on of version 1.8.5 or later.
                                                  
 
                                                  
 
-
                                                Table 6 Add-on components
                                                Component
                                                
 
                                                Description
                                                
+
                                                Description
                                                
 
                                                Resource Type
                                                
+
                                                Resource Type
                                                
                                                 		
 
                                                
 
                                                volcano-scheduler
                                                
+
                                                volcano-scheduler
                                                
 
                                                Schedule pods.
                                                
+
                                                Schedule pods.
                                                
 
                                                Deployment
                                                
+
                                                Deployment
                                                
                                                 		
 
                                                volcano-controller
                                                
+
                                                volcano-controller
                                                
 
                                                Synchronize CRDs.
                                                
+
                                                Synchronize CRDs.
                                                
 
                                                Deployment
                                                
+
                                                Deployment
                                                
                                                 		
 
                                                volcano-admission
                                                
+
                                                volcano-admission
                                                
 
                                                Webhook server, which verifies and modifies resources such as pods and jobs
                                                
+
                                                Webhook server, which verifies and modifies resources such as pods and jobs
                                                
 
                                                Deployment
                                                
+
                                                Deployment
                                                
                                                 		
 
                                                volcano-agent
                                                
+
                                                volcano-agent
                                                
 
                                                Cloud native hybrid agent, which is used for node QoS assurance, CPU burst, and dynamic resource oversubscription
                                                
+
                                                Cloud native hybrid agent, which is used for node QoS assurance, CPU burst, and dynamic resource oversubscription
                                                
 
                                                DaemonSet
                                                
+
                                                DaemonSet
                                                
                                                 		
 
                                                resource-exporter
                                                
+
                                                resource-exporter
                                                
 
                                                Report the NUMA topology information of nodes.
                                                
+
                                                Report the NUMA topology information of nodes.
                                                
 
                                                DaemonSet
                                                
+
                                                DaemonSet
                                                
                                                 		
 
                                                volcano-descheduler
                                                
+
                                                volcano-descheduler
                                                
 
                                                Reschedule pods in a cluster. After the rescheduling capability is enabled, pods will be automatically deployed on nodes.
                                                
+
                                                Reschedule pods in a cluster. After the rescheduling capability is enabled, pods will be automatically deployed on nodes.
                                                
 
                                                Deployment
                                                
+
                                                Deployment
                                                
                                                 		
 
                                                volcano-recommender
                                                
+
                                                volcano-recommender
                                                
 
                                                Generate recommendations for CPU and memory requests based on the historical CPU and memory usage of a container.
                                                
+
                                                Generate recommendations for CPU and memory requests based on the historical CPU and memory usage of a container.
                                                
 
                                                Deployment
                                                
+
                                                Deployment
                                                
                                                 		
 
                                                volcano-recommender-prometheus-adapter
                                                
+
                                                volcano-recommender-prometheus-adapter
                                                
 
                                                Collect historical CPU and memory metrics of containers from Prometheus.
                                                
+
                                                Collect historical CPU and memory metrics of containers from Prometheus.
                                                
 
                                                Deployment
                                                
+
                                                Deployment
                                                
                                                 		
 
                                                
                                                 
 
 
 
 
                                                Table 6 Key metrics
                                                Metric
                                                
+
                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                Table 7 Key metrics
                                                Metric
                                                
 
                                                Type
                                                
+
                                                Type
                                                
 
                                                Description
                                                
+
                                                Description
                                                
 
                                                Label
                                                
+
                                                Label
                                                
                                                 		
 
                                                
 
                                                e2e_scheduling_latency_milliseconds
                                                
+
                                                e2e_scheduling_latency_milliseconds
                                                
 
                                                Histogram
                                                
+
                                                Histogram
                                                
 
                                                E2E scheduling latency (ms) (scheduling algorithm + binding)
                                                
+
                                                E2E scheduling latency (ms) (scheduling algorithm + binding)
                                                
 
                                                None
                                                
+
                                                None
                                                
                                                 		
 
                                                e2e_job_scheduling_latency_milliseconds
                                                
+
                                                e2e_job_scheduling_latency_milliseconds
                                                
 
                                                Histogram
                                                
+
                                                Histogram
                                                
 
                                                E2E job scheduling latency (ms)
                                                
+
                                                E2E job scheduling latency (ms)
                                                
 
                                                None
                                                
+
                                                None
                                                
                                                 		
 
                                                e2e_job_scheduling_duration
                                                
+
                                                e2e_job_scheduling_duration
                                                
 
                                                Gauge
                                                
+
                                                Gauge
                                                
 
                                                E2E job scheduling duration
                                                
+
                                                E2E job scheduling duration
                                                
 
                                                labels=["job_name", "queue", "job_namespace"]
                                                
+
                                                labels=["job_name", "queue", "job_namespace"]
                                                
                                                 		
 
                                                plugin_scheduling_latency_microseconds
                                                
+
                                                plugin_scheduling_latency_microseconds
                                                
 
                                                Histogram
                                                
+
                                                Histogram
                                                
 
                                                Add-on scheduling latency (µs)
                                                
+
                                                Add-on scheduling latency (µs)
                                                
 
                                                labels=["plugin", "OnSession"]
                                                
+
                                                labels=["plugin", "OnSession"]
                                                
                                                 		
 
                                                action_scheduling_latency_microseconds
                                                
+
                                                action_scheduling_latency_microseconds
                                                
 
                                                Histogram
                                                
+
                                                Histogram
                                                
 
                                                Action scheduling latency (µs)
                                                
+
                                                Action scheduling latency (µs)
                                                
 
                                                labels=["action"]
                                                
+
                                                labels=["action"]
                                                
                                                 		
 
                                                task_scheduling_latency_milliseconds
                                                
+
                                                task_scheduling_latency_milliseconds
                                                
 
                                                Histogram
                                                
+
                                                Histogram
                                                
 
                                                Task scheduling latency (ms)
                                                
+
                                                Task scheduling latency (ms)
                                                
 
                                                None
                                                
+
                                                None
                                                
                                                 		
 
                                                schedule_attempts_total
                                                
+
                                                schedule_attempts_total
                                                
 
                                                Counter
                                                
+
                                                Counter
                                                
 
                                                Number of pod scheduling attempts. unschedulable indicates that the pods cannot be scheduled, and error indicates that the internal scheduler is faulty.
                                                
+
                                                Number of pod scheduling attempts. unschedulable indicates that the pods cannot be scheduled, and error indicates that the internal scheduler is faulty.
                                                
 
                                                labels=["result"]
                                                
+
                                                labels=["result"]
                                                
                                                 		
 
                                                pod_preemption_victims
                                                
+
                                                pod_preemption_victims
                                                
 
                                                Gauge
                                                
+
                                                Gauge
                                                
 
                                                Number of selected preemption victims
                                                
+
                                                Number of selected preemption victims
                                                
 
                                                None
                                                
+
                                                None
                                                
                                                 		
 
                                                total_preemption_attempts
                                                
+
                                                total_preemption_attempts
                                                
 
                                                Counter
                                                
+
                                                Counter
                                                
 
                                                Total number of preemption attempts in a cluster
                                                
+
                                                Total number of preemption attempts in a cluster
                                                
 
                                                None
                                                
+
                                                None
                                                
                                                 		
 
                                                unschedule_task_count
                                                
+
                                                unschedule_task_count
                                                
 
                                                Gauge
                                                
+
                                                Gauge
                                                
 
                                                Number of unschedulable tasks
                                                
+
                                                Number of unschedulable tasks
                                                
 
                                                labels=["job_id"]
                                                
+
                                                labels=["job_id"]
                                                
                                                 		
 
                                                unschedule_job_count
                                                
+
                                                unschedule_job_count
                                                
 
                                                Gauge
                                                
+
                                                Gauge
                                                
 
                                                Number of unschedulable jobs
                                                
+
                                                Number of unschedulable jobs
                                                
 
                                                None
                                                
+
                                                None
                                                
                                                 		
 
                                                job_retry_counts
                                                
+
                                                job_retry_counts
                                                
 
                                                Counter
                                                
+
                                                Counter
                                                
 
                                                Number of job retries
                                                
+
                                                Number of job retries
                                                
 
                                                labels=["job_id"]
                                                
+
                                                labels=["job_id"]
                                                
                                                 		
 
                                                
                                                 
 
                                                
 
                                                
 
-
                                                Uninstalling the Volcano Add-on
                                                After the add-on is uninstalled, all custom Volcano resources (Table 7) will be deleted, including the created resources. Reinstalling the add-on will not inherit or restore the tasks before the uninstallation. It is a good practice to uninstall the Volcano add-on only when no custom Volcano resources are being used in the cluster.
                                                
+
                                                Uninstalling the Volcano Add-on
                                                After the add-on is uninstalled, all custom Volcano resources (Table 8) will be deleted, including the created resources. Reinstalling the add-on will not inherit or restore the tasks before the uninstallation. It is a good practice to uninstall the Volcano add-on only when no custom Volcano resources are being used in the cluster.
                                                
 
-
                                                
-
@@ -97,7 +96,7 @@
 
@@ -136,7 +135,7 @@
 
                                                Table 7 Custom Volcano resources
                                                Item
                                                
+
                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -876,110 +1026,122 @@ tolerations:
 
                                                Change History
                                                 
                                                It is a good practice to upgrade Volcano to the latest version that is supported by the cluster.
                                                
 
                                                
 
-
                                                Table 8 Custom Volcano resources
                                                Item
                                                
 
                                                API Group
                                                
+
                                                API Group
                                                
 
                                                API Version
                                                
+
                                                API Version
                                                
 
                                                Resource Level
                                                
+
                                                Resource Level
                                                
                                                 		
 
                                                
 
                                                Command
                                                
+
                                                Command
                                                
 
                                                bus.volcano.sh
                                                
+
                                                bus.volcano.sh
                                                
 
                                                v1alpha1
                                                
+
                                                v1alpha1
                                                
 
                                                Namespaced
                                                
+
                                                Namespaced
                                                
                                                 		
 
                                                Job
                                                
+
                                                Job
                                                
 
                                                batch.volcano.sh
                                                
+
                                                batch.volcano.sh
                                                
 
                                                v1alpha1
                                                
+
                                                v1alpha1
                                                
 
                                                Namespaced
                                                
+
                                                Namespaced
                                                
                                                 		
 
                                                Numatopology
                                                
+
                                                Numatopology
                                                
 
                                                nodeinfo.volcano.sh
                                                
+
                                                nodeinfo.volcano.sh
                                                
 
                                                v1alpha1
                                                
+
                                                v1alpha1
                                                
 
                                                Cluster
                                                
+
                                                Cluster
                                                
                                                 		
 
                                                PodGroup
                                                
+
                                                PodGroup
                                                
 
                                                scheduling.volcano.sh
                                                
+
                                                scheduling.volcano.sh
                                                
 
                                                v1beta1
                                                
+
                                                v1beta1
                                                
 
                                                Namespaced
                                                
+
                                                Namespaced
                                                
                                                 		
 
                                                Queue
                                                
+
                                                Queue
                                                
 
                                                scheduling.volcano.sh
                                                
+
                                                scheduling.volcano.sh
                                                
 
                                                v1beta1
                                                
+
                                                v1beta1
                                                
 
                                                Cluster
                                                
+
                                                Cluster
                                                
                                                 		
 
                                                
 
                                                
-
-
-
+
+
+
@@ -72,58 +77,59 @@
 
                                                Cluster Upgrade Process
                                                The cluster upgrade process involves pre-upgrade check, backup, upgrade, and post-upgrade verification.
                                                
-
                                                Figure 1 Process of upgrading a cluster
                                                
+
                                                Figure 1 Process of upgrading a cluster
                                                
+
                                                
 
                                                After determining the target version of the cluster, read the precautions carefully and prevent function incompatibility during the upgrade.
                                                
-
                                                1. Pre-upgrade check
                                                  Before a cluster upgrade, CCE checks mandatory items such as the cluster status, add-ons, and nodes to ensure that the cluster meets the upgrade requirements. For more details, see Pre-upgrade Check. If any check item is abnormal, rectify the fault as prompted on the console.
                                                  
+
                                                  1. Pre-upgrade check
                                                    Before a cluster upgrade, CCE checks mandatory items such as the cluster status, add-ons, workload compatibility, and nodes to ensure that the cluster meets the upgrade requirements. For more details, see Pre-upgrade Check. If any check item is abnormal, rectify the fault as prompted on the console.
                                                    
 
                                                  2. Backup
                                                    You can use disk snapshots to back up master node data, including CCE component images, component configurations, and etcd data. Back up data before an upgrade. If unexpected cases occur during an upgrade, you can use the backup to quickly restore the cluster.
                                                    
 
-
                                                Table 8 Release history
                                                Add-on Version
                                                
+
                                                
-
-
-
-
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0196.html b/docs/cce/umn/cce_10_0196.html
index 82fc6c0ab..af99bdbfc 100644
--- a/docs/cce/umn/cce_10_0196.html
+++ b/docs/cce/umn/cce_10_0196.html
@@ -2,7 +2,7 @@
 
 
                                                Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration
                                                Scenario
                                                In a CCE Turbo cluster, you can configure subnets and security groups for containers by namespace or workload using NetworkAttachmentDefinition CRDs. To configure a particular container subnet and security group for a specified namespace or workload, create a container network configuration (NetworkAttachmentDefinition) and associate it with the target namespace or workload. In this way, service subnets can be planned or services can be securely isolated.
                                                
-
                                                Figure 1 Custom container network settings
                                                
+
                                                Figure 1 Custom container network settings
                                                
 
                                                The following table lists the resources that a container network configuration can be associated with.
 
                                                Table 9 Release history
                                                Add-on Version
                                                
 
                                                Supported Cluster Version
                                                
+
                                                Supported Cluster Version
                                                
 
                                                New Feature
                                                
+
                                                New Feature
                                                
                                                 		
 
                                                
 
                                                1.15.6
                                                
+
                                                1.16.17
                                                
 
                                                v1.23
                                                
+
                                                v1.25
                                                
+
                                                v1.27
                                                
+
                                                v1.28
                                                
+
                                                v1.29
                                                
+
                                                v1.30
                                                
+
                                                v1.31
                                                
+
                                                Supported even scheduling on virtual GPUs.
                                                
+
                                                1.15.6
                                                
+
                                                v1.23
                                                
 
                                                v1.25
                                                
 
                                                v1.27
                                                
 
                                                v1.28
                                                
 
                                                v1.29
                                                
 
                                                v1.30
                                                
 
                                                Resources can be oversubscribed based on pod profiling.
                                                
+
                                                Resources can be oversubscribed based on pod profiling.
                                                
                                                 		
 
                                                1.13.3
                                                
+
                                                1.13.3
                                                
 
                                                v1.21
                                                
+
                                                v1.21
                                                
 
                                                v1.23
                                                
 
                                                v1.25
                                                
 
                                                v1.27
                                                
 
                                                v1.28
                                                
 
                                                v1.29
                                                
 
                                                • Supported scale-in of customized resources based on node priorities.
                                                • Optimized the association between preemption and node scale-out.
                                                
+
                                                • Supported scale-in of customized resources based on node priorities.
                                                • Optimized the association between preemption and node scale-out.
                                                
                                                 		
 
                                                1.12.1
                                                
+
                                                1.12.1
                                                
 
                                                v1.19.16
                                                
+
                                                v1.19.16
                                                
 
                                                v1.21
                                                
 
                                                v1.23
                                                
 
                                                v1.25
                                                
 
                                                v1.27
                                                
 
                                                v1.28
                                                
 
                                                Optimized application auto scaling performance.
                                                
+
                                                Optimized application auto scaling performance.
                                                
                                                 		
 
                                                1.11.21
                                                
+
                                                1.11.21
                                                
 
                                                v1.19.16
                                                
+
                                                v1.19.16
                                                
 
                                                v1.21
                                                
 
                                                v1.23
                                                
 
                                                v1.25
                                                
 
                                                v1.27
                                                
 
                                                v1.28
                                                
 
                                                • Supported Kubernetes 1.28.
                                                • Supported load-aware scheduling.
                                                • Updated image OS to HCE 2.0.
                                                • Optimized CSI resource preemption.
                                                • Optimized load-aware rescheduling.
                                                • Optimized preemption in hybrid deployment scenarios.
                                                
+
                                                • Supported Kubernetes v1.28.
                                                • Supported load-aware scheduling.
                                                • The image OS is updated to HCE OS 2.0.
                                                • Optimized CSI resource preemption.
                                                • Optimized load-aware rescheduling.
                                                • Optimized preemption in hybrid deployment scenarios.
                                                
                                                 		
 
                                                1.11.6
                                                
+
                                                1.11.6
                                                
 
                                                v1.19.16
                                                
+
                                                v1.19.16
                                                
 
                                                v1.21
                                                
 
                                                v1.23
                                                
 
                                                v1.25
                                                
 
                                                v1.27
                                                
 
                                                • Supported Kubernetes 1.27.
                                                • Supported rescheduling.
                                                • Supported affinity scheduling of nodes in the node pool.
                                                • Optimized the scheduling performance.
                                                
+
                                                • Supported Kubernetes v1.27.
                                                • Supported rescheduling.
                                                • Supported affinity scheduling of nodes in the node pool.
                                                • Optimized the scheduling performance.
                                                
                                                 		
 
                                                1.9.1
                                                
+
                                                1.9.1
                                                
 
                                                v1.19.16
                                                
+
                                                v1.19.16
                                                
 
                                                v1.21
                                                
 
                                                v1.23
                                                
 
                                                v1.25
                                                
 
                                                • Fixes the issue that the counting pipeline pod of the networkresource add-on occupies supplementary network interfaces (Sub-ENI).
                                                • Fixes the issue where the binpack add-on scores nodes with insufficient resources.
                                                • Fixes the issue of processing resources in the pod with unknown end status.
                                                • Optimizes event output.
                                                • Supports HA deployment by default.
                                                
+
                                                • Fixed the issue that the counting pipeline pod of the networkresource add-on occupies supplementary network interfaces (sub-ENIs).
                                                • Fixed the issue where the binpack add-on scores nodes with insufficient resources.
                                                • Fixed the issue of processing resources in the pod with unknown end status.
                                                • Optimized event output.
                                                • Supported HA deployment by default.
                                                
                                                 		
 
                                                1.7.1
                                                
+
                                                1.7.1
                                                
 
                                                v1.19.16
                                                
+
                                                v1.19.16
                                                
 
                                                v1.21
                                                
 
                                                v1.23
                                                
 
                                                v1.25
                                                
 
                                                Adapts to clusters 1.25.
                                                
+
                                                Supported clusters v1.25.
                                                
                                                 		
 
                                                1.4.5
                                                
+
                                                1.4.5
                                                
 
                                                v1.17
                                                
+
                                                v1.17
                                                
 
                                                v1.19
                                                
 
                                                v1.21
                                                
 
                                                Changes the deployment mode of volcano-scheduler from statefulset to deployment, and fixes the issue that pods cannot be automatically migrated when the node is abnormal.
                                                
+
                                                Changed the deployment mode of Volcano Scheduler from StatefulSet to Deployment, and fixed the issue that pods cannot be automatically migrated when the node is abnormal.
                                                
                                                 		
 
                                                1.3.7
                                                
+
                                                1.3.7
                                                
 
                                                v1.15
                                                
+
                                                v1.15
                                                
 
                                                v1.17
                                                
 
                                                v1.19
                                                
 
                                                v1.21
                                                
 
                                                • Supports hybrid deployment of online and offline jobs and resource oversubscription.
                                                • Optimizes the scheduling throughput for clusters.
                                                • Fixes the issue where the scheduler panics in certain scenarios.
                                                • Fixes the issue that the volumes.secret verification of the volcano job in the CCE clusters 1.15 fails.
                                                • Fixes the issue that jobs fail to be scheduled when volumes are mounted.
                                                
+
                                                • Supported hybrid deployment of online and offline jobs and resource oversubscription.
                                                • Optimized the scheduling throughput for clusters.
                                                • Fixed the issue where the scheduler panics in certain scenarios.
                                                • Fixed the issue that the volumes.secret verification of the volcano job in the CCE clusters v1.15 fails.
                                                • Fixed the issue that jobs fail to be scheduled when volumes are mounted.
                                                
                                                 		
 
                                                
                                                 
 
                                                
@@ -45,11 +45,13 @@
 
                                                Notes and Constraints
                                                • Only the default container network configuration supports dynamic pre-binding of container NICs. When the quota of node NICs is used up, the pod that uses the custom container network configuration attempts to unbind the pre-bound NIC of the default container network configuration, leading to slower pod startup. Therefore, if you need to frequently use the custom container network configuration, disable dynamic pre-binding of global container NICs in the target cluster. If you require high-speed pod elasticity using the default container network configuration, properly plan dynamic pre-binding of container NICs in the target node pool based on scheduling.
                                                • If a workload with a fixed IP address needs to be associated with a new container network configuration, the fixed IP address will be invalid when pods are rebuilt. In this case, delete the workload, release the fixed IP address, and create a workload again.
                                                • Before deleting a custom container network configuration, delete the pods (with the cni.yangtse.io/network-status annotation) created using the configuration in the target namespace. For details, see Deleting a Container Network Configuration.
                                                
 
                                                
-
                                                Operations on the Console for the Namespace Type
                                                1. Log in to the CCE console.
                                                2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Network tab.
                                                3. View the Container Network Security Policy Configuration (Namespace Level) and click Add. In the window that is displayed, configure parameters such as the pod subnet and security group.
                                                  • Name: Enter a name that contains a maximum of 63 characters. Do not use default-network, default, mgnt0, or mgnt1.
                                                  • Associated Resource Type: resource type associated with the custom container network configuration. For details, see Table 1. To create a container network configuration of the namespace type, select Namespace.
                                                  • Namespace: Select the namespace to be associated. The namespaces associated with different container network configurations must be unique. If no namespace is available, click Create Namespace to create one.
                                                  • Pod Subnet: Select a subnet. If no subnet is available, click Create Subnet to create one. After the subnet is created, click the refresh button. 
                                                  • Associate Security Group: The default value is the container ENI security group. You can also click Create Security Group to create one. After the security group is created, click the refresh button. A maximum of five security groups can be selected.
                                                  
-
                                                4. Click OK. After the creation, you will be redirected to the custom container network configuration list, where the new container network configuration is included.
                                                
+
                                                Operations on the Console for the Namespace Type
                                                1. Log in to the CCE console.
                                                2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Network tab.
                                                3. Locate the Container Network area and click Add. In the Create Network Configurations dialog box, configure parameters such as the pod subnet and security group.
                                                  • Name: Enter a name that contains a maximum of 63 characters. Do not use default-network, default, mgnt0, or mgnt1.
                                                  • Associated Resource Type: resource type associated with the custom container network configuration. For details, see Table 1. To create a container network configuration of the namespace type, select Namespace.
                                                  • Namespace: Select the namespace to be associated. The namespaces associated with different container network configurations must be unique. If no namespace is available, click Create Namespace to create one.
                                                  • Pod Subnet: Select a subnet. If no subnet is available, click Create Subnet to create one. After the subnet is created, click the refresh button. 
                                                  • Associate Security Group: The default value is the container ENI security group. You can also click Create Security Group to create one. After the security group is created, click the refresh button. A maximum of five security groups can be selected.
                                                  
+
                                                  
+
                                                4. Click OK. After the creation, you will be redirected to the custom container network configuration list, where the new container network configuration is included.
                                                  
+
                                                
 
                                                
 
                                                Operations Using kubectl for the Namespace Type
                                                This section describes how to use kubectl to create a container network configuration of the namespace type.
                                                
-
                                                1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                2. Modify the networkattachment-test.yaml file.
                                                  vi networkattachment-test.yaml
                                                  
+
                                                  1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                  2. Modify the networkattachment-test.yaml file.
                                                    vi networkattachment-test.yaml
                                                    
 
                                                    Example file content:
                                                    
 
                                                    apiVersion: k8s.cni.cncf.io/v1
 kind: NetworkAttachmentDefinition
@@ -258,13 +260,13 @@ spec:
 
                                                    networkattachmentdefinition.k8s.cni.cncf.io/example created
                                                    
 
                                                  
 
                                                
-
                                                Operations on the Console for the Workload Type
                                                1. Log in to the CCE console.
                                                2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Network tab.
                                                3. View the Container Network Security Policy Configuration (Namespace Level) and click Add. In the window that is displayed, configure parameters such as the pod subnet and security group.
                                                  • Name: Enter a name that contains a maximum of 63 characters. Do not use default-network, default, mgnt0, or mgnt1.
                                                  • Associated Resource Type: resource type associated with the custom container network configuration. For details, see Table 1. To create a container network configuration of the workload type, select Workload.
                                                  • Pod Subnet: Select a subnet. If no subnet is available, click Create Subnet to create one. After the subnet is created, click the refresh button.
                                                  • Associate Security Group: The default value is the container ENI security group. You can also click Create Security Group to create one. After the security group is created, click the refresh button. A maximum of five security groups can be selected.
                                                  
+
                                                  Operations on the Console for the Workload Type
                                                  1. Log in to the CCE console.
                                                  2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Network tab.
                                                  3. Locate the Container Network area and click Add. In the Create Network Configurations dialog box, configure parameters such as the pod subnet and security group.
                                                    • Name: Enter a name that contains a maximum of 63 characters. Do not use default-network, default, mgnt0, or mgnt1.
                                                    • Associated Resource Type: resource type associated with the custom container network configuration. For details, see Table 1. To create a container network configuration of the workload type, select Workload.
                                                    • Pod Subnet: Select a subnet. If no subnet is available, click Create Subnet to create one. After the subnet is created, click the refresh button. 
                                                    • Associate Security Group: The default value is the container ENI security group. You can also click Create Security Group to create one. After the security group is created, click the refresh button. A maximum of five security groups can be selected.
                                                    
 
                                                  4. Click OK. After the creation, you will be redirected to the custom container network configuration list, where the new container network configuration is included.
                                                  5. When creating a workload, you can select a custom container network configuration.
                                                    1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                    2. Click Create Workload in the upper right corner of the page. In the Advanced Settings area, choose Network Configuration and determine whether to enable a specified container network configuration.
                                                    3. Select an existing container network configuration. If no configuration is available, click Add to create one.
                                                    4. After the configuration, click Create Workload.
                                                      Return to the Settings page. In the container network configuration list, the name of the resource associated with the created container network configuration is displayed.
                                                      
 
                                                    
 
                                                  
 
                                                  
 
                                                  Operations Using kubectl for the Workload Type
                                                  This section describes how to use kubectl to create a container network configuration of the workload type.
                                                  
-
                                                  1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                  2. Modify the networkattachment-test.yaml file.
                                                    vi networkattachment-test.yaml
                                                    
+
                                                    1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                    2. Modify the networkattachment-test.yaml file.
                                                      vi networkattachment-test.yaml
                                                      
 
                                                      Example file content:
                                                      
 
                                                      apiVersion: k8s.cni.cncf.io/v1
 kind: NetworkAttachmentDefinition
@@ -303,7 +305,7 @@ spec:
 
 
                                                
-
-
-
-
-
                                                Table 1 Associated resources
                                                Category
                                                
                                                 		
 
                                                String
                                                
 
                                                API version. The value is fixed at k8s.cni.cncf.io/v1.
                                                
+
                                                API version. The value is fixed at k8s.cni.cncf.io/v1.
                                                
                                                 		
 
                                                
 
                                                kind
                                                
@@ -312,7 +314,7 @@ spec:
                                                 		
 
                                                String
                                                
 
                                                Type of the object to be created. The value is fixed at NetworkAttachmentDefinition.
                                                
+
                                                Type of the object to be created. The value is fixed at NetworkAttachmentDefinition.
                                                
                                                 		
 
                                                
 
                                                yangtse.io/project-id
                                                
@@ -339,7 +341,7 @@ spec:
                                                 		
 
                                                String
                                                
 
                                                Namespace of the configuration resource. The value is fixed to kube-system.
                                                
+
                                                Namespace of the configuration resource. The value is fixed to kube-system.
                                                
                                                 		
 
                                                
 
                                                config
                                                
@@ -371,7 +373,7 @@ spec:
                                                 		
 
                                                String
                                                
 
                                                The value is fixed at eni-neutron.
                                                
+
                                                The value is fixed at eni-neutron.
                                                
                                                 		
 
                                                
 
                                                args
                                                
@@ -404,9 +406,9 @@ spec:
                                                 		
 
                                                String
                                                
 
                                                Security group ID. If no security group is planned, ensure that the security group is the same as that in default-network.
                                                
+
                                                Security group ID. If no security group is planned, ensure that the security group is the same as that in default-network.
                                                
 
                                                How to obtain:
                                                
-
                                                Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups. Click the target security group name and copy the ID on the Summary tab page.
                                                
+
                                                Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups. Click the target security group name and copy the ID on the Summary tab page.
                                                
                                                 		
 
                                                
 
                                                subnets
                                                
@@ -419,14 +421,14 @@ spec:
 
                                                [{"subnetID":"27d95**"},{"subnetID":"827bb**"},{"subnetID":"bdd6b**"}]
                                                
 
                                                Subnet ID not used by the cluster in the same VPC.
                                                
 
                                                How to obtain:
                                                
-
                                                Log in to the VPC console. In the navigation pane, choose Virtual Private Cloud > Subnets. Click the target subnet name and copy the Subnet ID on the Summary tab page.
                                                
+
                                                Log in to the VPC console. In the navigation pane, choose Virtual Private Cloud > Subnets. Click the target subnet name and copy the Subnet ID on the Summary tab page.
                                                
                                                 		
 
                                                
 
 
                                                
 
                                                
 
                                              • Create a NetworkAttachmentDefinition.
                                                kubectl create -f networkattachment-test.yaml
                                                
-
                                                If information similar to the following is displayed, the NetworkAttachmentDefinition has been created.
                                                
+
                                                If information similar to the following is displayed, the configuration has been created.
                                                
 
                                                networkattachmentdefinition.k8s.cni.cncf.io/example created
                                                
 
                                              • Create a Deployment workload and associate it with the newly created container network configuration.
                                                apiVersion: apps/v1
 kind: Deployment
@@ -462,7 +464,7 @@ spec:
 
 
                                                Deleting a Container Network Configuration
                                                You can delete the new container network configuration or view its YAML file.
                                                
 
                                                 
                                                Before deleting a container network configuration, delete all pods using the configuration. Otherwise, the deletion will fail.
                                                
-
                                                1. Run the following command to filter the pods that uses the configuration in the cluster (example is used as an example):
                                                  kubectl get pod -A -o=jsonpath="{.items[?(@.metadata.annotations.cni\.yangtse\.io/network-status=='[{\"name\":\"example\"}]')]['metadata.namespace', 'metadata.name']}"
                                                  
+
                                                  1. Run the following command to filter the pods that uses the configuration in the cluster (example is used as an example):
                                                    kubectl get pod -A -o=jsonpath="{range .items[?(@.metadata.annotations.cni\\.yangtse\\.io/network-status=='[{\"name\":\"example\"}]')]}{.metadata.namespace}{'\t'}{.metadata.name}{'\n'}{end}"
                                                    
 
                                                    The command output contains the pod name and namespace associated with the configuration.
                                                    
 
                                                  2. Delete the owner of the pod. The owner may be a Deployment, StatefulSet, DaemonSet, or Job.
                                                  
 
                                                
diff --git a/docs/cce/umn/cce_10_0197.html b/docs/cce/umn/cce_10_0197.html
index b9c23fcca..dbc2c24ea 100644
--- a/docs/cce/umn/cce_10_0197.html
+++ b/docs/cce/umn/cce_10_0197.html
@@ -1,6 +1,6 @@
 
 
-
                                                Process and Method of Upgrading a Cluster
                                                
+
                                                Cluster Upgrade Overview
                                                
 
                                                CCE strictly complies with community consistency authentication. It releases three Kubernetes versions each year and offers a maintenance period of at least 24 months after each version is released. CCE ensures the stable running of Kubernetes versions during the maintenance period.
                                                
 
                                                To ensure your service rights and benefits, upgrade your Kubernetes clusters before a maintenance period ends. You can check the Kubernetes version of your cluster on the cluster list page and check whether a new version is available. Proactive cluster upgrades help you:
                                                
 
                                                • Reduce security and stability risks: During the iteration of Kubernetes versions, known security and stability vulnerabilities are continuously fixed. Long-term use of EOS clusters will result in security and stability risks to services.
                                                • Experience the latest functions: During the iteration of Kubernetes versions, new functions and optimizations are continuously released. For details about the features of the latest version, see Release Notes for CCE Cluster Versions.
                                                • Minimize compatibility risks: During the iteration of Kubernetes versions, APIs are continuously modified and functions are deprecated. If a cluster has not been upgraded for a long time, more O&M assurance investment will be required when the cluster is upgraded. Periodic upgrades can effectively mitigate compatibility risks caused by accumulated version differences. It is a good practice to upgrade a patch version every quarter and upgrade a major version to the latest version every year.
                                                • Obtain more effective technical support: CCE does not provide security patches or issue fixing for EOS Kubernetes cluster versions, and does not ensure technical support for the EOS versions.
                                                
@@ -34,7 +34,7 @@
 
                                                • 
 
                                                v1.21
                                                
 
                                                v1.23 or v1.25
                                                
+
                                                v1.23
                                                
                                                 		
 
                                                
 
                                                v1.23
                                                
@@ -54,12 +54,17 @@
 
                                                
 
                                                v1.28
                                                
 
                                                v1.29
                                                
+
                                                v1.29 or v1.31
                                                
                                                 		
 
                                                
 
                                                v1.29
                                                
 
                                                v1.30
                                                
+
                                                v1.30 or v1.31
                                                
+
                                                v1.30
                                                
+
                                                v1.31
                                                
                                                 		
 
                                                
 
 
 
                                                Backup Type
                                                
+
                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                Backup Type
                                                
 
                                                Backup Object
                                                
+
                                                Backup Object
                                                
 
                                                Backup Mode
                                                
+
                                                Backup Mode
                                                
 
                                                Backup Duration
                                                
+
                                                Backup Duration
                                                
 
                                                Rollback Duration
                                                
+
                                                Rollback Duration
                                                
 
                                                Description
                                                
+
                                                Description
                                                
                                                 		
 
                                                
 
                                                etcd data backup
                                                
+
                                                etcd data backup
                                                
 
                                                etcd data
                                                
+
                                                etcd data
                                                
 
                                                Automatic backup during an upgrade
                                                
+
                                                Automatic backup during an upgrade
                                                
 
                                                1-5 minutes
                                                
+
                                                1-5 minutes
                                                
 
                                                2 hours
                                                
+
                                                2 hours
                                                
 
                                                Mandatory. The data is automatically backed up during an upgrade.
                                                
+
                                                Mandatory. The data is automatically backed up during an upgrade.
                                                
                                                 		
 
                                                CBR cloud server backup
                                                
+
                                                CBR cloud server backup
                                                
 
                                                Master node disks, including component images, configurations, logs, and etcd data
                                                
+
                                                Master node disks, including component images, configurations, logs, and etcd data
                                                
 
                                                One-click backup on a web page (manually triggered)
                                                
+
                                                One-click backup on a web page (manually triggered)
                                                
 
                                                20 minutes to 2 hours (based on the cloud backup tasks in the current region)
                                                
+
                                                20 minutes to 2 hours (based on the cloud backup tasks in the current region)
                                                
 
                                                20 minutes
                                                
+
                                                20 minutes
                                                
 
                                                This function is gradually replaced by EVS snapshot backup.
                                                
+
                                                This function is gradually replaced by EVS snapshot backup.
                                                
                                                 		
 
                                                
                                                 
 
                                                
 
                                                
 
                                              • Configuration and upgrade
                                                Configure parameters before an upgrade. CCE has provided default settings, which can be modified as needed. After the configuration, upgrade add-ons, master nodes, and worker nodes in sequence.
                                                
-
                                                • Add-on Upgrade Configuration: Add-ons that have been installed in your cluster are listed. During the cluster upgrade, CCE automatically upgrades the selected add-ons to be compatible with the target cluster version. You can click Set to re-define the add-on parameters.
                                                   
                                                  If an add-on is marked with  on its right side, the add-on cannot be compatible with both the source and target versions of the cluster upgrade. In this case, CCE will upgrade the add-on after the cluster upgrade. The add-on may be unavailable during the cluster upgrade.
                                                  
+
                                                  • Add-on Upgrade Configuration: Add-ons that have been installed in your cluster are listed. During the cluster upgrade, CCE automatically upgrades the selected add-ons to be compatible with the target cluster version. You can click Set to re-define the add-on parameters.
                                                     
                                                    If an add-on is marked with  on its right side, the add-on cannot be compatible with both the source and target versions of the cluster upgrade. In this case, CCE will upgrade the add-on after the cluster upgrade. The add-on may be unavailable during the cluster upgrade.
                                                    
 
                                                    
-
                                                  • Node Upgrade Configuration
                                                    • Max. Nodes for Batch Upgrade: You can configure the maximum number of nodes to be upgraded in a batch.
                                                      Node pools will be upgraded in sequence. Nodes in node pools will be upgraded in batches. One node is upgraded in the first batch, two nodes in the second batch, and the number of nodes to be upgraded in each subsequent batch increases by a power of 2 until the maximum number of nodes to be upgraded in each batch is reached. The next cluster is upgraded after the previous one is upgraded. By default, 20 nodes are upgraded in a batch, and the number can be increased to the maximum of 60.
                                                      
+
                                                    • Node Upgrade Configuration
                                                      • Max. Nodes for Batch Upgrade: You can configure the maximum number of nodes to be upgraded in a batch.
                                                        Node pools will be upgraded in sequence. Nodes in node pools will be upgraded in batches. One node is upgraded in the first batch, two nodes in the second batch, and the number of nodes to be upgraded in each subsequent batch increases by a power of 2 until the maximum number of nodes to be upgraded in each batch is reached. The next cluster is upgraded after the previous one is upgraded. By default, 20 nodes are upgraded in a batch, and the number can be increased to the maximum of 120.
                                                        
 
                                                      • Node Priority: You can customize node upgrade priorities. If the priorities are not specified, CCE will perform the upgrade based on the priorities generated by the default policy.
                                                        • Add Upgrade Priority: You can custom the priorities for upgrading node pools. If the priorities are not specified, CCE will preferentially upgrade the node pool with the least number of nodes based on the default policy.
                                                        • Add Node Priority: You can custom the priorities for upgrading nodes in a node pool. If the priorities are not specified, CCE will preferentially upgrade the node with lightest load (calculated based on the number of pods, resource request rate, and number of PVs) based on the default policy.
                                                        
 
                                                      • Scope of Node Upgrade Batches: By default, this parameter is set to a cluster, but it can be customized.
                                                        • If the scope is set to a cluster, the upgrade batch will remain unchanged throughout the entire upgrade process.
                                                        • If the scope is set to node pools, the upgrade batch will be reset for each node pool separately.
                                                        
 
                                                      
@@ -160,7 +166,7 @@
 
                                                • 
 
                                                
 
-
                                                Reference
                                                For details about how to upgrade node OSs, see Upgrading an OS.
                                                
+
                                                Helpful Links
                                                For details about how to upgrade node OSs, see Upgrading an OS.
                                                
 
                                                
 
                                                
 
                                                
diff --git a/docs/cce/umn/cce_10_0198.html b/docs/cce/umn/cce_10_0198.html
index 4df16333b..0549a8e06 100644
--- a/docs/cce/umn/cce_10_0198.html
+++ b/docs/cce/umn/cce_10_0198.html
@@ -8,7 +8,7 @@
 
                                                Notes and Constraints
                                                • ECSs can be managed.
                                                
 
                                                
 
                                                Prerequisites
                                                The cloud servers to be managed must meet the following requirements:
                                                
-
                                                • The node to be accepted must be in the Running state and not used by other clusters. In addition, the node to be accepted does not carry the CCE-Dynamic-Provisioning-Node tag.
                                                • The node to be accepted and the cluster must be in the same VPC. (If the cluster version is earlier than v1.13.10, the node to be accepted and the CCE cluster must be in the same subnet.)
                                                • Data disks must be attached to the nodes to be managed if the system components of these nodes are separately stored. A local disk (disk-intensive disk) or a data disk of at least 20 GiB can be attached to the node, and any data disks already attached cannot be smaller than 10 GiB. 
                                                • The node to be accepted has 2-core or higher CPU, 4 GiB or larger memory, and only one NIC.
                                                • Only cloud servers with the same data disk configuration can be accepted in batches for management.
                                                • If IPv6 is enabled for a cluster, only nodes in a subnet with IPv6 enabled can be accepted and managed. If IPv6 is not enabled for the cluster, only nodes in a subnet without IPv6 enabled can be accepted.
                                                • Nodes in a CCE Turbo cluster must support sub-ENIs or be bound to at least 16 ENIs. For details about the node flavors, see the node flavors that can be selected on the console when you create a node. 
                                                • Data disks that have been partitioned will be ignored during node management. Ensure that there is at least one unpartitioned data disk meeting the specifications is attached to the node.
                                                
+
                                                • The node to be accepted must be in the Running state and not used by other clusters. In addition, the node to be accepted does not carry the CCE-Dynamic-Provisioning-Node tag.
                                                • The node to be accepted and the cluster must be in the same VPC. (If the cluster version is earlier than v1.13.10, the node to be accepted and the CCE cluster must be in the same subnet.)
                                                • Data disks must be attached to the nodes to be managed if the system components of these nodes are separately stored. A local disk (disk-intensive disk) or a data disk of at least 20 GiB can be attached to the node, and any data disks already attached cannot be smaller than 10 GiB. 
                                                • The node to be accepted has 2-core or higher CPU, 4 GiB or larger memory, and only one NIC.
                                                • Only cloud servers with the same data disk configuration can be accepted in batches for management.
                                                • If IPv6 is enabled for a cluster, only nodes in a subnet with IPv6 enabled can be accepted and managed. If IPv6 is not enabled for the cluster, only nodes in a subnet without IPv6 enabled can be accepted.
                                                • Nodes in a CCE Turbo cluster must support sub-ENIs or be bound to at least 16 ENIs. For details about the node flavors, see the options provided on the console when you create a node. 
                                                • Data disks that have been partitioned will be ignored during node management. Ensure that there is at least one unpartitioned data disk meeting the specifications is attached to the node.
                                                
 
                                                
 
                                                Procedure
                                                1. Log in to the CCE console and go to the cluster where the node to be accepted resides.
                                                2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab and then Accept Node in the upper right corner.
                                                3. Specify node parameters.
                                                  Configurations
                                                  
 
@@ -76,10 +76,9 @@
 
                                                
 
                                                Data Disk
                                                
 
                                                At least one data disk is required for the container runtime and kubelet components in clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.
                                                
-
                                                In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, if System Component Storage is set to System Disk, you have the option not to add the default data disk.
                                                
-
                                                Click Expand to configure Data Disk Space Allocation, which is used to allocate space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Space Allocation of a Data Disk.
                                                
-
                                                For other data disks, a raw disk is created without any processing by default. You can also click Expand and select Mount Disk to mount the data disk to a specified directory. 
                                                
+
                                                • At least one default data disk must be added for storing container runtime and kubelet components if System Component Storage is set to Data Disk. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable. This function is available for clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0.
                                                • If System Component Storage is set to System Disk, you do not need to add a default data disk. In this case, all data disks are common ones: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB. This function is available for clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later versions.
                                                
+
                                                Click Expand to configure Data Disk Space Allocation. This allocates space for container engines, images, and ephemeral storage to ensure their proper running. For details about how to allocate data disk space, see Space Allocation of a Data Disk.
                                                
+
                                                For other data disks, a raw disk is created without any processing by default. You can also click Expand and select Mount Disk to mount the data disk to a specified directory. Data disks can also be used as local PVs or local EVs.
                                                
                                                 		
 
                                                
 
                                                Resource Tag
                                                
                                                 		
 
                                                You can add resource tags to classify resources. A maximum of eight resource tags can be added.
                                                
-
                                                You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                
+
                                                You can create predefined tags on the TMS console. These tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                
 
                                                CCE will automatically create the "CCE-Dynamic-Provisioning-Node=Node ID" tag.
                                                
                                                 		
 
                                                
 
                                                
 
                                                
-
                                              • Click Next: Confirm and click Submit.
                                                • 
+
                                              • Click Next: Confirm. Click Submit.
                                                • 
 
                                                
 
                                                
 
                                                
diff --git a/docs/cce/umn/cce_10_0201.html b/docs/cce/umn/cce_10_0201.html
index 8a410bfa9..6c5fca691 100644
--- a/docs/cce/umn/cce_10_0201.html
+++ b/docs/cce/umn/cce_10_0201.html
@@ -2,10 +2,10 @@
 
 
                                                Monitoring Custom Metrics on AOM
                                                
 
                                                CCE allows you to upload custom metrics to AOM. ICAgent on a node periodically calls the metric monitoring API configured on a workload to read monitoring data and then uploads the data to AOM.
                                                
-
                                                Figure 1 Using ICAgent to collect monitoring metrics
                                                
+
                                                Figure 1 Using ICAgent to collect monitoring metrics
                                                
 
                                                The custom metric API of a workload can be configured when the workload is created. The following procedure uses an Nginx application as an example to describe how to report custom metrics to AOM.
                                                
 
                                                1. Preparing an Application
                                                  Prepare an application image. The application must provide a metric monitoring API for ICAgent to collect data, and the monitoring data must comply with the Prometheus specifications.
                                                  
-
                                                2. Deploying Applications and Converting Nginx Metrics
                                                  Use the application image to deploy a workload in a cluster. Custom metrics are automatically reported.
                                                  
+
                                                3. Deploying Applications and Converting Nginx Metrics
                                                  Use the application image to deploy a workload in a cluster. Custom metrics will be automatically reported.
                                                  
 
                                                4. Verification
                                                  Go to AOM to check whether the custom metrics are successfully collected.
                                                  
 
                                                
 
                                                Constraints
                                                • The ICAgent is compatible with the monitoring data specifications of Prometheus. The custom metrics provided by pods can be collected by the ICAgent only when they meet the monitoring data specifications of Prometheus. For details, see Prometheus Monitoring Data Collection.
                                                • The ICAgent supports only Gauge metrics.
                                                • The interval for the ICAgent to call the custom metric API is 1 minute, which cannot be changed.
                                                
@@ -58,12 +58,13 @@ ADD nginx.conf /etc/nginx/nginx.conf
 EXPOSE 80
 CMD ["nginx", "-g", "daemon off;"]
 
                                                
-
                                              • Use this Dockerfile to create an image and upload it to SWR. The image name is nginx:exporter. 
                                                1. In the navigation pane, choose My Images. In the upper right corner, click Upload Through Client. In the displayed dialog box, click Generate a temporary login command. Then, click  to copy the command.
                                                2. Run the login command copied in the previous step on the node. If the login is successful, the message "Login Succeeded" is displayed.
                                                3. Run the following command to build an image named nginx. The image version is exporter.
                                                  docker build -t nginx:exporter .
                                                  
+
                                                4. Use this Dockerfile to create an image and upload it to SWR. The image name is nginx:exporter. 
                                                  1. In the navigation pane, choose My Images. In the upper right corner, click Upload Through Client. In the displayed dialog box, click Generate a temporary login command. Then, click  to copy the command.
                                                  2. Run the login command copied in the previous step on the node. If the login is successful, the message "Login Succeeded" is displayed.
                                                  3. Run the following command to build an image named nginx. The image version is exporter.
                                                    docker build -t nginx:exporter .
                                                    
 
                                                  4. Tag the image and upload it to the image repository. Change the image repository address and organization name based on your requirements.
                                                    docker tag nginx:exporter {swr-address}/{group}/nginx:exporter
 docker push {swr-address}/{group}/nginx:exporter
                                                    
 
                                                  
-
                                                5. View application metrics.
                                                  1. Use nginx:exporter to create a workload.
                                                  2. Access the container and use http://<ip_address>:8080/stub_status to obtain nginx monitoring data. <ip_address> indicates the IP address of the container. Information similar to the following is displayed.
                                                    # curl http://127.0.0.1:8080/stub_status
-Active connections: 3 
+
                                                  3. View application metrics.
                                                    1. Use nginx:exporter to create a workload.
                                                    2. Log in to the container and obtain the Nginx monitoring data through http://<ip_address>:8080/stub_status. <ip_address> indicates the IP address of the container.
                                                      curl http://127.0.0.1:8080/stub_status
                                                      
+
                                                      The command output is as follows:
                                                      
+
                                                      Active connections: 3 
 server accepts handled requests
  146269 146269 212 
 Reading: 0 Writing: 1 Waiting: 2
                                                      
@@ -71,7 +72,7 @@ Reading: 0 Writing: 1 Waiting: 2
 
                                                    
 
                                                • 
 
                                                Deploying Applications and Converting Nginx Metrics
                                                The format of the monitoring data provided by nginx:exporter does not meet the requirements of Prometheus. Convert the data format to the format required by Prometheus. To convert the format of Nginx metrics, use nginx-prometheus-exporter, as shown in the following figure.
                                                
-
                                                Figure 2 Using exporter to convert the data format
                                                
+
                                                Figure 2 Using exporter to convert the data format
                                                
 
                                                Deploy nginx:exporter and nginx-prometheus-exporter in the same pod.
                                                
 
                                                kind: Deployment
 apiVersion: apps/v1
@@ -114,14 +115,15 @@ spec:
 
                                                In addition, add an annotation metrics.alpha.kubernetes.io/custom-endpoints: '[{"api":"prometheus","path":"/metrics","port":"9113","names":""}]' to the pod.
                                                
 
                                                
 
                                                Verification
                                                After an application is deployed, you can access Nginx to construct some access data and check whether the corresponding monitoring data can be obtained in AOM.
                                                
-
                                                1. Obtain the pod name of Nginx.
                                                  $ kubectl get pod
-NAME                              READY   STATUS    RESTARTS   AGE
+
                                                  1. Obtain the pod name of Nginx.
                                                    kubectl get pod
                                                    
+
                                                    The command output is as follows:
                                                    
+
                                                    NAME                              READY   STATUS    RESTARTS   AGE
 nginx-exporter-78859765db-6j8sw   2/2     Running   0          4m
                                                    
-
                                                  2. Log in to the container and run commands to access Nginx.
                                                    $ kubectl exec -it nginx-exporter-78859765db-6j8sw -- /bin/sh
-Defaulting container name to container-0.
-Use 'kubectl describe pod/nginx-exporter-78859765db-6j8sw -n default' to see all of the containers in this pod.
-/ # curl http://localhost
-<!DOCTYPE html>
+
                                                  3. Run the following command to log in to the container:
                                                    kubectl exec -it nginx-exporter-78859765db-6j8sw -- /bin/sh
                                                    
+
                                                    Run the following command to access Nginx:
                                                    
+
                                                    curl http://localhost
                                                    
+
                                                    The command output is as follows:
                                                    
+
                                                    <!DOCTYPE html>
 <html>
 <head>
 <title>Welcome to nginx!</title>
@@ -150,7 +152,7 @@ Commercial support is available at
 
                                                
 
                                                
 
                                                
-
                                                Parent topic: Best Practices
                                                
+
                                                Parent topic: O&M Best Practices
                                                
 
                                                
 
                                                
 
diff --git a/docs/cce/umn/cce_10_0205.html b/docs/cce/umn/cce_10_0205.html
index 5edfbbb4f..c2d7ca930 100644
--- a/docs/cce/umn/cce_10_0205.html
+++ b/docs/cce/umn/cce_10_0205.html
@@ -1,13 +1,13 @@
 
 
 
                                                Kubernetes Metrics Server
                                                
-
                                                From version 1.8 onwards, Kubernetes provides resource usage metrics, such as the container CPU and memory usage, through the Metrics API. These metrics can be directly accessed by users (for example, by using the kubectl top command) or used by controllers (for example, Horizontal Pod Autoscaler) in a cluster for decision-making. The specific component is metrics-server, which is used to substitute for heapster for providing the similar functions. heapster has been gradually abandoned since v1.11.
                                                
+
                                                From version 1.8 onwards, Kubernetes provides resource usage metrics, such as the container CPU and memory usage, through the Metrics API. These metrics can be directly accessed by users (for example, by using the kubectl top command) or used by controllers (for example, Horizontal Pod Autoscaler) in a cluster for decision-making. The specific component is metrics-server, which is used to substitute for Heapster for providing the similar functions. Heapster has been gradually abandoned since v1.11.
                                                
 
                                                metrics-server is an aggregator for monitoring data of core cluster resources. You can quickly install this add-on on the CCE console.
                                                
 
                                                After installing this add-on, you can create HPA policies. For details, see Creating an HPA Policy.
                                                
 
                                                The official community project and documentation are available at https://github.com/kubernetes-sigs/metrics-server.
                                                
-
                                                Installing the Add-on
                                                1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate Kubernetes Metrics Server on the right, and click Install.
                                                2. On the Install Add-on page, configure the specifications as needed.
                                                  • If you selected Preset, you can choose between Small or Large as needed. The system will automatically set the number of add-on pods and resource quotas according to the preset specifications. You can see the configurations on the console.
                                                    With the Small option selected, the add-on lacks HA capabilities, while with the Large option selected, the add-on has HA capabilities. However, deploying multiple pods requires more compute resources.
                                                    
+
                                                    Installing the Add-on
                                                    1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate Kubernetes Metrics Server on the right, and click Install.
                                                    2. On the Install Add-on page, configure the specifications as needed.
                                                      • If you selected Preset, you can choose between Small or Large as needed. The system will automatically set the number of add-on pods and resource quotas according to the preset specifications. You can see the configurations on the console.
                                                        The smaller specification lacks HA capabilities, while the large specification has them. However, deploying multiple pods requires more compute resources.
                                                        
 
                                                      • If you selected Custom, you can adjust the number of pods and resource quotas as needed. High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.
                                                      
-
                                                    3. Configure deployment policies for the add-on pods.
                                                       
                                                      • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                                      • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                                      
+
                                                    4. Configure deployment policies for the add-on pods.
                                                       
                                                      • Scheduling policies do not take effect on add-on pods of the DaemonSet type.
                                                      • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                                      
 
                                                      
 
 
                                                      
-
-
@@ -70,7 +70,21 @@
 
-
+
+
+
+
+
-
@@ -94,7 +108,7 @@
 
                                                      v1.28
                                                      v1.29
                                                      
-
@@ -120,7 +134,7 @@
 
                                                      v1.27
                                                      v1.28
                                                      
-
@@ -157,7 +171,7 @@
 
                                                      v1.23
                                                      v1.25
                                                      
-
@@ -168,7 +182,7 @@
 
                                                      v1.21
                                                      v1.23
                                                      
-
@@ -180,7 +194,7 @@
 
                                                      v1.19
                                                      v1.21
                                                      
-
diff --git a/docs/cce/umn/cce_10_0208.html b/docs/cce/umn/cce_10_0208.html
index dd3daebc6..451c15342 100644
--- a/docs/cce/umn/cce_10_0208.html
+++ b/docs/cce/umn/cce_10_0208.html
@@ -2,7 +2,7 @@
 
 
                                                      Creating an HPA Policy
                                                      Horizontal Pod Autoscaling (HPA) in Kubernetes implements horizontal scaling of pods. In a CCE HPA policy, you can configure different cooldown time windows and scaling thresholds for different applications based on the Kubernetes HPA.
                                                      
-
                                                      Prerequisites
                                                      To use HPA, install an add-on that provides metrics APIs. Select one of the following add-ons based on your cluster version and service requirements.
                                                      • Kubernetes Metrics Server: provides basic resource usage metrics, such as container CPU and memory usage. It is supported by all cluster versions.
                                                      • Cloud Native Cluster Monitoring: available only in clusters of v1.17 or later.
+
                                                        Prerequisites
                                                        To use HPA, install an add-on that provides metrics APIs. Select one of the following add-ons based on your cluster version and service requirements.
 
                                                        
 
                                                        
diff --git a/docs/cce/umn/cce_10_0209.html b/docs/cce/umn/cce_10_0209.html
index a6b26c581..faaac3687 100644
--- a/docs/cce/umn/cce_10_0209.html
+++ b/docs/cce/umn/cce_10_0209.html
@@ -2,14 +2,14 @@
 
 
                                                        Creating a Node Scaling Policy
                                                        
 
                                                        CCE provides auto scaling through the CCE Cluster Autoscaler add-on. Nodes with different flavors can be automatically added across AZs on demand.
                                                        
-
                                                        If both a node scaling policy and the configuration in the Autoscaler add-on take effect, for example, there are pods that cannot be scheduled and the value of a metric reaches the threshold, scale-out is performed first for the unschedulable pods.
                                                        
+
                                                        If both a node scaling policy and the configuration in the Autoscaler add-on take effect, for example, there are pods that cannot be scheduled and a metric value exceeds the threshold, a scale-out will be performed first for the unschedulable pods.
                                                        
 
                                                        • If the scale-out succeeds for the unschedulable pods, the system skips the metric-based rule logic and enters the next loop.
                                                        • If the scale-out fails for the unschedulable pods, the metric-based rule is executed.
                                                        
 
                                                        Prerequisites
                                                        Before using the node scaling function, you must install the CCE Cluster Autoscaler add-on of v1.13.8 or later in the cluster.
                                                        
 
                                                        
-
                                                        Notes and Constraints
                                                        • If there are no nodes in a node pool, Autoscaler cannot obtain the CPU or memory data of the node, and the node scaling rule triggered using these metrics will not take effect.
                                                        • If the driver of a GPU node is not installed, Autoscaler determines that the node is not fully available and the node scaling rules triggered using the CPU or memory metrics will not take effect.
                                                        • When Autoscaler is used, some taints or annotations may affect auto scaling. Therefore, do not use the following taints or annotations in clusters:
                                                          • ignore-taint.cluster-autoscaler.kubernetes.io: The taint works on nodes. Kubernetes-native Autoscaler supports protection against abnormal scale outs and periodically evaluates the proportion of available nodes in the cluster. When the proportion of non-ready nodes exceeds 45%, protection will be triggered. In this case, all nodes with the ignore-taint.cluster-autoscaler.kubernetes.io taint in the cluster are filtered out from the Autoscaler template and recorded as non-ready nodes, which affects cluster scaling.
                                                          • cluster-autoscaler.kubernetes.io/enable-ds-eviction: The annotation works on pods, which determines whether DaemonSet pods can be evicted by Autoscaler. For details, see Well-Known Labels, Annotations and Taints.
                                                          
+
                                                          Notes and Constraints
                                                          • If there are no nodes in a node pool, Autoscaler cannot obtain the CPU or memory data of the node, and the node scaling rule triggered using these metrics will not take effect.
                                                          • If the driver of a GPU node is not installed, Autoscaler will determine that the node is not fully available and the node scaling rules triggered using the CPU or memory metrics will not take effect.
                                                          • When CCE Cluster Autoscaler is used, some taints or annotations may affect auto scaling. Therefore, do not use the following taints or annotations in clusters:
                                                            • ignore-taint.cluster-autoscaler.kubernetes.io: The taint works on nodes. Kubernetes-native Autoscaler supports protection against abnormal scale-outs and periodically evaluates the proportion of available nodes in the cluster. When the proportion of non-ready nodes exceeds 45%, protection will be triggered. In this case, all nodes with the ignore-taint.cluster-autoscaler.kubernetes.io taint in the cluster are filtered out from the Autoscaler template and recorded as non-ready nodes, which affect cluster scaling.
                                                            • cluster-autoscaler.kubernetes.io/enable-ds-eviction: The annotation works on pods, which determines whether DaemonSet pods can be evicted by Autoscaler. For details, see Well-Known Labels, Annotations and Taints.
                                                            
 
                                                          
 
                                                          
-
                                                          Configuring Node Pool Scaling Policies
                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                          2. In the navigation pane, choose Nodes. On the Node Pools tab, locate the row containing the target node pool and click Auto Scaling.
                                                            • If Autoscaler has not been installed, configure add-on parameters based on service requirements, click Install, and wait until the add-on is installed. For details about add-on configurations, see CCE Cluster Autoscaler.
                                                            • If Autoscaler has been installed, directly configure scaling policies.
                                                            
+
                                                            Configuring Node Pool Scaling Policies
                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                            2. In the navigation pane, choose Nodes. On the Node Pools tab, locate the row containing the target node pool and click Auto Scaling.
                                                              • If Autoscaler has not been installed, configure add-on parameters based on service requirements, click Install, and wait until the add-on is installed. For details about add-on configurations, see CCE Cluster Autoscaler.
                                                              • If Autoscaler has been installed, directly configure scaling policies.
                                                              
 
                                                            3. Configure auto scaling policies.
                                                              AS Configuration
                                                              
 
                                                              • Customized Rule: Click Add Rule. In the dialog box displayed, configure parameters. You can add multiple node scaling policies, a maximum of one CPU usage-based rule, and one memory usage-based rule. The total number of rules cannot exceed 10.
                                                                The following table lists custom rules.
 
                                                      Table 1 Configurations for add-on scheduling
                                                      Parameter
                                                      
@@ -18,12 +18,12 @@
 
                                                      
 
                                                      Multi-AZ Deployment
                                                      
 
                                                      • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                                      • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                                      • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                                                      
+
                                                      • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                                      • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                                      • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                                                      
                                                       		
 
                                                      
 
                                                      Node Affinity
                                                      
 
                                                      • Not configured: Node affinity is disabled for the add-on.
                                                      • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                      • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                      • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                        If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                                        
+
                                                      • Not configured: Node affinity is disabled for the add-on.
                                                      • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                      • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pools, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                      • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                        If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                                        
 
                                                      
                                                       		
 
                                                      
 
 
                                                      1.3.68
                                                      
+
                                                      1.3.90
                                                      
+
                                                      v1.25
                                                      
+
                                                      v1.27
                                                      
+
                                                      v1.28
                                                      
+
                                                      v1.29
                                                      
+
                                                      v1.30
                                                      
+
                                                      v1.31
                                                      
+
                                                      CCE clusters v1.31 are supported.
                                                      
+
                                                      0.6.2
                                                      
+
                                                      1.3.68
                                                      
                                                       		
 
                                                      v1.21
                                                      
 
                                                      v1.23
                                                      
@@ -80,7 +94,7 @@
 
                                                      v1.29
                                                      
 
                                                      v1.30
                                                      
 
                                                      CCE clusters 1.30 are supported.
                                                      
+
                                                      CCE clusters v1.30 are supported.
                                                      
                                                       		
 
                                                      0.6.2
                                                      
                                                       		
 
 
                                                      CCE clusters 1.29 are supported.
                                                      
+
                                                      CCE clusters v1.29 are supported.
                                                      
                                                       		
 
                                                      0.6.2
                                                      
                                                       		
 
 
                                                      CCE clusters 1.28 are supported.
                                                      
+
                                                      CCE clusters v1.28 are supported.
                                                      
                                                       		
 
                                                      0.6.2
                                                      
                                                       		
 
 
                                                      CCE clusters 1.25 are supported.
                                                      
+
                                                      CCE clusters v1.25 are supported.
                                                      
                                                       		
 
                                                      0.6.2
                                                      
                                                       		
 
 
                                                      CCE clusters 1.23 are supported.
                                                      
+
                                                      CCE clusters v1.23 are supported.
                                                      
                                                       		
 
                                                      0.4.4
                                                      
                                                       		
 
 
                                                      CCE clusters 1.21 are supported.
                                                      
+
                                                      CCE clusters v1.21 are supported.
                                                      
                                                       		
 
                                                      0.4.4
                                                      
                                                       		
 
                                                      Table 1 Custom rules
                                                      Rule Type
                                                      
@@ -45,34 +45,103 @@
 
 
                                                    5. View cluster-level auto scaling configurations, which take effect for all node pools in the cluster. On this page, you can only view cluster-level auto scaling policies. To modify these policies, go to the Settings page. For details, see Configuring an Auto Scaling Policy for a Cluster.
                                                    6. Click OK.
                                                      7. 
 
-
                                                      Configuring an Auto Scaling Policy for a Cluster
                                                       
                                                      An auto scaling policy takes effect on all node pools in a cluster. After the policy is modified, the Autoscaler add-on will be restarted.
                                                      
+
                                                      Configuring an Auto Scaling Policy for a Cluster
                                                       
                                                      An auto scaling policy applies to all node pools in a cluster. After the policy is modified, the Autoscaler add-on will be restarted.
                                                      
 
                                                      
 
                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                      2. In the navigation pane, choose Settings and click the Auto Scaling tab.
                                                        • If Autoscaler has not been installed, configure add-on parameters based on service requirements, click Install, and wait until the add-on is installed. For details about add-on configurations, see CCE Cluster Autoscaler.
                                                        • If Autoscaler has been installed, directly configure scaling policies.
                                                        
-
                                                      3. Configure for an elastic scale-out.
                                                        • Auto Scale-out when the load cannot be scheduled: When workload pods in a cluster cannot be scheduled (pods remain in pending state), CCE automatically adds nodes to the slave node pool. If a pod has been scheduled to a node, the node will not be involved in an automatic scale-out. Such auto scaling typically works with an HPA policy. For details, see Using HPA and CA for Auto Scaling of Workloads and Nodes.
                                                          If this function is not enabled, custom scaling rules are the only option for performing a scale-out.
                                                          
+
                                                        • Configure auto scale-out.
                                                          • Auto Scale-out when the load cannot be scheduled: When workload pods in a cluster cannot be scheduled (pods remain in pending state), CCE automatically adds nodes to the slave node pool. If a pod has been scheduled to a node, the node will not be involved in an automatic scale-out. Such auto scaling typically works with an HPA policy. For details, see Using HPA and CA for Auto Scaling of Workloads and Nodes.
                                                            If this function is not enabled, custom scaling rules are the only option for performing a scale-out.
                                                            
 
                                                          • Upper limit of resources to be expanded: the upper limit for the cluster's resources, such as the number of nodes, CPU cores, and memory. Once this limit is reached, no new nodes will be automatically added.
                                                          • Scale-Out Priority: You can drag and drop the node pools in a list to adjust their scale-out priorities.
                                                          
-
                                                        • Configure for an elastic scale-in. Elastic scale-in is disabled by default. After it is enabled, the following configurations are supported:
                                                          Node Scale-In Conditions: Nodes in a cluster are automatically scaled in when the scale-in conditions are met.
                                                          • Node Resource Condition: When the requested cluster node resources (both CPU and memory) are lower than a certain percentage (50% by default) for a period of time (10 minutes by default), a cluster scale-in is triggered.
                                                          • Node Status Condition: If a node is unavailable for a specified period of time, the node will be automatically reclaimed. The default value is 20 minutes.
                                                          • Scale-in Exception Scenarios: When a node meets the following exception scenarios, CCE will not scale in the node even if the node resources or status meets scale-in conditions:
                                                            1. Resources on other nodes in the cluster are insufficient.
                                                            2. Scale-in protection is enabled on the node. To enable or disable node scale-in protection, choose Nodes in the navigation pane and then click the Nodes tab. Locate the target node, choose More, and then enable or disable node scale-in protection in the Operation column.
                                                            3. There is a pod with the non-scale label on the node.
                                                            4. Policies such as reliability have been configured on some containers on the node.
                                                            5. There are non-DaemonSet containers in the kube-system namespace on the node.
                                                            6. (Optional) A container managed by a third-party pod controller is running on a node. Third-party pod controllers are for custom workloads except Kubernetes-native workloads such as Deployments and StatefulSets. Such controllers can be created using CustomResourceDefinitions.
                                                            
-
                                                          
+
                                                        • Configure auto scale-in. Auto scale-in is disabled by default. After it is enabled, you can configure Node Scale-In Conditions and Node Scale-In Policy. If the nodes in the cluster meet the scale-in conditions, the node are removed automatically.
                                                          Node Scale-In Conditions
                                                          
+
                                                          Nodes in a cluster comply with the default scale-in conditions by default. If scale-in conditions are customized for a node pool, the nodes in the node pool comply with the customized scale-in conditions.
                                                          
+
+
                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                          Table 2 Node scale-in conditions
                                                          Parameter
                                                          
+
                                                          Description
                                                          
+
                                                          Default Scale-In Conditions
                                                          
+
                                                          If the CPU and memory allocation rates of a node are lower than a certain percentage (50% by default) for a period of time (10 minutes by default), or the node is unavailable for a period of time (20 minutes by default), the node will be scaled in.
                                                          
+
                                                          Allocation rate = Total requested resources of all pods/Allocatable resources on the node
                                                          
+
                                                          If the option Ignore the pre-allocated CPU and memory of the DaemonSet container is selected, CCE will not consider the CPU and memory resources pre-allocated to DaemonSet pods when determining whether to scale in cluster nodes. This means that the resources used by DaemonSet pods will not affect the scaling-in decision. If this option is not selected, the resources pre-allocated to DaemonSet pods will be included in the resource allocation calculations. This can cause the CPU and memory allocation rates to exceed the node scale-in threshold, potentially preventing nodes with low CPU and memory utilization from being scaled in.
                                                          
+
                                                          (Optional) Custom Scale-In Conditions
                                                          
+
                                                          You can configure scale-in conditions for each node pool. If the CPU and memory allocation rates of nodes in a node pool are lower than a certain percentage (50% by default) for a period of time (10 minutes by default), the node pool will be scaled in.
                                                          
+
                                                          Custom scale-in conditions are supported when the CCE Cluster Autoscaler add-on version is 1.25.181, 1.27.152, 1.28.120, 1.29.81, 1.30.48, 1.31.10, or later. If auto scaling is not enabled for all specifications in a node pool, custom scale-in conditions configured for the node pool do not take effect. For details about how to enable auto scaling for a node pool, see Configuring Node Pool Scaling Policies.
                                                          
+
                                                          Scale-in Exception Scenarios
                                                          
+
                                                          When a node meets the following exception scenarios, CCE will not scale in the node even if the node resources or status meets scale-in conditions:
                                                          • Resources on other nodes in the cluster are insufficient.
                                                          • Scale-in protection is enabled on the node. To enable or disable node scale-in protection, choose Nodes in the navigation pane and then click the Nodes tab. Locate the target node, choose More, and then enable or disable node scale-in protection in the Operation column.
                                                          • There is a pod with the non-scale label on the node.
                                                          • Policies such as reliability have been configured on some containers on the node.
                                                          • There are non-DaemonSet containers in the kube-system namespace on the node.
                                                          • (Optional) A container managed by a third-party pod controller is running on a node. Third-party pod controllers are for custom workloads except Kubernetes-native workloads such as Deployments and StatefulSets. Such controllers can be created using CustomResourceDefinitions.
                                                          
 
                                                          
-
                                                          Node Scale-in Policy
                                                          • Number of Concurrent Scale-In Requests: maximum number of idle nodes that can be concurrently deleted. Default value: 10.
                                                            Only idle nodes can be concurrently scaled in. Nodes that are not idle can only be scaled in one by one.
                                                             
                                                            During a node scale-in, if the pods on the node do not need to be evicted (such as DaemonSet pods), the node is idle. Otherwise, the node is not idle.
                                                            
-
                                                            
+
                                                          
 
                                                          
-
                                                        • Node Recheck Timeout: interval for rechecking a node that could not be removed. Default value: 5 minutes.
                                                        • Cooldown Time
                                                          • Scale-in Cooldown Time After Node Deletion: cooldown period for starting scale-in evaluation again after an auto scale-in is triggered in a cluster. Default value: 10 minutes.
                                                          • Scale-in Cooldown Time After Scale-out: cooldown period for starting scale-in evaluation again after an auto scale-out is triggered in a cluster. Default value: 10 minutes.
                                                             
                                                            If both auto scale-out and scale-in exist in a cluster, set Scale-in Cooldown Time After Scale-out to 0 minutes. This prevents the node scale-in from being blocked due to continuous scale-out of some node pools or retries upon a scale-out failure, which results in unexpected waste of node resources.
                                                            
+
                                                            Node Scale-in Policy
                                                            
+
+
                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                            Table 3 Node scale-in policy configurations
                                                            Item
                                                            
+
                                                            Description
                                                            
+
                                                            Default Value
                                                            
+
                                                            Number of Concurrent Scale-In Requests
                                                            
+
                                                            Maximum number of idle nodes that can be deleted concurrently.
                                                            
+
                                                            Only idle nodes can be concurrently scaled in. Nodes that are not idle can only be scaled in one by one.
                                                            
+
                                                             NOTE: 
                                                            During a node scale-in, if the pods on the node do not need to be evicted (such as DaemonSet pods), the node is idle. Otherwise, the node is not idle.
                                                            
 
                                                            
-
                                                          • Scale-in Cooldown Time After Failure: cooldown period for starting scale-in evaluation again after an auto scale-in is failed in a cluster. Default value: 3 minutes. For details, see Cooldown Period.
                                                            • 
-
+
                                                            10
                                                            
+
                                                            Node Recheck Timeout
                                                            
+
                                                            Interval at which a node can be checked again after it is determined that the node cannot be scaled in
                                                            
+
                                                            5 minutes
                                                            
+
                                                            Cooldown Time
                                                            
+
                                                            Cooldown period for starting scale-in evaluation again after auto scale-in is triggered in a cluster
                                                            
+
                                                             NOTE: 
                                                            If both auto scale-out and scale-in exist in a cluster, set this parameter to 0 minutes. This prevents the node scale-in from being blocked due to continuous scale-out of some node pools or retries upon a scale-out failure, which results in unexpected waste of node resources.
                                                            
+
                                                            
+
                                                            10 minutes
                                                            
+
                                                            Cooldown period for starting scale-in evaluation again after auto scale-out is triggered in a cluster
                                                            
+
                                                            10 minutes
                                                            
+
                                                            Cooldown period for starting scale-in evaluation again after auto scale-in triggered in a cluster failed
                                                            
+
                                                            3 minutes
                                                            
+
                                                            
 
                                                            
 
                                                          • Click Confirm configuration.
                                                      
 
                                                      
-
                                                      Cooldown Period
                                                      The impact and relationship between the two cooldown periods configured for a node pool are as follows:
                                                      
+
                                                      Cooldown Period
                                                      The impact and relationship between the two cooldown periods configured for a node pool are as follows:
                                                      
 
                                                      Cooldown Period During a Scale-out
                                                      
 
                                                      This interval indicates the period during which nodes added to the current node pool after a scale-out cannot be deleted. This setting takes effect in the entire node pool.
                                                      
 
                                                      Cooldown Period During a Scale-in
                                                      
-
                                                      The interval after a scale-out indicates the period during which the entire cluster cannot be scaled in after the Autoscaler add-on triggers a scale-out (due to the unschedulable pods, metrics, and scaling policies). This interval takes effect in the entire cluster.
                                                      
-
                                                      The interval after a node is deleted indicates the period during which the cluster cannot be scaled in after the Autoscaler add-on triggers a scale-in. This setting takes effect in the entire cluster.
                                                      
-
                                                      The interval after a failed scale-in indicates the period during which the cluster cannot be scaled in after the Autoscaler add-on triggers a scale-in. This setting takes effect in the entire cluster.
                                                      
+
                                                      The interval after a scale-out indicates the period during which the entire cluster cannot be scaled in after the Autoscaler add-on triggers a scale-out (due to the unschedulable pods, metrics, or scaling policies). This interval applies to the entire cluster.
                                                      
+
                                                      The interval after a node is deleted indicates the period during which the cluster cannot be scaled in after the Autoscaler add-on triggers a scale-in. This setting applies to the entire cluster.
                                                      
+
                                                      The interval after a failed scale-in indicates the period during which the cluster cannot be scaled in after the Autoscaler add-on triggers a scale-in. This setting applies to the entire cluster.
                                                      
 
                                                      
 
                                                      Period for Autoscaler to Retry a Scale-out
                                                      If a node pool failed to scale out, for example, due to insufficient quota, or an error occurred during node installation, Autoscaler can retry the scale-out in the node pool or switch to another node pool. The retry period varies depending on failure causes:
                                                      
-
                                                      • When the user quota is insufficient, Autoscaler cools down the node pool for 5 minutes, 10 minutes, or 20 minutes. The maximum cooldown duration is 30 minutes. Then, Autoscaler switches to another node pool for a scale-out in the next 10 seconds until the expected node is added or all node pools are cooled down.
                                                      • If an error occurred during node installation in a node pool, the node pool enters a 5-minute cooldown period. After the period expires, Autoscaler can trigger a node pool scale-out again. If the faulty node is automatically reclaimed, Cluster Autoscaler re-evaluates the cluster status within 1 minute and triggers a node pool scale-out as needed.
                                                      • During a node pool scale-out, if a node remains in the installing state for a long time, Cluster Autoscaler tolerates the node for a maximum of 15 minutes. After the tolerance period expires, Cluster Autoscaler re-evaluates the cluster status and triggers a node pool scale-out as needed.
                                                      
+
                                                      • When the user quota is insufficient, Autoscaler cools down the node pool for 5 minutes, 10 minutes, or 20 minutes. The maximum cooldown duration is 30 minutes. Then, Autoscaler switches to another node pool in the next 10 seconds for a scale-out until the expected nodes are added or all node pools have cooled down.
                                                      • If an error occurred during node installation in a node pool, the node pool enters a 5-minute cooldown period. After the period expires, Autoscaler can trigger a node pool scale-out again. If the faulty node is automatically reclaimed, Autoscaler re-evaluates the cluster status within 1 minute and triggers a node pool scale-out as needed.
                                                      • During a node pool scale-out, if a node remains in the installing state for a long time, Autoscaler tolerates the node for a maximum of 15 minutes. After the tolerance period expires, Autoscaler re-evaluates the cluster status and triggers a node pool scale-out as needed.
                                                      
 
                                                      
 
                                                      Example YAML
                                                      The following is a YAML example of a node scaling policy:
                                                      
 
                                                      apiVersion: autoscaling.cce.io/v1alpha1
@@ -108,131 +177,131 @@ spec:
   - 7d48eca7-3419-11ea-bc29-0255ac1001a8
                                                      
 
                                                      
 
-
                                                      Table 2 Key parameters
                                                      Parameter
                                                      
+
                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0210.html b/docs/cce/umn/cce_10_0210.html
index 180822263..7b01cc1d7 100644
--- a/docs/cce/umn/cce_10_0210.html
+++ b/docs/cce/umn/cce_10_0210.html
@@ -49,7 +49,7 @@
 
                                                    7. Mount the storage again.
                                                      Remount the existing storage in the workload. For details, see Using an Existing OBS Bucket Through a Static PV or Using an Existing SFS Turbo File System Through a Static PV.
                                                      
 
                                                    8. Create a Service in the new cluster.
                                                      The Service name and specifications remain unchanged. For details about how to create a Service, see Service.
                                                      
 
                                                    9. Commission services.
                                                      After all resources are created, commission the containerized services. If the commissioning is successful, migrate the services to the new cluster.
                                                      
-
                                                    10. Delete the old cluster.
                                                      When all functions of the new cluster are stable, delete the old cluster. For details about how to delete a cluster, see Deleting a Cluster.
                                                      
+
                                                    11. Delete the old cluster.
                                                      When all functions of the new cluster are stable, delete the old cluster. For details about how to delete a cluster, see Deleting a Cluster.
                                                      
 
                                                      12. 
diff --git a/docs/cce/umn/cce_10_0212.html b/docs/cce/umn/cce_10_0212.html
index 5c9a0855b..2b6ecfdf0 100644
--- a/docs/cce/umn/cce_10_0212.html
+++ b/docs/cce/umn/cce_10_0212.html
@@ -1,71 +1,69 @@
 
                                                      Deleting a Cluster
                                                      
-
                                                      Precautions
                                                      • Deleting a cluster will delete the workloads and Services in the cluster, and the deleted data cannot be recovered. Before performing this operation, ensure that related data has been backed up or migrated.
                                                      • If you choose to delete a cluster with the nodes in it, the system disks and data disks attached to the nodes will also be deleted. Back up data before the deletion.
                                                      • If you delete a cluster that is not running (for example, unavailable), associated resources, such as storage and networking resources, will remain.
                                                      
+
                                                      Precautions
                                                      • Deleting a cluster will delete the workloads and Services in the cluster, and the deleted data cannot be recovered. Before performing this operation, ensure that related data has been backed up or migrated.
                                                      • If you choose to delete a cluster with the nodes in it, the system disks and data disks attached to the nodes will also be deleted. Back up data before the deletion.
                                                      • If you delete a cluster that is not running (for example, unavailable), associated resources, such as storage and networking resources, will remain.
                                                      • A hibernated cluster can be deleted only after it is awakened.
                                                      
 
                                                      
-
                                                      Deleting a Cluster
                                                       
                                                      A hibernated cluster cannot be deleted. Wake up the cluster and try again.
                                                      
-
                                                      
-
                                                      1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                      2. Locate the cluster to be deleted, click ... to view more operations on the cluster, and choose Delete Cluster.
                                                      3. In the displayed Delete Cluster dialog box, select the resources to be released.
                                                        • Delete cloud storage resources associated with workloads in the cluster.
                                                           
                                                          When deleting underlying cloud storage resources bound to storage volumes in a cluster, pay attention to following constraints:
                                                          
+
                                                          Deleting a Cluster
                                                          1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                          2. In the cluster list on the right, locate the cluster to be deleted and click . In the drop-down list, choose Delete.
                                                          3. In the displayed Delete Cluster dialog box, select the resources to be released.
                                                            • Delete cloud storage resources associated with workloads in the cluster.
                                                               
                                                              When deleting underlying cloud storage resources bound to storage volumes in a cluster, pay attention to following constraints:
                                                              
 
                                                              • The underlying storage resources are deleted according to the reclamation policy you defined for the storage volumes. For example, if the reclamation policy of storage volumes is Retain, the underlying storage resources will be retained after the cluster is deleted.
                                                              • If there are more than 1000 files in the OBS bucket, manually clear the files and then delete the cluster.
                                                              
 
                                                              
 
                                                              If the storage volume's reclamation policy is set to Retain, the following table lists the method of deleting PVs based on their type.
-
                                                      Table 4 Key parameters
                                                      Parameter
                                                      
 
                                                      Type
                                                      
+
                                                      Type
                                                      
 
                                                      Description
                                                      
+
                                                      Description
                                                      
                                                       		
 
                                                      
 
                                                      spec.disable
                                                      
+
                                                      spec.disable
                                                      
 
                                                      Bool
                                                      
+
                                                      Bool
                                                      
 
                                                      Whether to enable the scaling policy. This parameter takes effect for all rules in the policy.
                                                      
+
                                                      Whether to enable the scaling policy. This parameter takes effect for all rules in the policy.
                                                      
                                                       		
 
                                                      spec.rules
                                                      
+
                                                      spec.rules
                                                      
 
                                                      Array
                                                      
+
                                                      Array
                                                      
 
                                                      All rules in a scaling policy.
                                                      
+
                                                      All rules in a scaling policy.
                                                      
                                                       		
 
                                                      spec.rules[x].ruleName
                                                      
+
                                                      spec.rules[x].ruleName
                                                      
 
                                                      String
                                                      
+
                                                      String
                                                      
 
                                                      Rule name.
                                                      
+
                                                      Rule name.
                                                      
                                                       		
 
                                                      spec.rules[x].type
                                                      
+
                                                      spec.rules[x].type
                                                      
 
                                                      String
                                                      
+
                                                      String
                                                      
 
                                                      Rule type. Cron and Metric are supported.
                                                      
+
                                                      Rule type. Cron and Metric are supported.
                                                      
                                                       		
 
                                                      spec.rules[x].disable
                                                      
+
                                                      spec.rules[x].disable
                                                      
 
                                                      Bool
                                                      
+
                                                      Bool
                                                      
 
                                                      Rule switch. Currently, only false is supported.
                                                      
+
                                                      Rule switch. Currently, only false is supported.
                                                      
                                                       		
 
                                                      spec.rules[x].action.type
                                                      
+
                                                      spec.rules[x].action.type
                                                      
 
                                                      String
                                                      
+
                                                      String
                                                      
 
                                                      Rule action type. Currently, only ScaleUp is supported.
                                                      
+
                                                      Rule action type. Currently, only ScaleUp is supported.
                                                      
                                                       		
 
                                                      spec.rules[x].action.unit
                                                      
+
                                                      spec.rules[x].action.unit
                                                      
 
                                                      String
                                                      
+
                                                      String
                                                      
 
                                                      Rule action unit. Currently, only Node is supported.
                                                      
+
                                                      Rule action unit. Currently, only Node is supported.
                                                      
                                                       		
 
                                                      spec.rules[x].action.value
                                                      
+
                                                      spec.rules[x].action.value
                                                      
 
                                                      Integer
                                                      
+
                                                      Integer
                                                      
 
                                                      Rule action value.
                                                      
+
                                                      Rule action value.
                                                      
                                                       		
 
                                                      spec.rules[x].cronTrigger
                                                      
+
                                                      spec.rules[x].cronTrigger
                                                      
 
                                                      N/A
                                                      
+
                                                      N/A
                                                      
 
                                                      Optional. This parameter is valid only in periodic rules.
                                                      
+
                                                      Optional. This parameter is valid only in periodic rules.
                                                      
                                                       		
 
                                                      spec.rules[x].cronTrigger.schedule
                                                      
+
                                                      spec.rules[x].cronTrigger.schedule
                                                      
 
                                                      String
                                                      
+
                                                      String
                                                      
 
                                                      Cron expression of a periodic rule.
                                                      
+
                                                      Cron expression of a periodic rule.
                                                      
                                                       		
 
                                                      spec.rules[x].metricTrigger
                                                      
+
                                                      spec.rules[x].metricTrigger
                                                      
 
                                                      N/A
                                                      
+
                                                      N/A
                                                      
 
                                                      Optional. This parameter is valid only in metric-based rules.
                                                      
+
                                                      Optional. This parameter is valid only in metric-based rules.
                                                      
                                                       		
 
                                                      spec.rules[x].metricTrigger.metricName
                                                      
+
                                                      spec.rules[x].metricTrigger.metricName
                                                      
 
                                                      String
                                                      
+
                                                      String
                                                      
 
                                                      Metric of a metric-based rule. Currently, Cpu and Memory are supported.
                                                      
+
                                                      Metric of a metric-based rule. Currently, Cpu and Memory are supported.
                                                      
                                                       		
 
                                                      spec.rules[x].metricTrigger.metricOperation
                                                      
+
                                                      spec.rules[x].metricTrigger.metricOperation
                                                      
 
                                                      String
                                                      
+
                                                      String
                                                      
 
                                                      Comparison operator of a metric-based rule. Currently, only > is supported.
                                                      
+
                                                      Comparison operator of a metric-based rule. Only > is supported.
                                                      
                                                       		
 
                                                      spec.rules[x].metricTrigger.metricValue
                                                      
+
                                                      spec.rules[x].metricTrigger.metricValue
                                                      
 
                                                      String
                                                      
+
                                                      String
                                                      
 
                                                      Threshold of the metric rule. The value can be an integer ranging from 1 to 100 and must be a character. If the value is set to -1, the threshold is automatically calculated.
                                                      
+
                                                      Threshold of the metric rule. The value can be an integer ranging from 1 to 100 and must be a character. If the value is set to -1, the threshold is automatically calculated.
                                                      
                                                       		
 
                                                      spec.rules[x].metricTrigger.Unit
                                                      
+
                                                      spec.rules[x].metricTrigger.Unit
                                                      
 
                                                      String
                                                      
+
                                                      String
                                                      
 
                                                      Unit of the metric-based rule threshold. Currently, only % is supported.
                                                      
+
                                                      Unit of the metric-based rule threshold. Only % is supported.
                                                      
                                                       		
 
                                                      spec.targetNodepoolIds
                                                      
+
                                                      spec.targetNodepoolIds
                                                      
 
                                                      Array
                                                      
+
                                                      Array
                                                      
 
                                                      All node pools associated with the scaling policy.
                                                      
+
                                                      All node pools associated with the scaling policy.
                                                      
                                                       		
 
                                                      spec.targetNodepoolIds[x]
                                                      
+
                                                      spec.targetNodepoolIds[x]
                                                      
 
                                                      String
                                                      
+
                                                      String
                                                      
 
                                                      UID of the node pool associated with the scaling policy.
                                                      
+
                                                      UID of the node pool associated with the scaling policy.
                                                      
                                                       		
 
                                                      
                                                       
 
 
 
 
                                                      PV Type
                                                      
+
                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                      PV Type
                                                      
 
                                                      Associated Underlying Storage
                                                      
+
                                                      Associated Underlying Storage
                                                      
 
                                                      Whether to Delete Underlying Storage
                                                      
+
                                                      Whether to Delete Underlying Storage
                                                      
                                                       		
 
                                                      
 
                                                      EVS
                                                      
+
                                                      EVS
                                                      
 
                                                      Disks
                                                      
+
                                                      Disks
                                                      
 
                                                      Yes
                                                      
+
                                                      Pay-per-use EVS disks will be deleted.
                                                      
                                                       		
 
                                                      SFS
                                                      
+
                                                      SFS
                                                      
 
                                                      SFS Capacity-Oriented
                                                      
+
                                                      SFS Capacity-Oriented
                                                      
 
                                                      Yes
                                                      
+
                                                      Yes
                                                      
                                                       		
 
                                                      OBS
                                                      
+
                                                      OBS
                                                      
 
                                                      OBS buckets or parallel file systems
                                                      
+
                                                      OBS buckets or parallel file systems
                                                      
 
                                                      Yes
                                                      
+
                                                      Yes
                                                      
                                                       		
 
                                                      SFS Turbo
                                                      
+
                                                      SFS Turbo
                                                      
 
                                                      SFS Turbo file systems
                                                      
+
                                                      SFS Turbo file systems
                                                      
 
                                                      Yes
                                                      
+
                                                      Yes
                                                      
                                                       		
 
                                                      Local PV
                                                      
+
                                                      Local PV
                                                      
 
                                                      Logical volumes mounted to the node
                                                      
+
                                                      Logical volumes mounted to the node
                                                      
 
                                                      Determined based on the policy selected when the cluster is deleted.
                                                      
+
                                                      Determined based on the policy selected when the cluster is deleted.
                                                      
 
                                                      If you choose to retain the node, the logical volumes will not be deleted. If you choose to delete or reset the node, the logical volumes will be deleted.
                                                      
                                                       		
 
                                                      SFS Turbo subdirectory
                                                      
+
                                                      SFS Turbo subdirectory
                                                      
 
                                                      A directory in SFS Turbo
                                                      
+
                                                      A directory in SFS Turbo
                                                      
 
                                                      No
                                                      
+
                                                      No
                                                      
                                                       		
 
                                                      
                                                       
 
                                                      
 
                                                      
 
-
                                                    12. Delete network resources such as load balancers in a cluster. (Only automatically created load balancers will be deleted).
                                                      13. 
-
                                                    13. Enter DELETE and click Yes to start deleting the cluster.
                                                      The delete operation takes 1 to 3 minutes to complete.
                                                      
+
                                                    14. Delete network resources such as load balancers in a cluster. (Only automatically created load balancers will be deleted).
                                                    15. Delete all log groups, including their log streams, for the cluster in LTS. If you do not select this option, the LTS logs will not be deleted.
                                                      16. 
+
                                                    16. Enter DELETE and click Yes to start deleting the cluster.
                                                      The delete operation takes 1 to 3 minutes to complete. If the cluster is removed from the cluster list, the cluster has been deleted.
                                                      
 
                                                      17. 
 
 
diff --git a/docs/cce/umn/cce_10_0213.html b/docs/cce/umn/cce_10_0213.html
index 8c673d41d..8512c80d1 100644
--- a/docs/cce/umn/cce_10_0213.html
+++ b/docs/cce/umn/cce_10_0213.html
@@ -1,152 +1,197 @@
 
 
 
                                                      Modifying Cluster Configurations
                                                      
-
                                                      Scenario
                                                      CCE allows you to manage cluster parameters, through which you can let core components work under your requirements.
                                                      
-
                                                      
-
                                                      Procedure
                                                      1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                      2. Locate the target cluster, click ... to view more operations on the cluster, and choose Manage.
                                                      3. On the Manage Component page, change the values of the Kubernetes parameters listed in the following table.
                                                        
-
                                                        Table 1 kube-apiserver configurations
                                                        Item
                                                        
+
                                                        Cluster configuration parameters are underlying rules that define node behavior, resource allocation, communication rules, and scaling policies in a distributed system. They affect the cluster's performance, stability, scalability, and fault tolerance. You can customize the core components of a CCE cluster by adjusting these parameter settings. The following table lists cluster configuration parameters that you can adjust as needed.
                                                        
+
+
                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
-
+
+
+
+
+
+
+
+
+
                                                        Table 1 Cluster configuration parameters
                                                        Category
                                                        
 
                                                        Parameter
                                                        
-
                                                        Description
                                                        
-
                                                        Value
                                                        
+
                                                        Description
                                                        
                                                         		
 
                                                        
 
                                                        Toleration time for nodes in NotReady state
                                                        
+
                                                        API server (kube-apiserver)
                                                        
 
                                                        default-not-ready-toleration-seconds
                                                        
-
                                                        Specifies the default tolerance time. The configuration takes effect for all pods by default. You can configure different tolerance time for pods. In this case, the tolerance time configured for the pod is used. For details, see Configuring Tolerance Policies.
                                                        
-
                                                        If the specified tolerance time is too short, pods may be frequently migrated in scenarios like a network jitter. If the specified tolerance time is too long, services may be interrupted during this period after the node is faulty.
                                                        
-
                                                        Default: 300s
                                                        
+
                                                        Control resource scheduling, manage requests, ensure security, and toggle feature statuses to maintain efficient cluster operation and proper resource allocation.
                                                        
+
                                                        Modifying kube-apiserver parameters will restart the cluster and terminate existing persistent connections. Exercise caution when performing this operation.
                                                        
                                                         		
 
                                                        Toleration time for nodes in unreachable state
                                                        
+
                                                        Scheduler
                                                        
 
                                                        default-unreachable-toleration-seconds
                                                        
-
                                                        Specifies the default tolerance time. The configuration takes effect for all pods by default. You can configure different tolerance time for pods. In this case, the tolerance time configured for the pod is used. For details, see Configuring Tolerance Policies.
                                                        
-
                                                        If the specified tolerance time is too short, pods may be frequently migrated in scenarios like a network jitter. If the specified tolerance time is too long, services may be interrupted during this period after the node is faulty.
                                                        
-
                                                        Default: 300s
                                                        
+
                                                        Manage and optimize resource scheduling, request control, and GPU resource allocation in clusters. You can dynamically adjust scheduling policies based on cluster loads and resource requirements to ensure efficient cluster running and maximize resource utilization.
                                                        
                                                         		
 
                                                        Maximum Number of Concurrent Modification API Calls
                                                        
+
                                                        Cluster controller (kube-controller-manager)
                                                        
 
                                                        max-mutating-requests-inflight
                                                        
+
                                                        Control the behavior and synchronization frequency of different controllers in a cluster to optimize cluster resource management and task scheduling.
                                                        
 
                                                        Maximum number of concurrent mutating requests. When the value of this parameter is exceeded, the server rejects requests.
                                                        
-
                                                        The value 0 indicates that there is no limitation on the maximum number of concurrent modification requests. This parameter is related to the cluster scale. You are advised not to change the value.
                                                        
+
                                                        Network components (supported only by CCE Turbo clusters)
                                                        
 
                                                        Manual configuration is no longer supported since cluster v1.21. The value is automatically specified based on the cluster scale.
                                                        
+
                                                        Control and optimize the management of network resources in clusters, especially in heavy-load and large-scale clusters, to ensure efficient network running and proper resource allocation.
                                                        
+
                                                        Network components (supported only by CCE clusters using VPC networks)
                                                        
+
                                                        Specify the IP address range that does not require SNAT. This avoids unnecessary SNAT and optimizes network performance.
                                                        
+
                                                        Extended controller (supported only by clusters of v1.21 or later)
                                                        
+
                                                        Restrict the resource usage in the namespace to ensure fair and reasonable resource allocation.
                                                        
+
                                                        
+
                                                        
+
                                                        Modifying Cluster Configurations
                                                        1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                        2. Locate the target cluster, click ... to view more operations on the cluster, and choose Manage. This function allows you to modify parameter settings of Kubernetes native components and proprietary components.
                                                        3. On the Manage Component page, change the values of the Kubernetes parameters listed in the following table.
                                                          
+
                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -154,396 +199,392 @@
 
                                                          Table 2 kube-apiserver configurations
                                                          Item
                                                          
+
                                                          Parameter
                                                          
+
                                                          Description
                                                          
+
                                                          Value
                                                          
+
                                                          Toleration time for nodes in NotReady state
                                                          
+
                                                          default-not-ready-toleration-seconds
                                                          
+
                                                          Tolerance time during which containers can continue running before being automatically evicted if their node becomes unavailable. This setting applies to all containers by default. In a CCE cluster, you can configure separate tolerance policies for different pods for refined management. For details, see Configuring Tolerance Policies.
                                                          
+
                                                          Configuration suggestion: Unless otherwise specified, keep the default settings.
                                                          
+
                                                          Potential risks: If the specified tolerance time is too short, pods may be frequently migrated due to transient issues like network jitter. If the specified tolerance time is too long, services may remain interrupted for an extended period after a node failure.
                                                          
+
                                                          Default: 300s
                                                          
+
                                                          Toleration time for nodes in unreachable state
                                                          
+
                                                          default-unreachable-toleration-seconds
                                                          
+
                                                          Tolerance time during which containers can continue running before being automatically evicted if their node cannot be accessed. This setting applies to all containers by default. In a CCE cluster, you can configure separate tolerance policies for different pods for refined management. For details, see Configuring Tolerance Policies.
                                                          
+
                                                          Configuration suggestion: Unless otherwise specified, keep the default settings.
                                                          
+
                                                          Potential risks: If the specified tolerance time is too short, pods may be frequently migrated due to transient issues like network jitter. If the specified tolerance time is too long, services may remain interrupted for an extended period after a node failure.
                                                          
+
                                                          Default: 300s
                                                          
+
                                                          Maximum Number of Concurrent Modification API Calls
                                                          
+
                                                          max-mutating-requests-inflight
                                                          
+
                                                          Maximum number of concurrent mutating requests. Any requests exceeding the specified value will be rejected. Value 0 indicates that there is no limit on the maximum number of concurrent mutating requests.
                                                          
+
                                                          Configuration suggestion: Retain the default setting.
                                                          
+
                                                          Potential risks: Increasing the value of this parameter may cause overload.
                                                          
+
                                                          Manual configuration is no longer supported since cluster v1.21. The value is automatically specified based on the cluster scale.
                                                          
 
                                                          • 200 for clusters with 50 or 200 nodes
                                                          • 500 for clusters with 1000 nodes
                                                          • 1000 for clusters with 2000 nodes
                                                          
                                                           		
 
                                                          Maximum Number of Concurrent Non-Modification API Calls
                                                          
+
                                                          Maximum Number of Concurrent Non-Modification API Calls
                                                          
 
                                                          max-requests-inflight
                                                          
+
                                                          max-requests-inflight
                                                          
 
                                                          Maximum number of concurrent non-mutating requests. When the value of this parameter is exceeded, the server rejects requests.
                                                          
-
                                                          The value 0 indicates that there is no limitation on the maximum number of concurrent non-modification requests. This parameter is related to the cluster scale. You are advised not to change the value.
                                                          
+
                                                          Maximum number of concurrent non-mutating requests. Any requests exceeding the specified value will be rejected. Value 0 indicates that there is no limit on the maximum number of concurrent non-mutating requests.
                                                          
+
                                                          Configuration suggestion: Retain the default setting.
                                                          
+
                                                          Potential risks: Increasing the value of this parameter may cause overload.
                                                          
 
                                                          Manual configuration is no longer supported since cluster v1.21. The value is automatically specified based on the cluster scale.
                                                          
+
                                                          Manual configuration is no longer supported since cluster v1.21. The value is automatically specified based on the cluster scale.
                                                          
 
                                                          • 400 for clusters with 50 or 200 nodes
                                                          • 1000 for clusters with 1000 nodes
                                                          • 2000 for clusters with 2000 nodes
                                                          
                                                           		
 
                                                          NodePort port range
                                                          
+
                                                          NodePort port range
                                                          
 
                                                          service-node-port-range
                                                          
+
                                                          service-node-port-range
                                                          
 
                                                          NodePort port range. After changing the value, go to the security group page and change the TCP/UDP port range of node security groups 30000 to 32767. Otherwise, ports other than the default port cannot be accessed externally.
                                                          
-
                                                          If the port number is smaller than 20106, a conflict may occur between the port and the CCE health check port, which may further lead to unavailable cluster. If the port number is greater than 32767, a conflict may occur between the port and the ports in net.ipv4.ip_local_port_range, which may further affect the network performance.
                                                          
+
                                                          Port range for a NodePort Service. After changing the value, go to the security group page and change the TCP/UDP port range of node security groups 30000 to 32767. Otherwise, ports other than the default port cannot be accessed externally.
                                                          
+
                                                          Configuration suggestion: Retain the default setting.
                                                          
+
                                                          Potential risks: If the port number is smaller than 20106, a conflict may occur between the port and the CCE health check port, which may further lead to unavailable cluster. If the port number is greater than 32767, a conflict may occur between the port and the ports in net.ipv4.ip_local_port_range, which may further affect the network performance.
                                                          
 
                                                          Default: 30000 to 32767
                                                          
+
                                                          Default: 30000 to 32767
                                                          
 
                                                          Value range:
                                                          
 
                                                          Min > 20105
                                                          
 
                                                          Max < 32768
                                                          
                                                           		
 
                                                          Request Timeout
                                                          
+
                                                          Request Timeout
                                                          
 
                                                          request-timeout
                                                          
+
                                                          request-timeout
                                                          
 
                                                          Default request timeout interval of kube-apiserver. Exercise caution when changing the value of this parameter. Ensure that the changed value is proper to prevent frequent API timeout or other errors.
                                                          
-
                                                          This parameter is available only in clusters of v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later versions.
                                                          
+
                                                          Request timeout of the kube-apiserver component.
                                                          
+
                                                          Configuration suggestion: Retain the default setting to prevent frequent API timeouts and other exceptions.
                                                          
+
                                                          Applicable cluster version: This parameter is available only in clusters of v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later.
                                                          
 
                                                          Default: 1m0s
                                                          
+
                                                          Default: 1m0s
                                                          
 
                                                          Value range:
                                                          
 
                                                          Min ≥ 1s
                                                          
 
                                                          Max ≤ 1 hour
                                                          
                                                           		
 
                                                          Overload Control
                                                          
+
                                                          Overload Control
                                                          
 
                                                          support-overload
                                                          
+
                                                          support-overload
                                                          
 
                                                          Cluster overload control. After this function is enabled, concurrent requests will be dynamically controlled based on the resource demands received by master nodes to ensure the stable running of the master nodes and the cluster.
                                                          
-
                                                          This parameter is available only in clusters of v1.23 or later.
                                                          
+
                                                          Cluster overload control. After this function is enabled, concurrent requests will be dynamically controlled based on the resource demands received by master nodes, ensuring stable running of the master nodes and the cluster.
                                                          
+
                                                          Configuration suggestion: Enable this function. In scenarios like short-term request bursts, a cluster may still become overloaded even with overload control enabled. In such cases, you are advised to manage and control access to the cluster promptly.
                                                          
+
                                                          Applicable cluster version: This parameter is available only in clusters of v1.23 or later.
                                                          
 
                                                          • false: Overload control is disabled.
                                                          • true: Overload control is enabled.
                                                          
+
                                                          • false: Overload control is disabled.
                                                          • true: Overload control is enabled.
                                                          
                                                           		
 
                                                          Node Restriction Add-on
                                                          
+
                                                          Node Restriction Add-on
                                                          
 
                                                          enable-admission-plugin-node-restriction
                                                          
+
                                                          enable-admission-plugin-node-restriction
                                                          
 
                                                          This add-on allows the kubelet of a node to operate only the objects of the current node for enhanced isolation in multi-tenant scenarios or the scenarios with high security requirements.
                                                          
-
                                                          This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                          
+
                                                          Restrict kubelet to modify only the pods on its own node. This prevents unauthorized operations and enhances isolation in high-security or multi-tenant scenarios.
                                                          
+
                                                          Applicable cluster version: This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later.
                                                          
 
                                                          Default: true
                                                          
+
                                                          Default: true
                                                          
                                                           		
 
                                                          Pod Node Selector Add-on
                                                          
+
                                                          Pod Node Selector Add-on
                                                          
 
                                                          enable-admission-plugin-pod-node-selector
                                                          
+
                                                          enable-admission-plugin-pod-node-selector
                                                          
 
                                                          This add-on allows cluster administrators to configure the default node selector through namespace annotations. In this way, pods run only on specific nodes and configurations are simplified.
                                                          
-
                                                          This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                          
+
                                                          Allow cluster administrators to configure default node selectors through namespace annotations. In this way, pods run only on specific nodes and configurations are simplified.
                                                          
+
                                                          Applicable cluster version: This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later.
                                                          
 
                                                          Default: true
                                                          
+
                                                          Default: true
                                                          
                                                           		
 
                                                          Pod Toleration Limit Add-on
                                                          
+
                                                          Pod Toleration Limit Add-on
                                                          
 
                                                          enable-admission-plugin-pod-toleration-restriction
                                                          
+
                                                          enable-admission-plugin-pod-toleration-restriction
                                                          
 
                                                          This add-on allows cluster administrators to configure the default value and limits of pod tolerations through namespaces for fine-grained control over pod scheduling and key resource protection.
                                                          
-
                                                          This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                          
+
                                                          Allow cluster administrators to configure default pod toleration values and limits through namespaces. This enables fine-grained control over pod scheduling and protects key resources.
                                                          
+
                                                          Applicable cluster version: This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later.
                                                          
 
                                                          Default: false
                                                          
+
                                                          Default: false
                                                          
                                                           		
 
                                                          API Audience Settings
                                                          
+
                                                          API Audience Settings
                                                          
 
                                                          api-audiences
                                                          
+
                                                          api-audiences
                                                          
 
                                                          Audiences for a service account token. The Kubernetes component for authenticating service account tokens checks whether the token used in an API request specifies authorized audiences.
                                                          
-
                                                          Configuration suggestion: Accurately configure audiences according to the communication needs among cluster services. By doing so, the service account token is used for authentication only between authorized services, which enhances security.
                                                          
-
                                                           NOTE: 
                                                          An incorrect configuration may lead to an authentication communication failure between services or an error during token verification.
                                                          
-
                                                          
-
                                                          This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.28.6-r0, or later versions.
                                                          
+
                                                          Specify the audiences associated with a ServiceAccount token in service account token volume projection. For details, see the official document.
                                                          
+
                                                          Configuration suggestion: Retain the default setting. To ensure the proper running of the original service account authentication, add audiences instead of deleting existing ones when configuring this parameter.
                                                          
+
                                                          Potential risks: Deleting the original configuration that is still in use or setting it to an incorrect URL may result in a service account authentication failure.
                                                          
+
                                                          Applicable cluster version: This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later.
                                                          
 
                                                          Default value: "https://kubernetes.default.svc.cluster.local"
                                                          
+
                                                          Default value: "https://kubernetes.default.svc.cluster.local"
                                                          
 
                                                          Multiple values can be configured, which are separated by commas (,).
                                                          
                                                           		
 
                                                          Service Account Token Issuer Identity
                                                          
+
                                                          Service Account Token Issuer Identity
                                                          
 
                                                          service-account-issuer
                                                          
+
                                                          service-account-issuer
                                                          
 
                                                          Entity identifier for issuing a service account token, which is the value identified by the iss field in the payload of the service account token.
                                                          
-
                                                          Configuration suggestion: Ensure the configured issuer URL can be accessed in the cluster and trusted by the authentication system in the cluster.
                                                          
-
                                                           NOTE: 
                                                          If your specified issuer URL is untrusted or inaccessible, the authentication process based on the service account may fail.
                                                          
-
                                                          
-
                                                          This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.28.6-r0, or later versions.
                                                          
+
                                                          Entity identifier for issuing a service account token, which is the value identified by the iss field in the payload of the service account token.
                                                          
+
                                                          Configuration suggestion: Ensure the configured issuer URL can be accessed in the cluster and trusted by the authentication system in the cluster.
                                                          
+
                                                          Potential risks: If your specified issuer URL is untrusted or inaccessible, the authentication process based on the service account may fail.
                                                          
+
                                                          Applicable cluster version: This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later.
                                                          
 
                                                          Default value: "https://kubernetes.default.svc.cluster.local"
                                                          
+
                                                          Default value: "https://kubernetes.default.svc.cluster.local"
                                                          
 
                                                          Multiple values can be configured, which are separated by commas (,).
                                                          
                                                           		
 
                                                          
 
                                                          
 
-
                                                          Table 2 Scheduler configurations
                                                          Item
                                                          
+
                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                          Table 3 Scheduler configurations
                                                          Item
                                                          
 
                                                          Parameter
                                                          
+
                                                          Parameter
                                                          
 
                                                          Description
                                                          
+
                                                          Description
                                                          
 
                                                          Value
                                                          
+
                                                          Value
                                                          
                                                           		
 
                                                          
 
                                                          QPS for communicating with kube-apiserver
                                                          
+
                                                          QPS for communicating with kube-apiserver
                                                          
 
                                                          kube-api-qps
                                                          
+
                                                          kube-api-qps
                                                          
 
                                                          QPS for communicating with kube-apiserver.
                                                          
+
                                                          QPS for communicating with kube-apiserver.
                                                          
 
                                                          • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                          • If the number of nodes in a cluster is 1000 or more, the default value is 200.
                                                          
+
                                                          • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                          • If the number of nodes in a cluster is 1000 or more, the default value is 200.
                                                          
                                                           		
 
                                                          Burst for communicating with kube-apiserver
                                                          
+
                                                          Burst for communicating with kube-apiserver
                                                          
 
                                                          kube-api-burst
                                                          
+
                                                          kube-api-burst
                                                          
 
                                                          Burst for communicating with kube-apiserver.
                                                          
+
                                                          Burst QPS for communicating with kube-apiserver.
                                                          
 
                                                          • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                          • If the number of nodes in a cluster is 1000 or more, the default value is 200.
                                                          
+
                                                          • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                          • If the number of nodes in a cluster is 1000 or more, the default value is 200.
                                                          
                                                           		
 
                                                          Whether to enable GPU sharing
                                                          
+
                                                          Whether to enable GPU sharing
                                                          
 
                                                          enable-gpu-share
                                                          
+
                                                          enable-gpu-share
                                                          
 
                                                          Whether to enable GPU sharing. This parameter is supported only in clusters of v1.23.7-r10, v1.25.3-r0, or later versions.
                                                          
+
                                                          Determine whether to enable GPU sharing as needed.
                                                          
 
                                                          • When disabled, ensure that pods in the cluster cannot use shared GPUs (no cce.io/gpu-decision annotation in pods) and that GPU virtualization is disabled.
                                                          • When enabled, ensure that there is a cce.io/gpu-decision annotation on all pods that use GPU resources in the cluster.
                                                          
+
                                                          Applicable cluster version: This parameter is available only in clusters of v1.23.7-r10, v1.25.3-r0, or later.
                                                          
 
                                                          Default: true
                                                          
+
                                                          Default: true
                                                          
                                                           		
 
                                                          
                                                           
 
                                                          
 
                                                          
 
-
                                                          Table 3 kube-controller-manager configurations
                                                          Item
                                                          
+
                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                          Table 4 kube-controller-manager configurations
                                                          Item
                                                          
 
                                                          Parameter
                                                          
+
                                                          Parameter
                                                          
 
                                                          Description
                                                          
+
                                                          Description
                                                          
 
                                                          Value
                                                          
+
                                                          Value
                                                          
                                                           		
 
                                                          
 
                                                          Number of concurrent processing of deployment
                                                          
+
                                                          Number of concurrent processing of deployment
                                                          
 
                                                          concurrent-deployment-syncs
                                                          
+
                                                          concurrent-deployment-syncs
                                                          
 
                                                          Number of deployment objects that can be synchronized concurrently
                                                          
+
                                                          Number of deployment objects that are allowed to sync concurrently
                                                          
 
                                                          Default: 5
                                                          
+
                                                          Default: 5
                                                          
                                                           		
 
                                                          Concurrent processing number of endpoint
                                                          
+
                                                          Concurrent processing number of endpoint
                                                          
 
                                                          concurrent-endpoint-syncs
                                                          
+
                                                          concurrent-endpoint-syncs
                                                          
 
                                                          Number of endpoint syncing operations that will be done concurrently
                                                          
+
                                                          Number of service endpoint syncing operations that will be done concurrently
                                                          
 
                                                          Default: 5
                                                          
+
                                                          Default: 5
                                                          
                                                           		
 
                                                          Concurrent number of garbage collector
                                                          
+
                                                          Concurrent number of garbage collectors
                                                          
 
                                                          concurrent-gc-syncs
                                                          
+
                                                          concurrent-gc-syncs
                                                          
 
                                                          Number of garbage collector workers that can be synchronized concurrently
                                                          
+
                                                          Number of garbage collector workers that can be synchronized concurrently
                                                          
 
                                                          Default: 20
                                                          
+
                                                          Default: 20
                                                          
                                                           		
 
                                                          Number of job objects allowed to sync simultaneously
                                                          
+
                                                          Number of job objects allowed to sync simultaneously
                                                          
 
                                                          concurrent-job-syncs
                                                          
+
                                                          concurrent-job-syncs
                                                          
 
                                                          Number of job objects that can be synchronized concurrently
                                                          
+
                                                          Number of job objects that can be synchronized concurrently
                                                          
 
                                                          Default: 5
                                                          
+
                                                          Default: 5
                                                          
                                                           		
 
                                                          Number of CronJob objects allowed to sync simultaneously
                                                          
+
                                                          Number of CronJob objects allowed to sync simultaneously
                                                          
 
                                                          concurrent-cron-job-syncs
                                                          
+
                                                          concurrent-cron-job-syncs
                                                          
 
                                                          Number of scheduled jobs that can be synchronized concurrently
                                                          
+
                                                          Number of scheduled jobs that can be synchronized concurrently
                                                          
 
                                                          Default: 5
                                                          
+
                                                          Default: 5
                                                          
                                                           		
 
                                                          Number of concurrent processing of namespace
                                                          
+
                                                          Number of concurrent processing of namespace
                                                          
 
                                                          concurrent-namespace-syncs
                                                          
+
                                                          concurrent-namespace-syncs
                                                          
 
                                                          Number of namespace objects that can be synchronized concurrently
                                                          
+
                                                          Number of namespace objects that can be synchronized concurrently
                                                          
 
                                                          Default: 10
                                                          
+
                                                          Default: 10
                                                          
                                                           		
 
                                                          Concurrent processing number of replicaset
                                                          
+
                                                          Concurrent processing number of replicaset
                                                          
 
                                                          concurrent-replicaset-syncs
                                                          
+
                                                          concurrent-replicaset-syncs
                                                          
 
                                                          Number of replica sets that can be synchronized concurrently
                                                          
+
                                                          Number of replica sets that can be synchronized concurrently
                                                          
 
                                                          Default: 5
                                                          
+
                                                          Default: 5
                                                          
                                                           		
 
                                                          Number of concurrent processing of resource quota
                                                          
+
                                                          Number of concurrent processing of resource quota
                                                          
 
                                                          concurrent-resource-quota-syncs
                                                          
+
                                                          concurrent-resource-quota-syncs
                                                          
 
                                                          Number of resource quotas that can be synchronized concurrently
                                                          
+
                                                          Number of resource quotas that can be synchronized concurrently
                                                          
 
                                                          Default: 5
                                                          
+
                                                          Default: 5
                                                          
                                                           		
 
                                                          Concurrent processing number of service
                                                          
+
                                                          Service
                                                          
 
                                                          concurrent-service-syncs
                                                          
+
                                                          concurrent-service-syncs
                                                          
 
                                                          Number of services that can be synchronized concurrently
                                                          
+
                                                          Number of services that can be synchronized concurrently
                                                          
 
                                                          Default: 10
                                                          
+
                                                          Default: 10
                                                          
                                                           		
 
                                                          Concurrent processing number of serviceaccount-token
                                                          
+
                                                          Concurrent processing number of serviceaccount-token
                                                          
 
                                                          concurrent-serviceaccount-token-syncs
                                                          
+
                                                          concurrent-serviceaccount-token-syncs
                                                          
 
                                                          Number of service account token objects that can be synchronized concurrently
                                                          
+
                                                          Number of service account token objects that can be synchronized concurrently
                                                          
 
                                                          Default: 5
                                                          
+
                                                          Default: 5
                                                          
                                                           		
 
                                                          Concurrent processing of ttl-after-finished
                                                          
+
                                                          Concurrent processing of ttl-after-finished
                                                          
 
                                                          concurrent-ttl-after-finished-syncs
                                                          
+
                                                          concurrent-ttl-after-finished-syncs
                                                          
 
                                                          Number of ttl-after-finished-controller workers that can be synchronized concurrently
                                                          
+
                                                          Number of ttl-after-finished-controller workers that can be synchronized concurrently
                                                          
 
                                                          Default: 5
                                                          
+
                                                          Default: 5
                                                          
                                                           		
 
                                                          RC
                                                          
+
                                                          RC
                                                          
 
                                                          concurrent_rc_syncs (used in clusters of v1.19 or earlier)
                                                          
+
                                                          concurrent_rc_syncs (used in clusters of v1.19 or earlier)
                                                          
 
                                                          concurrent-rc-syncs (used in clusters of v1.21 through v1.25.3-r0)
                                                          
 
                                                          Number of replication controllers that can be synchronized concurrently
                                                          
-
                                                           NOTE: 
                                                          This parameter is no longer supported in clusters of v1.25.3-r0 and later versions.
                                                          
-
                                                          
+
                                                          Number of replication controllers that can be synchronized concurrently
                                                          
+
                                                          This parameter is deprecated in clusters of v1.25.3-r0 and later versions.
                                                          
 
                                                          Default: 5
                                                          
+
                                                          Default: 5
                                                          
                                                           		
 
                                                          HPA
                                                          
+
                                                          HPA
                                                          
 
                                                          concurrent-horizontal-pod-autoscaler-syncs
                                                          
+
                                                          concurrent-horizontal-pod-autoscaler-syncs
                                                          
 
                                                          Number of HPA auto scaling requests that can be concurrently processed
                                                          
+
                                                          Number of HPA auto scaling requests that can be concurrently processed
                                                          
 
                                                          Default 1 for clusters earlier than v1.27 and 5 for clusters of v1.27 or later
                                                          
+
                                                          Default 1 for clusters earlier than v1.27 and 5 for clusters of v1.27 or later
                                                          
 
                                                          Value range: 1 to 50
                                                          
                                                           		
 
                                                          Cluster elastic computing period
                                                          
+
                                                          Cluster elastic computing period
                                                          
 
                                                          horizontal-pod-autoscaler-sync-period
                                                          
+
                                                          horizontal-pod-autoscaler-sync-period
                                                          
 
                                                          Period for the horizontal pod autoscaler to perform auto scaling on pods. A smaller value will result in a faster auto scaling response and higher CPU load.
                                                          
-
                                                           NOTE: 
                                                          Make sure to configure this parameter properly as a lengthy period can cause the controller to respond slowly, while a short period may overload the cluster control plane.
                                                          
-
                                                          
+
                                                          Period for the horizontal pod autoscaler to perform auto scaling on pods. A smaller value will result in a faster auto scaling response and higher CPU load.
                                                          
+
                                                          Configuration suggestion: Retain the default setting.
                                                          
+
                                                          Potential risks: A lengthy period can cause the controller to respond slowly, while a short period may overload the cluster control plane.
                                                          
 
                                                          Default: 15 seconds
                                                          
+
                                                          Default: 15 seconds
                                                          
                                                           		
 
                                                          Horizontal Pod Scaling Tolerance
                                                          
+
                                                          Horizontal Pod Scaling Tolerance
                                                          
 
                                                          horizontal-pod-autoscaler-tolerance
                                                          
+
                                                          horizontal-pod-autoscaler-tolerance
                                                          
 
                                                          The configuration determines how quickly the horizontal pod autoscaler will act to auto scaling policies. If the parameter is set to 0, auto scaling will be triggered immediately when the related metrics are met.
                                                          
-
                                                          Configuration suggestion: If the service resource usage increases sharply over time, retain a certain tolerance to prevent auto scaling which is beyond expectation in high resource usage scenarios.
                                                          
+
                                                          The configuration determines how quickly HPA will act to auto scaling policies. If the parameter is set to 0, auto scaling will be triggered immediately when the related metrics are met.
                                                          
+
                                                          Configuration suggestion: Configure this parameter based on service resource usage. If the service resource usage increases sharply over time, configure a tolerance to prevent unexpected auto scaling in short-term high-resource usage scenarios.
                                                          
 
                                                          Default: 0.1
                                                          
+
                                                          Default: 0.1
                                                          
                                                           		
 
                                                          HPA CPU Initialization Period
                                                          
+
                                                          HPA CPU Initialization Period
                                                          
 
                                                          horizontal-pod-autoscaler-cpu-initialization-period
                                                          
+
                                                          horizontal-pod-autoscaler-cpu-initialization-period
                                                          
 
                                                          During the period specified by this parameter, the CPU usage data used in HPA calculation is limited to pods that are both ready and have recently had their metrics collected. You can use this parameter to filter out unstable CPU usage data during the early stage of pod startup. This helps prevent incorrect scaling decisions based on momentary peak values.
                                                          
-
                                                          Configuration suggestion: If you find that HPA is making incorrect scaling decisions due to CPU usage fluctuations during pod startup, increase the value of this parameter to allow for a buffer period of stable CPU usage.
                                                          
-
                                                           NOTE: 
                                                          Make sure to configure this parameter properly as a small value may trigger unnecessary scaling based on peak CPU usage, while a large value may cause scaling to be delayed.
                                                          
-
                                                          This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.28.6-r0, or later versions.
                                                          
-
                                                          
+
                                                          The built-in delay of the HPA for collecting CPU usage after pods start. You can use this parameter to filter out unstable CPU usage data during the early stage of pod startup. This helps prevent incorrect scaling decisions based on momentary peak values.
                                                          
+
                                                          Configuration suggestion: If HPA makes an incorrect scaling decision due to fluctuating CPU usage during pod startup, increase the value of this parameter.
                                                          
+
                                                          Potential risks: A small parameter value may trigger unnecessary scaling based on peak CPU usage, while a large value may cause delayed scaling.
                                                          
+
                                                          Applicable cluster version: This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later.
                                                          
 
                                                          Default: 5 minutes
                                                          
+
                                                          Default: 5 minutes
                                                          
                                                           		
 
                                                          HPA Initial Readiness Delay
                                                          
+
                                                          HPA Initial Readiness Delay
                                                          
 
                                                          horizontal-pod-autoscaler-initial-readiness-delay
                                                          
+
                                                          horizontal-pod-autoscaler-initial-readiness-delay
                                                          
 
                                                          After CPU initialization, this period allows HPA to use a less strict criterion for filtering CPU metrics. During this period, HPA will gather data on the CPU usage of the pod for scaling, regardless of any changes in the pod's readiness status. This parameter ensures continuous tracking of CPU usage, even when the pod status changes frequently.
                                                          
-
                                                          Configuration suggestion: If the readiness status of pods fluctuates after startup and you want to prevent HPA misjudgment caused by the fluctuation, increase the value of this parameter to allow HPA to gather more comprehensive CPU usage data.
                                                          
-
                                                           NOTE: 
                                                          Configure this parameter properly. If it is set to a small value, an unnecessary scale-out may occur due to CPU data fluctuations when the pod enters the ready state. If it is set to a large value, HPA may not be able to make a quick decision when a rapid response is needed.
                                                          
-
                                                          This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.28.6-r0, or later versions.
                                                          
-
                                                          
+
                                                          The waiting time before the HPA starts automatic scaling based on pod readiness.
                                                          
+
                                                          Configuration suggestion: To prevent HPA misjudgment caused by pod readiness fluctuations after startup, increase the value of this parameter.
                                                          
+
                                                          Potential risks: If this parameter is set to a small value, an unnecessary scale-out may occur due to CPU data fluctuations when the pod is just ready. If it is set to a large value, the HPA may not respond quickly enough in situations requiring rapid scaling.
                                                          
+
                                                          Applicable cluster version: This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later.
                                                          
 
                                                          Default: 30s
                                                          
+
                                                          Default: 30s
                                                          
                                                           		
 
                                                          QPS for communicating with kube-apiserver
                                                          
+
                                                          QPS for communicating with kube-apiserver
                                                          
 
                                                          kube-api-qps
                                                          
+
                                                          kube-api-qps
                                                          
 
                                                          QPS for communicating with kube-apiserver
                                                          
+
                                                          QPS for communicating with kube-apiserver
                                                          
 
                                                          • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                          • If the number of nodes in a cluster is 1000 or more, the default value is 200.
                                                          
+
                                                          • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                          • If the number of nodes in a cluster is 1000 or more, the default value is 200.
                                                          
                                                           		
 
                                                          Burst for communicating with kube-apiserver
                                                          
+
                                                          Burst for communicating with kube-apiserver
                                                          
 
                                                          kube-api-burst
                                                          
+
                                                          kube-api-burst
                                                          
 
                                                          Burst for communicating with kube-apiserver
                                                          
+
                                                          Burst QPS for communicating with kube-apiserver
                                                          
 
                                                          • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                          • If the number of nodes in a cluster is 1000 or more, the default value is 200.
                                                          
+
                                                          • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                          • If the number of nodes in a cluster is 1000 or more, the default value is 200.
                                                          
                                                           		
 
                                                          The maximum number of terminated pods that can be kept before the Pod GC deletes the terminated pod
                                                          
+
                                                          The maximum number of terminated pods that can be kept before the Pod GC deletes the terminated pod
                                                          
 
                                                          terminated-pod-gc-threshold
                                                          
+
                                                          terminated-pod-gc-threshold
                                                          
 
                                                          Number of terminated pods that can exist in a cluster. If there are more terminated pods than the expected number in the cluster, the terminated pods that exceed the number will be deleted.
                                                          
-
                                                           NOTE: 
                                                          If this parameter is set to 0, all pods in the terminated state are retained.
                                                          
-
                                                          
+
                                                          Number of terminated pods that can exist in a cluster. When the number of terminated pods exceeds the expected threshold, the excess terminated pods will be automatically deleted.
                                                          
+
                                                          If this parameter is set to 0, all terminated pods will be retained.
                                                          
 
                                                          Default: 1000
                                                          
+
                                                          Default: 1000
                                                          
 
                                                          Value range: 10 to 12500
                                                          
 
                                                          If the cluster version is v1.21.11-r40, v1.23.8-r0, v1.25.6-r0, v1.27.3-r0, or later, the value range is changed to 0 to 100000.
                                                          
                                                           		
 
                                                          Unhealthy AZ Threshold
                                                          
+
                                                          Unhealthy AZ Threshold
                                                          
 
                                                          unhealthy-zone-threshold
                                                          
+
                                                          unhealthy-zone-threshold
                                                          
 
                                                          When more than a certain proportion of pods in an AZ are unhealthy, the AZ itself will be considered unhealthy, and scheduling pods to nodes in that AZ will be restricted to limit the impacts of the unhealthy AZ.
                                                          
-
                                                          This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                          
-
                                                           NOTE: 
                                                          If the parameter is set to a large value, pods in unhealthy AZs will be migrated in a large scale, which may lead to risks such as overloaded clusters.
                                                          
-
                                                          
+
                                                          If the number of not-ready nodes exceeds the specified threshold in a given AZ, that AZ will be marked as unhealthy. In such unhealthy AZs, the frequency of service migration for faulty nodes will be reduced to prevent further negative impacts caused by large-scale migrations during major fault scenarios.
                                                          
+
                                                          Configuration suggestion: Retain the default setting.
                                                          
+
                                                          Potential risks: If the parameter is set to a large value, pods in unhealthy AZs will be migrated in a large scale, which can lead to risks such as overloading the cluster.
                                                          
+
                                                          Applicable cluster version: This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later.
                                                          
 
                                                          Default: 0.55
                                                          
+
                                                          Default: 0.55
                                                          
 
                                                          Value range: 0 to 1
                                                          
                                                           		
 
                                                          Node Eviction Rate
                                                          
+
                                                          Node Eviction Rate
                                                          
 
                                                          node-eviction-rate
                                                          
+
                                                          node-eviction-rate
                                                          
 
                                                          This parameter specifies the number of nodes that pods are deleted from per second in a cluster when the AZ is healthy. The default value is 0.1, indicating that pods can be evicted from at most one node every 10 seconds.
                                                          
-
                                                          This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                          
-
                                                           NOTE: 
                                                          If the parameter is set to a large value, the cluster may be overloaded. Additionally, if too many pods are evicted, they cannot be rescheduled, which will slow down fault recovery.
                                                          
-
                                                          
+
                                                          The maximum number of pods that can be evicted per second when a node is faulty in a healthy AZ. The default value is 0.1, indicating that pods from at most one node can be evicted every 10 seconds.
                                                          
+
                                                          Configuration suggestion: Ensure that the number of pods migrated in each batch does not exceed 300. If the parameter is set to a large value, the cluster may be overloaded. Additionally, if too many pods are evicted, they cannot be rescheduled, which will slow down fault recovery.
                                                          
+
                                                          Applicable cluster version: This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later.
                                                          
 
                                                          Default: 0.1
                                                          
+
                                                          Default: 0.1
                                                          
                                                           		
 
                                                          Secondary Node Eviction Rate
                                                          
+
                                                          Secondary Node Eviction Rate
                                                          
 
                                                          secondary-node-eviction-rate
                                                          
+
                                                          secondary-node-eviction-rate
                                                          
 
                                                          This parameter specifies the number of nodes that pods are deleted from per second in a cluster when the AZ is unhealthy. The default value is 0.01, indicating that pods can be evicted from at most one node every 100 seconds.
                                                          
-
                                                          This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                          
-
                                                           NOTE: 
                                                          There is no need to set the parameter to a large value for nodes in an unhealthy AZ, and this configuration may result in overloaded clusters.
                                                          
-
                                                          
+
                                                          The maximum number of pods that can be evicted per second when a node is faulty in an unhealthy AZ. The default value is 0.01, indicating that pods from at most one node can be evicted every 100 seconds.
                                                          
+
                                                          Configuration suggestion: Configure this parameter to be one-tenth of node-eviction-rate.
                                                          
+
                                                          Potential risks: For nodes in an unhealthy AZ, there is no need to set this parameter to a large value. Doing so may result in overloaded clusters.
                                                          
+
                                                          Applicable cluster version: This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later.
                                                          
 
                                                          Default: 0.01
                                                          
-
                                                          Configure this parameter with node-eviction-rate and set it to one-tenth of node-eviction-rate.
                                                          
+
                                                          Default: 0.01
                                                          
+
                                                          
                                                           		
 
                                                          Large Cluster Threshold
                                                          
+
                                                          Large Cluster Threshold
                                                          
 
                                                          large-cluster-size-threshold
                                                          
+
                                                          large-cluster-size-threshold
                                                          
 
                                                          If the number of nodes in a cluster is greater than the value of this parameter, this is a large cluster.
                                                          
-
                                                          This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                          
-
                                                           NOTE: 
                                                          kube-controller-manager automatically adjusts configurations for large clusters to optimize the cluster performance. Therefore, an excessively small threshold for small clusters will deteriorate the cluster performance.
                                                          
-
                                                          
+
                                                          The criterion for determining whether a cluster is a large-scale cluster. If the number of nodes in a cluster exceeds the value of this parameter, the cluster is considered a large-scale cluster.
                                                          
+
                                                          Configuration suggestion: For the clusters with a large number of nodes, configure a relatively larger value than the default one for higher performance and faster responses of controllers. Retain the default value for small clusters. Before adjusting the value of this parameter in a production environment, check the impact of the change on cluster performance in a test environment.
                                                          
+
                                                          Potential risks: In a large-scale cluster, kube-controller-manager adjusts specific configurations to optimize the performance of the cluster. Setting an excessively small threshold for small clusters will deteriorate the cluster performance.
                                                          
+
                                                          Applicable cluster version: This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later.
                                                          
 
                                                          Default: 50
                                                          
-
                                                          For the clusters with a large number of nodes, configure a relatively larger value than the default one for higher performance and faster responses of controllers. Retain the default value for small clusters. Before adjusting the value of this parameter in a production environment, check the impact of the change on cluster performance in a test environment.
                                                          
+
                                                          Default: 50
                                                          
+
                                                          
                                                           		
 
                                                          
                                                           
 
                                                          
 
                                                          
 
-
                                                          Table 4 Networking components (available only for CCE Turbo clusters)
                                                          Item
                                                          
+
                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                          Table 5 Network components (supported only by CCE Turbo clusters)
                                                          Item
                                                          
 
                                                          Parameter
                                                          
+
                                                          Parameter
                                                          
 
                                                          Description
                                                          
+
                                                          Description
                                                          
 
                                                          Value
                                                          
+
                                                          Value
                                                          
                                                           		
 
                                                          
 
                                                          The minimum number of network cards bound to the container at the cluster level
                                                          
+
                                                          The minimum number of network cards bound to the container at the cluster level
                                                          
 
                                                          nic-minimum-target
                                                          
+
                                                          nic-minimum-target
                                                          
 
                                                          Minimum number of container ENIs bound to a node
                                                          
-
                                                          The parameter value must be a positive integer. The value 10 indicates that at least 10 container ENIs must be bound to a node. If the number you specified exceeds the container ENI quota of the node, the ENI quota will be used.
                                                          
+
                                                          Minimum number of container NICs bound to a node
                                                          
+
                                                          The parameter value must be a positive integer. The value 10 indicates that at least 10 container NICs must be bound to a node. If the number you specified exceeds the container NIC quota of the node, the NIC quota will be used.
                                                          
 
                                                          Default: 10
                                                          
+
                                                          Default: 10
                                                          
                                                           		
 
                                                          Cluster-level node preheating container NIC upper limit check value
                                                          
+
                                                          Cluster-level node preheating container NIC upper limit check value
                                                          
 
                                                          nic-maximum-target
                                                          
+
                                                          nic-maximum-target
                                                          
 
                                                          After the number of ENIs bound to a node exceeds the nic-maximum-target value, CCE will not proactively pre-bind ENIs.
                                                          
-
                                                          Checking the upper limit of pre-bound container ENIs is enabled only when the value of this parameter is greater than or equal to the minimum number of container ENIs (nic-minimum-target) bound to a node.
                                                          
-
                                                          The parameter value must be a positive integer. The value 0 indicates that checking the upper limit of pre-bound container ENIs is disabled. If the number you specified exceeds the container ENI quota of the node, the ENI quota will be used.
                                                          
+
                                                          After the number of NICs bound to a node exceeds the nic-maximum-target value, CCE will not proactively pre-bind NICs.
                                                          
+
                                                          Checking the upper limit of pre-bound container NICs is enabled only when the value of this parameter is greater than or equal to the minimum number of container NICs (nic-minimum-target) bound to a node.
                                                          
+
                                                          The parameter value must be a positive integer. The value 0 indicates that checking the upper limit of pre-bound container NICs is disabled. If the number you specified exceeds the container NIC quota of the node, the NIC quota will be used.
                                                          
 
                                                          Default: 0
                                                          
+
                                                          Default: 0
                                                          
                                                           		
 
                                                          Number of NICs for dynamically warming up containers at the cluster level
                                                          
+
                                                          Number of NICs for dynamically warming up containers at the cluster level
                                                          
 
                                                          nic-warm-target
                                                          
+
                                                          nic-warm-target
                                                          
 
                                                          Extra ENIs will be pre-bound after the nic-minimum-target is used up in a pod. The value can only be a number.
                                                          
-
                                                          When the sum of the nic-warm-target value and the number of ENIs bound to the node is greater than the nic-maximum-target value, CCE will pre-bind the number of ENIs specified by the difference between the nic-maximum-target value and the current number of ENIs bound to the node.
                                                          
+
                                                          The target number of NICs to be pre-bound to a node before it starts.
                                                          
+
                                                          When the sum of the nic-warm-target value and the number of NICs already bound to the node exceeds the nic-maximum-target value, CCE will pre-bind the number of NICs specified by the difference between the nic-maximum-target value and the current number of NICs bound to the node.
                                                          
 
                                                          Default: 2
                                                          
+
                                                          Default: 2
                                                          
                                                           		
 
                                                          Cluster-level node warm-up container NIC recycling threshold
                                                          
+
                                                          Cluster-level node warm-up container NIC recycling threshold
                                                          
 
                                                          nic-max-above-warm-target
                                                          
+
                                                          nic-max-above-warm-target
                                                          
 
                                                          Only when the difference between the number of idle ENIs on a node and the nic-warm-target value is greater than the threshold, the pre-bound ENIs will be unbound and reclaimed. The value can only be a number.
                                                          
-
                                                          • A large value will accelerate pod startup but slow down the unbinding of idle container ENIs and decrease the IP address usage. Exercise caution when performing this operation.
                                                          • A small value will speed up the unbinding of idle container ENIs and increase the IP address usage but will slow down pod startup, especially when a large number of pods increase instantaneously.
                                                          
+
                                                          Pre-bound NICs on a node will only be unbound and reclaimed if the difference between the number of idle NICs and the nic-warm-target value exceeds the threshold. The value can only be a number.
                                                          
+
                                                          • A large value will accelerate pod startup but slow down the unbinding of idle container NICs and decrease the IP address usage. Exercise caution when performing this operation.
                                                          • A small value will speed up the unbinding of idle container NICs and increase the IP address usage but will slow down pod startup, especially when a large number of pods increase instantaneously.
                                                          
 
                                                          Default: 2
                                                          
+
                                                          Default: 2
                                                          
                                                           		
 
                                                          Low threshold of the number of container ENIs bound to a node in a cluster
                                                          
+
                                                          Pod Access to Metadata
                                                          
 
                                                          prebound-subeni-percentage
                                                          
+
                                                          allow-metadata-network-access
                                                          
 
                                                          High threshold of the number of bound ENIs
                                                          
-
                                                           NOTE: 
                                                          This parameter is being discarded. Use the dynamic pre-binding parameters of the other four ENIs.
                                                          
-
                                                          
+
                                                          After this function is enabled, pods in a cluster can access the node's metadata.
                                                          
+
                                                          • If a pod is created after this function is enabled, its ability to access metadata depends on the function's status.
                                                          • If a pod is created after this function is disabled, or in a cluster of an earlier version without this function, it cannot access metadata. To enable a pod to access metadata, it must be rebuilt while the function is enabled.
                                                          
 
                                                          Default: 0:0
                                                          
+
                                                          Default: false
                                                          
                                                           		
 
                                                          
                                                           
 
                                                          
 
                                                          
 
-
                                                          Table 5 Networking component configurations (supported only by the clusters using a VPC network)
                                                          Item
                                                          
+
                                                          
-
-
-
-
-
-
-
                                                          Table 6 Network component configurations (supported only by CCE clusters using VPC networks)
                                                          Item
                                                          
 
                                                          Parameter
                                                          
+
                                                          Parameter
                                                          
 
                                                          Description
                                                          
+
                                                          Description
                                                          
 
                                                          Value
                                                          
+
                                                          Value
                                                          
                                                           		
 
                                                          
 
                                                          Retaining the non-masqueraded CIDR block of the original pod IP address
                                                          
+
                                                          Retaining the non-masqueraded CIDR block of the original pod IP address
                                                          
 
                                                          nonMasqueradeCIDRs
                                                          
+
                                                          nonMasqueradeCIDRs
                                                          
 
                                                          In a CCE cluster using the VPC network model, if a container in the cluster needs to access externally, the source pod IP address must be masqueraded as the IP address of the node where the pod resides through SNAT. After the configuration, the node will not SNAT the IP addresses in the CIDR block by default. This function is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                          
-
                                                          By default, nodes in a cluster do not perform SNAT on packets destined for 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16 that is detected by CCE as a private CIDR block. Instead, these packets are directly transferred using the upper-layer VPC. (The three CIDR blocks are considered as internal networks in the cluster and are reachable at Layer 3 by default.)
                                                          
+
                                                          In a CCE cluster using the VPC network model, if a container in the cluster needs to access externally, the source pod IP address must be masqueraded as the IP address of the node where the pod resides through SNAT. After the configuration, the node will not perform SNAT on IP addresses within the specified CIDR block by default.
                                                          
+
                                                          By default, nodes in a cluster do not perform SNAT on packets destined for the private CIDR blocks 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16. Instead, these packets are directly transferred using the upper-layer VPC. These three CIDR blocks are considered internal networks within the cluster and are reachable at Layer 3 by default.
                                                          
+
                                                          Applicable cluster version: This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later.
                                                          
 
                                                          Default: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16
                                                          
+
                                                          Default: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16
                                                          
 
                                                           NOTE: 
                                                          To enable cross-node pod access, the CIDR block of the node where the target pod runs must be added.
                                                          
 
                                                          Similarly, to enable cross-ECS pod access in a VPC, the CIDR block of the ECS where the target pod runs must be added.
                                                          
 
                                                          
@@ -553,26 +594,25 @@
 
                                                          
 
                                                          
 
-
                                                          Table 6 Extended controller configurations (supported only by clusters of v1.21 and later)
                                                          Item
                                                          
+
                                                          
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0214.html b/docs/cce/umn/cce_10_0214.html
index b57c6b62c..8d59cb37c 100644
--- a/docs/cce/umn/cce_10_0214.html
+++ b/docs/cce/umn/cce_10_0214.html
@@ -8,7 +8,8 @@
 
                                                          Hibernating a Cluster
                                                          1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                          2. Locate the cluster to be hibernated, click ... to view more operations on the cluster, and choose Hibernate.
                                                          3. In the dialog box displayed, check the precautions and click Yes. Wait until the cluster is hibernated.
                                                          
 
                                                          
-
                                                          Waking Up a Cluster
                                                          1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                          2. Click Wake Up in the row of the target cluster.
                                                          3. When the cluster status changes from Waking up to Running, the cluster is woken up. It takes about 3 to 5 minutes to wake up the cluster.
                                                          
+
                                                          Waking Up a Cluster
                                                          You can wake up a hibernated cluster as needed.
                                                          
+
                                                          1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                          2. Click Wake Up in the row of the target cluster.
                                                          3. When the cluster status changes from Waking up to Running, the cluster is woken up. It takes about 3 to 5 minutes to wake up the cluster. 
                                                          
 
                                                          
 
                                                          
diff --git a/docs/cce/umn/cce_10_0215.html b/docs/cce/umn/cce_10_0215.html
index b7d6f990c..dc28da770 100644
--- a/docs/cce/umn/cce_10_0215.html
+++ b/docs/cce/umn/cce_10_0215.html
@@ -4,7 +4,7 @@
 
                                                          
 
                                                          
 
                                                          
 
                                                          Prerequisites
                                                          Before creating a DaemonSet, you must have an available cluster. For details on how to create a cluster, see Creating a CCE Standard/Turbo Cluster.
                                                          
 
                                                          
-
                                                          Using the CCE Console
                                                          1. Log in to the CCE console.
                                                          2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click Create Workload in the upper right corner.
                                                          3. Set basic information about the workload.
                                                            Basic Info
                                                            • Workload Type: Select DaemonSet. For details about workload types, see Overview.
                                                            • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                                            • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                                            • Container Runtime: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Secure Runtime and Common Runtime.
                                                            • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
                                                            
+
                                                            Using the CCE Console
                                                            1. Log in to the CCE console.
                                                            2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                            3. Set basic information about the workload.
                                                              Basic Info
                                                              • Workload Type: Select DaemonSet. For details about workload types, see Overview.
                                                              • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                                              • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                                              • Container Runtime: A CCE standard cluster uses a common runtime by default, whereas a CCE Turbo cluster supports both common and secure runtimes. For details about the differences, see Secure Runtime and Common Runtime.
                                                              • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
                                                              
 
                                                              
 
                                                              Container Settings
                                                              • Container Information
                                                                Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
                                                                • Basic Info: Configure basic information about the container.
 
                                                          Table 7 Extended controller configurations (supported only by clusters of v1.21 or later)
                                                          Item
                                                          
 
                                                          Parameter
                                                          
+
                                                          Parameter
                                                          
 
                                                          Description
                                                          
+
                                                          Description
                                                          
 
                                                          Value
                                                          
+
                                                          Value
                                                          
                                                           		
 
                                                          
 
                                                          Enable resource quota management
                                                          
+
                                                          Enable resource quota management
                                                          
 
                                                          enable-resource-quota
                                                          
+
                                                          enable-resource-quota
                                                          
 
                                                          Indicates whether to automatically create a ResourceQuota when creating a namespace. With quota management, you can control the number of workloads of each type and the upper limits of resources in a namespace or related dimensions.
                                                          
-
                                                          • false: Auto creation is disabled.
                                                          • true: Auto creation is enabled. For details about the resource quota defaults, see Configuring Resource Quotas.
                                                             NOTE: 
                                                            In high-concurrency scenarios (for example, creating pods in batches), the resource quota management may cause some requests to fail due to conflicts. Do not enable this function unless necessary. To enable this function, ensure that there is a retry mechanism in the request client.
                                                            
-
                                                            
-
                                                          
+
                                                          Determine whether to automatically create a ResourceQuota when creating a namespace. With quota management, you can control the number of workloads of each type and the upper limits of resources in a namespace or related dimensions.
                                                          
+
                                                          • false: Auto creation is disabled.
                                                          • true: Auto creation is enabled. For details about the resource quota defaults, see Configuring Resource Quotas.
                                                          
+
                                                          Configuration suggestion: In high-concurrency scenarios (for example, batch creation of pods), resource quota management may cause some requests to fail due to conflicts. This function should not be enabled unless necessary. If you enable it, ensure that the request client has a retry mechanism.
                                                          
 
                                                          Default: false
                                                          
+
                                                          Default: false
                                                          
                                                           		
 
                                                          
                                                           
 
 
                                                          
-
@@ -70,6 +70,13 @@
 
                                                          An init container is a special container that runs before other app containers in a pod are started. Each pod can contain multiple containers. In addition, a pod can contain one or more init containers. Application containers in a pod are started and run only after the running of all init containers completes. For details, see Init Containers.
                                                          
+
+
+
                                                          Parameter
                                                          
@@ -31,7 +31,7 @@
 
                                                          Image Name
                                                          
                                                           		
 
                                                          Click Select Image and select the image used by the container.
                                                          
-
                                                          To use a third-party image, see Using Third-Party Images.
                                                          
+
                                                          To use a third-party image, directly enter image path. Ensure that the image access credential can be used to access the image repository. For details, see Using Third-Party Images.
                                                          
                                                           		
 
                                                          
 
                                                          Image Tag
                                                          
@@ -53,8 +53,8 @@
 
                                                          
 
                                                          (Optional) GPU Quota
                                                          
 
                                                          Configurable only when the cluster contains GPU nodes and the CCE AI Suite (NVIDIA GPU) add-on is installed.
                                                          
-
                                                          • All: No GPU will be used.
                                                          • Dedicated: GPU resources are dedicated for the container.
                                                          • Shared: percentage of GPU resources used by the container. For example, if this parameter is set to 10%, the container uses 10% of GPU resources.
                                                          
+
                                                          Configurable only when the cluster contains GPU nodes and the CCE AI Suite (NVIDIA GPU) add-on has been installed.
                                                          
+
                                                          • Do not use: No GPU will be used.
                                                          • GPU card: The GPU is dedicated for the container.
                                                          • GPU Virtualization: percentage of GPU resources used by the container. For example, if this parameter is set to 10%, the container will use 10% of GPU resources.
                                                          
 
                                                          For details about how to use GPUs in the cluster, see Default GPU Scheduling in Kubernetes.
                                                          
                                                           		
 
                                                          
 
 
                                                          (Optional) Run Option
                                                          
+
                                                          Add run options for the container. For details, see Pod. CCE supports the following run options:
                                                          
+
                                                          • stdin: allows containers to receive input from external sources, such as terminals or other input streams.
                                                          • tty: allocates a pseudo terminal to containers, allowing you to send commands to them as if you were using a local terminal.
                                                            In most cases, tty is enabled along with stdin, indicating that the terminal (tty) is associated with the standard input (stdin) of the container. This allows for interactive operations, similar to the kubectl exec -i -t command. The difference is that this parameter has been configured when the pod is launched.
                                                            
+
                                                          
+
                                                          
 
 
                                                          
 
                                                          
@@ -77,22 +84,24 @@
 
                                                          • (Optional) Lifecycle: Configure operations to be performed in a specific phase of the container lifecycle, such as Startup Command, Post-Start, and Pre-Stop. For details, see Configuring Container Lifecycle Parameters.
                                                          • (Optional) Health Check: Set the liveness probe, ready probe, and startup probe as required. For details, see Configuring Container Health Check.
                                                          • (Optional) Environment Variables: Configure variables for the container running environment using key-value pairs. These variables transfer external information to containers running in pods and can be flexibly modified after application deployment. For details, see Configuring Environment Variables.
                                                          • (Optional) Data Storage: Mount local storage or cloud storage to the container. The application scenarios and mounting modes vary with the storage type. For details, see Storage.
                                                          • (Optional) Security Context: Assign container permissions to protect the system and other containers from being affected. Enter the user ID to assign container permissions and prevent systems and other containers from being affected.
                                                          • (Optional) Logging: Report standard container output logs to AOM by default, without requiring manual settings. You can manually configure the log collection path. For details, see Collecting Container Logs Using ICAgent.
                                                            To disable the standard output of the current workload, add the annotation kubernetes.AOM.log.stdout: [] in Labels and Annotations. For details about how to use this annotation, see Table 1.
                                                            
 
                                                          
 
-
                                                        4. Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR. For details about default-secret, see default-secret.
                                                        5. (Optional) GPU: All is selected by default. The workload instance will be scheduled to the node of the specified GPU type.
                                                          6. 
+
                                                        6. Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR Shared Edition. For details about default-secret, see default-secret.
                                                        7. (Optional) GPU: All is selected by default. The workload instance will be scheduled to the node of the specified GPU type.
                                                          8. 
 
 
                                                          (Optional) Service Settings
                                                          
 
                                                          A Service provides external access for pods. With a static IP address, a Service forwards access traffic to pods and automatically balances load for these pods.
                                                          
 
                                                          You can also create a Service after creating a workload. For details about Services of different types, see Overview.
                                                          
 
                                                          (Optional) Advanced Settings
-
                                                          • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Node affinity is provided.
                                                            • Node Affinity: Common load affinity policies are offered for quick load affinity deployment.
                                                              • Not configured: No node affinity policy is configured.
                                                              • Specified node scheduling: Workload pods can be deployed on specified nodes through node affinity (nodeAffinity). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                                                              • Specified node pool scheduling: Workload pods can be deployed in a specified node pool through node affinity (nodeAffinity). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                                                              • Custom policies: Affinity and anti-affinity policies can be customized. For details, see Configuring Node Affinity Scheduling (nodeAffinity).
                                                              
+
                                                              • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Node affinity is provided.
                                                                • Node Affinity: Common load affinity policies are offered for quick load affinity deployment.
                                                                  • Not configured: No node affinity policy is configured.
                                                                  • Specified node scheduling: Workload pods can be deployed on specified nodes through node affinity (nodeAffinity). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                                                                  • Specified node pool scheduling: Workload pods can be deployed in a specified node pool through node affinity (nodeAffinity). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                                                                  • Customize affinity: Affinity and anti-affinity policies can be customized. For details, see Configuring Node Affinity Scheduling (nodeAffinity).
                                                                  
 
                                                                
 
                                                              
 
                                                              • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Configuring Tolerance Policies.
                                                              • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Configuring Labels and Annotations.
                                                              • DNS: Configure a separate DNS policy for the workload. For details, see DNS Configuration.
                                                              • Network Configuration
                                                                • Pod ingress/egress bandwidth limitation: You can set ingress/egress bandwidth limitation for pods. For details, see Configuring QoS for a Pod.
                                                                • Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will be created using the container subnet and security group in the configuration. For details, see Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration.
                                                                • Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.
                                                                • IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack ENIs. For details, see Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack ENIs.
                                                                
 
                                                              
 
                                                          
-
                                                        8. Click Create Workload in the lower right corner.
                                                          9. 
+
                                                        9. Click Create Workload in the lower right corner. After a period of time, the workload enters the Running state.
                                                          
+
                                                          
+
                                                          10. 
 
 
                                                          Using kubectl
                                                          The following procedure uses Nginx as an example to describe how to create a workload using kubectl.
                                                          
-
                                                          1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                          2. Create and edit the nginx-daemonset.yaml file. nginx-daemonset.yaml is an example file name, and you can change it as required.
                                                            vi nginx-daemonset.yaml
                                                            
+
                                                            1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                            2. Create and edit the nginx-daemonset.yaml file. nginx-daemonset.yaml is an example file name, and you can change it as required.
                                                              vi nginx-daemonset.yaml
                                                              
 
                                                              The content of the description file is as follows: The following provides an example. For more information on DaemonSets, see Kubernetes documentation.
                                                              
 
                                                              apiVersion: apps/v1
 kind: DaemonSet
@@ -125,12 +134,12 @@ spec:
       - name: default-secret
                                                              
 
                                                              The replicas parameter used in defining a Deployment or StatefulSet does not exist in the above configuration for a DaemonSet, because each node has only one replica. It is fixed.
                                                              
 
                                                              The nodeSelector in the preceding pod template specifies that a pod is created only on the nodes that meet daemon=need. If you want to create a pod on each node, delete the label.
                                                              
-
                                                            3. Create a DaemonSet.
                                                              kubectl create -f nginx-daemonset.yaml
                                                              
+
                                                            4. Create a DaemonSet.
                                                              kubectl create -f nginx-daemonset.yaml
                                                              
 
                                                              If the following information is displayed, the DaemonSet is being created.
                                                              
 
                                                              daemonset.apps/nginx-daemonset created
                                                              
-
                                                            5. Obtain the DaemonSet status.
                                                              kubectl get ds
                                                              
-
                                                              $ kubectl get ds
-NAME              DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
+
                                                            6. Obtain the DaemonSet status.
                                                              kubectl get ds
                                                              
+
                                                              The command output is as follows:
                                                              
+
                                                              NAME              DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
 nginx-daemonset   1         1         0       1            0           daemon=need     116s
                                                              
 
                                                            7. If the workload will be accessed through a ClusterIP or NodePort Service, configure the access mode. For details, see Network.
                                                            
 
                                                          
diff --git a/docs/cce/umn/cce_10_0240.html b/docs/cce/umn/cce_10_0240.html
index 1232fdea7..870e7eac0 100644
--- a/docs/cce/umn/cce_10_0240.html
+++ b/docs/cce/umn/cce_10_0240.html
@@ -1,10 +1,10 @@
 
 
 
                                                          CCE Advanced HPA
                                                          
-
                                                          CCE Advanced HPA (cce-hpa-controller) is a CCE-developed add-on, which can be used to flexibly scale in or out Deployments based on metrics such as CPU usage and memory usage.
                                                          
+
                                                          The CCE Advanced HPA add-on (formerly cce-hpa-controller) is developed by CCE. It can be used to flexibly scale in or out Deployments based on metrics such as CPU usage and memory usage.
                                                          
 
                                                          Main Functions
                                                          • Scaling can be performed based on the percentage of the current number of pods.
                                                          • The minimum scaling step can be set.
                                                          • Different scaling operations can be performed based on the actual metric values.
                                                          
 
                                                          
-
                                                          Notes and Constraints
                                                          • If the add-on version is 1.2.11 or later, the add-ons that can provide metrics API must be installed.
                                                            • Kubernetes Metrics Server: provides basic resource usage metrics, such as container CPU and memory usage. It is supported by all cluster versions.
                                                            • Cloud Native Cluster Monitoring: available only in clusters of v1.17 or later.
+
                                                              Notes and Constraints
                                                              
 
                                                              
@@ -12,9 +12,9 @@
 
                                                              CPU Quota and Memory Quota: The resource quotas of a component are affected by how many containers and scaling policies in a cluster. For typical situations, it is recommended that you configure 500m CPU cores and 1,000 MiB of memory for every 5,000 containers in a cluster. As for scaling policies, 100m CPU cores and 500 MiB of memory should be configured for every 1,000 of them.
                                                              
 
                                                          
 
-
                                                        10. Configure the add-on parameters.
                                                          • AHPA Policy: After this function is enabled, historical monitoring metrics can be used to predict the required number of replicas and scales accordingly. For details, see Creating an AHPA Policy.
                                                            To enable AHPA, make sure to install the Cloud Native Cluster Monitoring add-on and enable the function that reports monitoring data to AOM. For details, see Cloud Native Cluster Monitoring.
                                                            
+
                                                          • Configure the add-on parameters.
                                                            • AHPA Policy: After this function is enabled, historical monitoring metrics can be used to predict the required number of replicas and scales accordingly. For details, see Creating an AHPA Policy.
                                                              To enable AHPA, make sure to install the Cloud Native Cluster Monitoring add-on and enable the function that reports monitoring data to AOM. For details, see Cloud Native Cluster Monitoring.
                                                              
 
                                                            
-
                                                          • Configure deployment policies for the add-on pods.
                                                             
                                                            • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                                            • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                                            
+
                                                          • Configure deployment policies for the add-on pods.
                                                             
                                                            • Scheduling policies do not take effect on add-on pods of the DaemonSet type.
                                                            • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                                            
 
                                                            
 
 
                                                            
-
-
@@ -75,7 +75,19 @@
 
-
+
+
+
+
-
-
diff --git a/docs/cce/umn/cce_10_0245.html b/docs/cce/umn/cce_10_0245.html
index 5fe0e6d90..99ad14014 100644
--- a/docs/cce/umn/cce_10_0245.html
+++ b/docs/cce/umn/cce_10_0245.html
@@ -3,13 +3,13 @@
 
                                                            Example: Designing and Configuring Permissions for Users in a Department
                                                            Overview
                                                            The conventional distributed task scheduling mode is being replaced by Kubernetes. CCE allows you to easily deploy, manage, and scale containerized applications in the cloud by providing support for you to use Kubernetes.
                                                            
 
                                                            To help enterprise administrators manage resource permissions in clusters, CCE provides multi-dimensional, fine-grained permission policies and management measures. CCE permissions are described as follows:
                                                            
-
                                                            • Cluster-level permissions: allowing a user group to perform operations on clusters, nodes, node pools, charts, and add-ons. These permissions are assigned based on IAM system policies.
                                                            • Namespace-level permissions: allowing a user or user group to perform operations on Kubernetes resources, such as workloads, networking, storage, and namespaces. These permissions are assigned based on Kubernetes RBAC.
                                                            
+
                                                            • Cluster-level permissions: allowing a user group to perform operations on clusters, nodes, charts, and add-ons. These permissions are assigned based on IAM system policies.
                                                            • Namespace-level permissions: allowing a user or user group to perform operations on Kubernetes resources, such as workloads, Services, storage, and namespaces. These permissions are assigned based on Kubernetes RBAC.
                                                            
 
                                                            Cluster permissions and namespace permissions are independent of each other but must be used together. The permissions set for a user group apply to all users in the user group. When multiple permissions are added to a user or user group, they take effect at the same time (the union set is used).
                                                            
 
                                                            
 
                                                            Permission Design
                                                            The following uses company X as an example.
                                                            
 
                                                            Generally, a company has multiple departments or projects, and each department has multiple members. Design how permissions are to be assigned to different groups and projects, and set a user name for each member to facilitate subsequent user group and permissions configuration.
                                                            
 
                                                            The following figure shows the organizational structure of a department in a company and the permissions to be assigned to each member:
                                                            
-
                                                            
+
                                                            
 
                                                            
 
                                                            Director: David
                                                            David is a department director of company X. To assign him all CCE permissions (both cluster and namespace permissions), create the cce-admin user group for David on the IAM console and assign the CCE Administrator role.
                                                            
 
                                                             
                                                            CCE Administrator: This role has all CCE permissions. You do not need to assign other permissions.
                                                            
diff --git a/docs/cce/umn/cce_10_0249.html b/docs/cce/umn/cce_10_0249.html
index d73302981..4aac614f8 100644
--- a/docs/cce/umn/cce_10_0249.html
+++ b/docs/cce/umn/cce_10_0249.html
@@ -105,7 +105,7 @@ curl: (7) Failed to connect to 192.168.10.36 port 900: Connection refused
 
                                                            # kubectl get svc nginx
 NAME    TYPE           CLUSTER-IP      EXTERNAL-IP                   PORT(S)        AGE
 nginx   LoadBalancer   10.247.76.156   123.**.**.**,192.168.0.133   80:32146/TCP   37s
                                                            
-
                                                            When the value of externalTrafficPolicy is Local, the access failures in different container network models and service forwarding modes are as follows:
                                                             
                                                            • For a multi-pod workload, ensure that all pods are accessible. Otherwise, there is a possibility that the access to the workload fails.
                                                            • In a CCE Turbo cluster that utilizes a Cloud Native 2.0 network model, node-level affinity is supported only when the Service backend is connected to a HostNetwork pod.
                                                            • The table lists only the scenarios where the access may fail. Other scenarios that are not listed in the table indicate that the access is normal.
                                                            
+
                                                            When the value of externalTrafficPolicy is Local, the access failures in different container network models and service forwarding modes are as follows:
                                                             
                                                            • For a multi-pod workload, ensure that all pods are accessible. Otherwise, there is a possibility that the access to the workload fails.
                                                            • In a CCE Turbo cluster that utilizes Cloud Native Network 2.0, node-level affinity is supported only when the Service backend is connected to a hostNetwork pod.
                                                            • The table lists only the scenarios where the access may fail. Other scenarios that are not listed in the table indicate that the access is normal.
                                                            
 
                                                            
 
 
                                                            Table 1 Configurations for add-on scheduling
                                                            Parameter
                                                            
@@ -25,12 +25,12 @@
 
                                                            
 
                                                            Multi-AZ Deployment
                                                            
 
                                                            • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                                            • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                                            • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                                                            
+
                                                            • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                                            • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                                            • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                                                            
                                                             		
 
                                                            
 
                                                            Node Affinity
                                                            
 
                                                            • Not configured: Node affinity is disabled for the add-on.
                                                            • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                            • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                            • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                              If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                                              
+
                                                            • Not configured: Node affinity is disabled for the add-on.
                                                            • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                            • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pools, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                            • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                              If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                                              
 
                                                            
                                                             		
 
                                                            
 
 
                                                            1.5.3
                                                            
+
                                                            1.5.24
                                                            
+
                                                            v1.25
                                                            
+
                                                            v1.27
                                                            
+
                                                            v1.28
                                                            
+
                                                            v1.29
                                                            
+
                                                            v1.30
                                                            
+
                                                            v1.31
                                                            
+
                                                            Fixed some issues.
                                                            
+
                                                            1.5.3
                                                            
                                                             		
 
                                                            v1.21
                                                            
 
                                                            v1.23
                                                            
@@ -119,7 +131,7 @@
 
                                                            v1.27
                                                            
 
                                                            v1.28
                                                            
 
                                                            CCE clusters 1.28 are supported.
                                                            
+
                                                            CCE clusters v1.28 are supported.
                                                            
                                                             		
 
                                                            
 
                                                            1.3.14
                                                            
@@ -130,7 +142,7 @@
 
                                                            v1.25
                                                            
 
                                                            v1.27
                                                            
 
                                                            CCE clusters 1.27 are supported.
                                                            
+
                                                            CCE clusters v1.27 are supported.
                                                            
                                                             		
 
                                                            
                                                             
 
                                                            
-
@@ -260,7 +260,7 @@ spec:
   selector: 
     app: nginx 
   type: LoadBalancer
-
                                                          • Leveraging the pass-through feature of the Service, kube-proxy is bypassed when the ELB address is used for access. The ELB load balancer is accessed first, and then the workload. For details, see Configuring Passthrough Networking for a LoadBalancer Service.
                                                             
                                                            • In a CCE standard cluster, after passthrough networking is configured for a dedicated load balancer, the private IP address of the load balancer cannot be accessed from the node where the workload pod resides or other containers on the same node as the workload.
                                                            • Passthrough networking is not supported for clusters of v1.15 or earlier.
                                                            • In IPVS network mode, the passthrough settings of Services connected to the same load balancer must be the same.
                                                            • If node-level (local) service affinity is used, kubernetes.io/elb.pass-through is automatically set to onlyLocal to enable pass-through.
                                                            
+
                                                          • Leveraging the pass-through feature of the Service, kube-proxy is bypassed when the ELB address is used for access. The ELB load balancer is accessed first, and then the workload. For details, see Configuring Passthrough Networking for a LoadBalancer Service.
                                                             
                                                            • In a CCE standard cluster, after passthrough networking is configured for a dedicated load balancer, the private IP address of the load balancer cannot be accessed from the node where the workload pod resides or other containers on the same node as the workload.
                                                            • Passthrough networking is not supported for clusters of  or earlier.
                                                            • In IPVS network mode, the passthrough settings of Services connected to the same load balancer must be the same.
                                                            • If node-level (local) service affinity is used, kubernetes.io/elb.pass-through is automatically set to onlyLocal to enable pass-through.
                                                            
 
                                                            
 
                                                            apiVersion: v1 
 kind: Service 
diff --git a/docs/cce/umn/cce_10_0251.html b/docs/cce/umn/cce_10_0251.html
index c10b6abf4..ed0a77a71 100644
--- a/docs/cce/umn/cce_10_0251.html
+++ b/docs/cce/umn/cce_10_0251.html
@@ -4,127 +4,129 @@
 
                                                            In Kubernetes, an ingress is a resource object that controls how Services within a cluster can be accessed from outside the cluster. You can use ingresses to configure different forwarding rules to access pods in a cluster. The following uses an Nginx workload as an example to describe how to create a LoadBalancer ingress on the console.
                                                            
 
                                                            Prerequisites
                                                            
 
                                                            
-
                                                            Notes and Constraints
                                                            • It is recommended that other resources not use the load balancer automatically created by an ingress. Otherwise, the load balancer will be occupied when the ingress is deleted, resulting in residual resources.
                                                            • After an ingress is created, upgrade and maintain the configuration of the selected load balancers on the CCE console. Do not modify the configuration on the ELB console. Otherwise, the ingress service may be abnormal.
                                                            • The URL registered in an ingress forwarding policy must be the same as the URL used to access the backend Service. Otherwise, a 404 error will be returned.
                                                            • In a cluster using the IPVS proxy mode, if the ingress and Service use the same ELB load balancer, the ingress cannot be accessed from the nodes and containers in the cluster because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge. This bridge intercepts the traffic of the load balancer connected to the ingress. Use different load balancers for the ingress and Service.
                                                            • A dedicated load balancer must be of the application type (HTTP/HTTPS) and support private networks (with a private IP address).
                                                            • If multiple ingresses access the same ELB port in a cluster, the listener configuration items (such as the certificate associated with the listener and the HTTP/2 attribute of the listener) are subject to the configuration of the first ingress.
                                                            
+
                                                            Notes and Constraints
                                                            • It is recommended that other resources not use the load balancer automatically created by an ingress. Otherwise, the load balancer will be occupied when the ingress is deleted, resulting in residual resources.
                                                            • After an ingress is created, upgrade and maintain the configuration of the selected load balancers on the CCE console. Do not modify the configuration on the ELB console. Otherwise, the ingress service may be abnormal.
                                                            • The URL registered in an ingress forwarding policy must be the same as the URL used to access the backend Service. Otherwise, a 404 error will be returned.
                                                            • If you have an IPVS-backed cluster and use the same ELB load balancer for both the ingress and Service in the same cluster or for the Service ports in different clusters, you will not be able to access the ingress from the nodes or containers in the cluster, or the Service ports in other clusters. This is because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge, which intercepts the load balancer traffic. Use separate load balancers for these ingresses and Services.
                                                            • A dedicated load balancer must be of the application type (HTTP/HTTPS) and support private networks (with a private IP address).
                                                            • If multiple ingresses access the same ELB port in a cluster, the listener configuration items (such as the certificate associated with the listener and the HTTP/2 attribute of the listener) are subject to the configuration of the first ingress.
                                                            
 
                                                            
 
                                                            Adding a LoadBalancer Ingress
                                                            This section uses an Nginx workload as an example to describe how to add a LoadBalancer ingress.
                                                            
-
                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                            2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                            3. Configure ingress parameters.
                                                              • Name: Customize the name of an ingress, for example, ingress-demo.
                                                              • Interconnect with Nginx: This option is displayed only after the NGINX Ingress Controller add-on is installed. If this option is available, the NGINX Ingress Controller add-on has been installed. Enabling this option will create an Nginx ingress. Disable it if you want to create a LoadBalancer ingress. For details, see Creating an Nginx Ingress on the Console.
                                                              • Load Balancer: Select a load balancer type and creation mode.
                                                                A load balancer can be dedicated or shared. A dedicated load balancer must be of the application type (HTTP/HTTPS) and support private networks.
                                                                
+
                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                3. Configure ingress parameters.
                                                                  • Name: Customize the name of an ingress, for example, ingress-demo.
                                                                  • Interconnect with Nginx: This option is displayed only after the NGINX Ingress Controller add-on is installed. If this option is available, the NGINX Ingress Controller add-on has been installed. Enabling this option will create an Nginx ingress. Disable it if you want to create a LoadBalancer ingress. For details, see Creating an Nginx Ingress on the Console.
                                                                  • Protocol Version: Select a protocol version of the LoadBalancer ingress. This parameter is only available for IPv4/IPv6 dual-stack clusters.
                                                                  • Load Balancer: Select a load balancer type and creation mode.
                                                                    A load balancer can be dedicated or shared. A dedicated load balancer must be of the application type (HTTP/HTTPS) and support private networks.
                                                                    
 
                                                                    You can select Use existing or Auto create to obtain a load balancer. For details about the configuration of different creation modes, see Table 1.
-
                                                            • Service Type Released on the Server
                                                            
@@ -210,7 +210,7 @@ nginx   LoadBalancer   10.247.76.156   
 
                                                            The access failed.
                                                            
                                                             		
 
                                                            nginx-ingress add-on connected with a dedicated load balancer (Local)
                                                            
+
                                                            LoadBalancer Service using a Dedicated load balancer (Local) for interconnection with NGINX Ingress Controller
                                                            
                                                             		
 
                                                            Private network
                                                            
 
                                                            Table 1 Load balancer configurations
                                                            How to Create
                                                            
+
                                                            
-
-
-
-
-
                                                            Table 1 Load balancer configurations
                                                            How to Create
                                                            
 
                                                            Configuration
                                                            
+
                                                            Configuration
                                                            
                                                             		
 
                                                            
 
                                                            Use existing
                                                            
+
                                                            Use existing
                                                            
 
                                                            Only the load balancers in the same VPC as the cluster can be selected. If no load balancer is available, click Create Load Balancer to create one on the ELB console.
                                                            
+
                                                            Only the load balancers in the same VPC as the cluster can be selected. If no load balancer is available, click Create Load Balancer to create one on the ELB console.
                                                            
                                                             		
 
                                                            Auto create
                                                            
+
                                                            Auto create
                                                            
 
                                                            • Instance Name: Enter a load balancer name.
                                                            • AZ: available only to dedicated load balancers. You can create load balancers in multiple AZs to improve service availability. You can deploy a load balancer in multiple AZs for high availability.
                                                            • Frontend Subnet: available only to dedicated load balancers. It is used to allocate IP addresses for load balancers to provide services externally.
                                                            • Backend Subnet: available only to dedicated load balancers. It is used to allocate IP addresses for load balancers to access the backend service.
                                                            • Network Specifications, Application-oriented Specifications, or Specifications (available only to dedicated load balancers)
                                                              • Elastic: applies to fluctuating traffic, billed based on total traffic. Clusters of v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, and later versions support elastic specifications.
                                                              • Fixed: applies to stable traffic, billed based on specifications.
                                                              
-
                                                            • EIP: If you select Auto create, you can configure the size of the public network bandwidth.
                                                            • Resource Tag: You can add resource tags to classify resources. You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency.
                                                            
+
                                                            • Instance Name: Enter a load balancer name.
                                                            • AZ: available only to dedicated load balancers. You can create load balancers in multiple AZs to improve service availability. You can deploy a load balancer in multiple AZs for high availability.
                                                            • Frontend Subnet: available only to dedicated load balancers. It is used to allocate IP addresses for load balancers to provide services externally.
                                                            • Backend Subnet: available only to dedicated load balancers. It is used to allocate IP addresses for load balancers to access the backend service.
                                                            • Network Specifications, Application-oriented Specifications, or Specifications (available only to dedicated load balancers)
                                                              • Elastic: applies to fluctuating traffic, billed based on total traffic. Clusters of v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, and later versions support elastic specifications.
                                                              • Fixed: applies to stable traffic, billed based on specifications.
                                                              
+
                                                            • EIP: If you select Auto create, you can configure the size of the public network bandwidth.
                                                            • Resource Tag: You can add resource tags to classify resources. You can create predefined tags on the TMS console. These tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency.
                                                            
                                                             		
 
                                                            
                                                             
 
                                                            
 
                                                            
 
-
                                                          • Listener: An ingress configures a listener for the load balancer, which listens to requests from the load balancer and distributes traffic. After the configuration is complete, a listener is created on the load balancer. The default listener name is k8s__<Protocol type>_<Port number>, for example, k8s_HTTP_80.
                                                            • External Protocol: HTTP and HTTPS are available.
                                                            • External Port: port number that is open to the ELB service address. The port number is configurable.
                                                            • Access Control
                                                              • Inherit ELB Configurations: CCE does not modify the existing access control configurations on the ELB console.
                                                              • Allow all IP addresses: No access control is configured.
                                                              • Trustlist: Only the selected IP address group can access the load balancer.
                                                              • Blocklist: The selected IP address group cannot access the load balancer.
                                                              
-
                                                            • Certificate Source: TLS secret and ELB server certificates are supported.
                                                              • TLS secret: For details about how to create a secret certificate, see Creating a Secret.
                                                              • ELB server certificate: Use a certificate created in the ELB service.
                                                              
+
                                                            • Listener: An ingress configures a listener for the load balancer, which listens to requests from the load balancer and distributes traffic. After the configuration is complete, a listener is created on the load balancer. The default listener name is k8s_<Protocol type>_<Port number>, for example, k8s_HTTP_80.
                                                              • External Protocol: HTTP and HTTPS are available.
                                                              • External Port: port number that is open to the ELB service address. The port number is configurable.
                                                              • Access Control
                                                                • Inherit ELB Configurations: CCE does not modify the existing access control configurations on the ELB console.
                                                                • Allow all IP addresses: No access control is configured.
                                                                • Trustlist: Only the selected IP address group can access the load balancer.
                                                                • Blocklist: The selected IP address group cannot access the load balancer.
                                                                
+
                                                                 
                                                                For clusters of v1.25.16-r10, v1.27.16-r10, v1.28.15-r0, v1.29.10-r0, v1.30.6-r0, v1.31.1-r0, or later, when using a dedicated load balancer, you can select a maximum of five IP address groups at a time for access control.
                                                                
+
                                                                
+
                                                              • Certificate Source: TLS secret and ELB server certificates are supported.
                                                                • TLS secret: For details about how to create a secret certificate, see Creating a Secret.
                                                                • ELB server certificate: Use a certificate created on ELB.
                                                                
 
                                                              • Server Certificate: When an HTTPS listener is created for a load balancer, bind a certificate to the load balancer to support encrypted authentication for HTTPS data transmission.
                                                                 
                                                                If there is already an HTTPS ingress for the chosen port on the load balancer, the certificate of the new HTTPS ingress must be the same as the certificate of the existing ingress. This means that a listener has only one certificate. If two certificates, each with a different ingress, are added to the same listener of the same load balancer, only the certificate added earliest takes effect on the load balancer.
                                                                
 
                                                                
 
                                                              • SNI: stands for Server Name Indication (SNI), which is an extended protocol of TLS. SNI allows multiple TLS-compliant domain names for external access using the same IP address and port number, and different domain names can use different security certificates. After SNI is enabled, the client is allowed to submit the requested domain name when initiating a TLS handshake request. After receiving the TLS request, the load balancer searches for the certificate based on the domain name in the request. If the certificate corresponding to the domain name is found, the load balancer returns the certificate for authorization. Otherwise, the default certificate (server certificate) is returned for authorization.
                                                                 
                                                                • The SNI option is available only when HTTPS is used.
                                                                
 
                                                                • This function is supported only in clusters of v1.15.11 or later.
                                                                • Only one domain name can be specified for each SNI certificate. Wildcard-domain certificates are supported.
                                                                • For ingresses connected to the same ELB port, do not configure SNIs with the same domain name but different certificates. Otherwise, the SNIs will be overwritten.
                                                                
 
                                                                
-
                                                              • Security Policy: combinations of different TLS versions and supported cipher suites available to HTTPS listeners.
                                                                For details about security policies, see ELB User Guide.
                                                                
+
                                                              • Security Policy: combinations of different TLS versions and supported cipher suites available to HTTPS listeners.
                                                                For details about security policies, see Elastic Load Balance User Guide.
                                                                
 
                                                                 
                                                                • Security Policy is available only when HTTPS is selected.
                                                                • This function is supported only in clusters of v1.17.9 or later.
                                                                
 
                                                                
 
                                                              • Backend Protocol:
                                                                When the listener is HTTP-compliant, only HTTP can be selected.
                                                                
 
                                                                If it is an HTTPS listener, this parameter can be set to HTTP or HTTPS. 
                                                                
 
                                                              • Advanced Options
-
                                                                Configuration
                                                                
+
                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                Configuration
                                                                
 
                                                                Description
                                                                
+
                                                                Description
                                                                
 
                                                                Restrictions
                                                                
+
                                                                Restrictions
                                                                
                                                                 		
 
                                                                
 
                                                                Idle Timeout
                                                                
+
                                                                Idle Timeout
                                                                
 
                                                                Timeout for an idle client connection. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                
+
                                                                Timeout for an idle client connection. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                
 
                                                                None
                                                                
+
                                                                None
                                                                
                                                                 		
 
                                                                Request Timeout
                                                                
+
                                                                Request Timeout
                                                                
 
                                                                Timeout for waiting for a request from a client. There are two cases:
                                                                
+
                                                                Timeout for waiting for a request from a client. There are two cases:
                                                                
 
                                                                • If the client fails to send a request header to the load balancer during the timeout duration, the request will be interrupted.
                                                                • If the interval between two consecutive request bodies reaching the load balancer is greater than the timeout duration, the connection will be disconnected.
                                                                
 
                                                                None
                                                                
+
                                                                This function is available only for HTTP and HTTPS listeners.
                                                                
                                                                 		
 
                                                                Response Timeout
                                                                
+
                                                                Response Timeout
                                                                
 
                                                                Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond during the timeout duration, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                
+
                                                                Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond during the timeout duration, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                
 
                                                                None
                                                                
+
                                                                This function is available only for HTTP and HTTPS listeners.
                                                                
                                                                 		
 
                                                                HTTP2
                                                                
+
                                                                HTTP2
                                                                
 
                                                                Whether to use HTTP/2 for a client to communicate with a load balancer. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.
                                                                
+
                                                                Whether to use HTTP/2 for a client to communicate with a load balancer. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.
                                                                
 
                                                                This function is available only when the listener is HTTPS-compliant.
                                                                
+
                                                                This function is available only when the listener is HTTPS-compliant.
                                                                
                                                                 		
 
                                                                
                                                                 
 
                                                                
 
                                                                
 
-
                                                              • Forwarding Policy: When the access address of a request matches the forwarding policy (a forwarding policy consists of a domain name and URL, for example, 10.117.117.117:80/helloworld), the request is forwarded to the corresponding target Service for processing. You can click  to add multiple forwarding policies.
                                                                • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                • Path Matching Rule:
                                                                  • Prefix match: If the URL is set to /healthz, the URL that meets the prefix can be accessed, for example, /healthz/v1 and /healthz/v2.
                                                                  • Exact match: The URL can be accessed only when it is fully matched. For example, if the URL is set to /healthz, only /healthz can be accessed.
                                                                  • RegEX match: The URL is matched based on the regular expression. For example, if the regular expression is /[A-Za-z0-9_.-]+/test, all URLs that comply with this rule can be accessed, for example, /abcA9/test and /v1-Ab/test. Two regular expression standards are supported: POSIX and Perl.
                                                                  
+
                                                                • Forwarding Policy: When a request's access address matches the forwarding policy (which consists of a domain name, port, and URL, for example, 10.117.117.117:80/helloworld), the request is forwarded to the target Service for processing. You can click  to add multiple forwarding policies.
                                                                  • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                  • Path Matching Rule:
                                                                    • Prefix match: If the URL is set to /healthz, the URL that meets the prefix can be accessed, for example, /healthz/v1 and /healthz/v2.
                                                                    • Exact match: The URL can be accessed only when it is fully matched. For example, if the URL is set to /healthz, only /healthz can be accessed.
                                                                    • RegEX match: The URL is matched based on the regular expression. For example, if the regular expression is /[A-Za-z0-9_.-]+/test, all URLs that comply with this rule can be accessed, for example, /abcA9/test and /v1-Ab/test. Two regular expression standards are supported: POSIX and Perl.
                                                                    
 
                                                                  • Path: access path, for example, /healthz
                                                                     
                                                                    The access path added here must exist in the backend application. Otherwise, the forwarding fails.
                                                                    
 
                                                                    For example, the default access URL of the Nginx application is /usr/share/nginx/html. When adding /test to the ingress forwarding policy, ensure the access URL of your Nginx application contains /usr/share/nginx/html/test. Otherwise, error 404 will be returned.
                                                                    
 
                                                                    
-
                                                                  • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                  • Destination Service Port: Select the access port of the destination Service.
                                                                  • Set ELB:
                                                                    • Algorithm: Three algorithms are available: weighted round robin, weighted least connections algorithm, or source IP hash.
                                                                       
                                                                      • Weighted round robin: Requests are forwarded to different servers based on their weights, which indicate server processing performance. Backend servers with higher weights receive proportionately more requests, whereas equal-weighted servers receive the same number of requests. This algorithm is often used for short connections, such as HTTP services.
                                                                      • Weighted least connections: In addition to the weight assigned to each server, the number of connections processed by each backend server is considered. Requests are forwarded to the server with the lowest connections-to-weight ratio. Building on least connections, the weighted least connections algorithm assigns a weight to each server based on their processing capability. This algorithm is often used for persistent connections, such as database connections.
                                                                      • Source IP hash: The source IP address of each request is calculated using the hash algorithm to obtain a unique hash key, and all backend servers are numbered. The generated key allocates the client to a particular server. This enables requests from different clients to be distributed in load balancing mode and ensures that requests from the same client are forwarded to the same server. This algorithm applies to TCP connections without cookies.
                                                                      
+
                                                                    • Destination Service: Select an existing Service. Only Services that meet the requirements are automatically displayed in the Service list. 
                                                                    • Destination Service Port: Select the access port of the destination Service.
                                                                    • Set ELB:
                                                                      • Algorithm: Three algorithms are available: weighted round robin, weighted least connections algorithm, or source IP hash.
                                                                         
                                                                        • Weighted round robin: Requests are forwarded to different servers based on their weights, which indicate server processing performance. Backend servers with higher weights receive proportionately more requests, whereas equal-weighted servers receive the same number of requests. This algorithm is often used for short connections, such as HTTP services.
                                                                        • Weighted least connections: In addition to the weight assigned to each server, the number of connections processed by each backend server is considered. Requests are forwarded to the server with the lowest connections-to-weight ratio. Building on least connections, the weighted least connections algorithm assigns a weight to each server based on their processing capability. This algorithm is often used for persistent connections, such as database connections.
                                                                        • Source IP hash: The source IP address of each request is calculated using the hash algorithm to obtain a unique hash key, and all backend servers are numbered. The generated key allocates the client to a particular server. This enables requests from different clients to be distributed in load balancing mode and ensures that requests from the same client are forwarded to the same server. This algorithm applies to TCP connections without cookies.
                                                                        
 
                                                                        
-
                                                                      • Sticky Session: This function is disabled by default. Options are as follows:
                                                                        • Load balancer cookie: Enter the Stickiness Duration , which ranges from 1 to 1440 minutes.
                                                                        
+
                                                                      • Sticky Session: This function is disabled by default. Options are as follows:
                                                                        • Load balancer cookie: Enter the Stickiness Duration, which ranges from 1 to 1440 minutes.
                                                                        
 
                                                                         
                                                                        • When the distribution policy uses the source IP hash, sticky session cannot be set.
                                                                        • Dedicated load balancers in the clusters of a version earlier than v1.21 do not support sticky sessions. If sticky sessions are required, use shared load balancers.
                                                                        
 
                                                                        
 
                                                                      • Health Check: Set the health check configuration of the load balancer. If this function is enabled, the following configurations are supported:
-
                                                                        Parameter
                                                                        
+
                                                                        
-
-
-
-
-
-
-
-
-
-
-
@@ -136,7 +138,7 @@
 
                                                                      • Click OK. After the ingress is created, it is displayed in the ingress list.
                                                                        On the ELB console, you can check the load balancer automatically created through CCE. The default name is cce-lb-<ingress.UID>. Click the load balancer name to go to the details page. On the Listeners tab page, check the listener and forwarding policy of the target ingress.
                                                                        
 
                                                                         
                                                                        After an ingress is created, upgrade and maintain the selected load balancer on the CCE console. Do not modify the configuration on the ELB console. Otherwise, the ingress service may be abnormal.
                                                                        
 
                                                                        
-
                                                                      • Access the /healthz interface of the workload, for example, workload defaultbackend.
                                                                        1. Obtain the access address of the /healthz interface of the workload. The access address consists of the load balancer IP address, external port, and mapping URL, for example, 10.**.**.**:80/healthz.
                                                                        2. Enter the URL of the /healthz interface, for example, http://10.**.**.**:80/healthz, in the address box of the browser to access the workload, as shown in Figure 1.
                                                                          Figure 1 Accessing the /healthz interface of defaultbackend
                                                                          
+
                                                                        3. Access the /healthz interface of the workload, for example, workload defaultbackend.
                                                                          1. Obtain the access address of the /healthz interface of the workload. The access address consists of the load balancer IP address, external port, and mapping URL, for example, 10.**.**.**:80/healthz.
                                                                          2. Enter the URL of the /healthz interface, for example, http://10.**.**.**:80/healthz, in the address box of the browser to access the workload, as shown in Figure 1.
                                                                            Figure 1 Accessing the /healthz interface of defaultbackend
                                                                            
 
                                                                          
 
                                                                        
 
diff --git a/docs/cce/umn/cce_10_0252.html b/docs/cce/umn/cce_10_0252.html
index 49a6c5a92..e675a430a 100644
--- a/docs/cce/umn/cce_10_0252.html
+++ b/docs/cce/umn/cce_10_0252.html
@@ -7,14 +7,12 @@
 
                                                                        Compared with v1beta1, v1 has the following differences in parameters:
                                                                        
 
                                                                        • The ingress type is specified by spec.ingressClassName instead of kubernetes.io/ingress.class in annotations.
                                                                        • The format of backend has changed.
                                                                        • The pathType parameter must be specified for each path. The options are as follows:
                                                                          • ImplementationSpecific: The matching method depends on Ingress Controller. The matching method defined by ingress.beta.kubernetes.io/url-match-mode is used in CCE, which is the same as v1beta1.
                                                                          • Exact: exact matching of the URL, which is case-sensitive.
                                                                          • Prefix: matching based on the URL prefix separated by a slash (/). The match is case-sensitive, and elements in the path are matched one by one. A path element refers to a list of labels in the path separated by a slash (/).
                                                                          
 
                                                                        
-
                                                                        
+
                                                                        
 
 
                                                                        Prerequisites
                                                                        
 
                                                                        
-
                                                                        Creating an Ingress Using kubectl
                                                                        You can determine whether to automatically create a load balancer or use an existing one when creating an ingress.
                                                                        
-
                                                                        
 
                                                                        Automatically Creating a Load Balancer While Creating an Ingress
                                                                        The following describes how to run the kubectl command to automatically create a load balancer when creating an ingress.
                                                                        
-
                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                          vi ingress-test.yaml
                                                                          
+
                                                                          1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                          2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                            vi ingress-test.yaml
                                                                            
 
                                                                             
                                                                            Starting from cluster v1.23, the ingress version is switched from networking.k8s.io/v1beta1 to networking.k8s.io/v1. For details about the differences between v1 and v1beta1, see Ingress API Version Upgrade in CCE Clusters v1.23.
                                                                            
 
                                                                            
 
                                                                            Example of a shared load balancer (public network access) for clusters of v1.23 or later:
                                                                            apiVersion: networking.k8s.io/v1
@@ -36,6 +34,7 @@ metadata:
           "eip_type":"5_bgp"
         }'
     kubernetes.io/elb.tags: key1=value1,key2=value2           # ELB resource tags
+
 spec:
   rules: 
   - host: ''
@@ -70,6 +69,7 @@ metadata:
           "eip_type":"5_bgp"
         }'
     kubernetes.io/elb.tags: key1=value1,key2=value2           # ELB resource tags
+
 spec:
   rules: 
   - host: ''
@@ -107,6 +107,7 @@ metadata:
           "l7_flavor_name": "L7_flavor.elb.s1.small"
        }'
     kubernetes.io/elb.tags: key1=value1,key2=value2           # ELB resource tags
+
 spec:
   rules: 
   - host: ''
@@ -147,6 +148,7 @@ metadata:
           "l7_flavor_name": "L7_flavor.elb.s1.small"
        }'
     kubernetes.io/elb.tags: key1=value1,key2=value2           # ELB resource tags
+
 spec:
   rules:
   - host: ''
@@ -160,133 +162,135 @@ spec:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                            
 
                                                                            
 
-
                                                                        • Parameter
                                                                        
 
                                                                        Description
                                                                        
+
                                                                        Description
                                                                        
                                                                         		
 
                                                                        
 
                                                                        Protocol
                                                                        
+
                                                                        Protocol
                                                                        
 
                                                                        When the protocol of the target Service port is TCP, more protocols including HTTP are supported. 
                                                                        
+
                                                                        TCP and HTTP are supported. 
                                                                        
 
                                                                        • Check Path (supported only by HTTP for health check): specifies the health check URL. The check path must start with a slash (/) and contain 1 to 80 characters.
                                                                        
                                                                         		
 
                                                                        Port
                                                                        
+
                                                                        Port
                                                                        
 
                                                                        By default, the service port (NodePort or container port of the Service) is used for health check. You can also specify another port for health check. After the port is specified, a service port named cce-healthz will be added for the Service.
                                                                        
+
                                                                        By default, the service port (NodePort or container port of the Service) is used for health check. You can also specify another port for health check. After the port is specified, a service port named cce-healthz will be added for the Service.
                                                                        
 
                                                                        • Node Port: If a shared load balancer is used or no ENI instance is associated, the node port is used as the health check port. If this parameter is not specified, a random port is used. The value ranges from 30000 to 32767.
                                                                        • Container Port: When a dedicated load balancer is associated with an ENI instance, the container port is used for health check. The value ranges from 1 to 65535.
                                                                        
                                                                         		
 
                                                                        Check Period (s)
                                                                        
+
                                                                        Check Period (s)
                                                                        
 
                                                                        Specifies the maximum interval between health checks. The value ranges from 1 to 50.
                                                                        
+
                                                                        Specifies the maximum interval between health checks. The value ranges from 1 to 50.
                                                                        
                                                                         		
 
                                                                        Timeout (s)
                                                                        
+
                                                                        Timeout (s)
                                                                        
 
                                                                        Specifies the maximum timeout duration for each health check. The value ranges from 1 to 50.
                                                                        
+
                                                                        Specifies the maximum timeout for each health check. The value ranges from 1 to 50.
                                                                        
                                                                         		
 
                                                                        Max. Retries
                                                                        
+
                                                                        Max. Retries
                                                                        
 
                                                                        Specifies the maximum number of health check retries. The value ranges from 1 to 10.
                                                                        
+
                                                                        Specifies the maximum number of health check retries. The value ranges from 1 to 10.
                                                                        
                                                                         		
 
                                                                        
 
                                                                        Table 1 Key parameters
                                                                        Parameter
                                                                        
+
                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                        Table 1 Key parameters
                                                                        Parameter
                                                                        
 
                                                                        Mandatory
                                                                        
+
                                                                        Mandatory
                                                                        
 
                                                                        Type
                                                                        
+
                                                                        Type
                                                                        
 
                                                                        Description
                                                                        
+
                                                                        Description
                                                                        
                                                                         		
 
                                                                        
 
                                                                        kubernetes.io/elb.class
                                                                        
+
                                                                        kubernetes.io/elb.class
                                                                        
 
                                                                        Yes
                                                                        
+
                                                                        Yes
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        Select a proper load balancer type.
                                                                        
+
                                                                        Select a proper load balancer type.
                                                                        
 
                                                                        • union: shared load balancer
                                                                        • performance: dedicated load balancer
                                                                        
                                                                         		
 
                                                                        kubernetes.io/ingress.class
                                                                        
+
                                                                        kubernetes.io/ingress.class
                                                                        
 
                                                                        Yes
                                                                        
+
                                                                        Yes
                                                                        
 
                                                                        (only for clusters of v1.21 or earlier)
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        cce: A proprietary LoadBalancer ingress is used.
                                                                        
+
                                                                        cce: A proprietary LoadBalancer ingress is used.
                                                                        
 
                                                                        This parameter is mandatory when an ingress is created by calling the API.
                                                                        
                                                                         		
 
                                                                        ingressClassName
                                                                        
+
                                                                        ingressClassName
                                                                        
 
                                                                        Yes
                                                                        
+
                                                                        Yes
                                                                        
 
                                                                        (only for clusters of v1.23 or later)
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        cce: A proprietary LoadBalancer ingress is used.
                                                                        
+
                                                                        cce: A proprietary LoadBalancer ingress is used.
                                                                        
 
                                                                        This parameter is mandatory when an ingress is created by calling the API.
                                                                        
                                                                         		
 
                                                                        kubernetes.io/elb.port
                                                                        
+
                                                                        kubernetes.io/elb.port
                                                                        
 
                                                                        Yes
                                                                        
+
                                                                        No
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        This parameter indicates the external port registered with the address of the LoadBalancer Service.
                                                                        
-
                                                                        The value ranges from 1 to 65535.
                                                                        
-
                                                                         NOTE: 
                                                                        Some ports are high-risk ports and are blocked by default, for example, port 21.
                                                                        
+
                                                                        This parameter indicates the external port registered with the address of the LoadBalancer Service.
                                                                        
+
                                                                        The value ranges from 1 to 65535. The default value is 80 for HTTP and 443 for HTTPS.
                                                                        
+
                                                                         NOTE: 
                                                                        Some ports on a shared load balancer are highly risky and blocked by default, for example, port 21.
                                                                        
 
                                                                        
                                                                         		
 
                                                                        kubernetes.io/elb.subnet-id
                                                                        
+
                                                                        kubernetes.io/elb.subnet-id
                                                                        
 
                                                                        None
                                                                        
+
                                                                        None
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        ID of the subnet where the cluster is located. The value can contain 1 to 100 characters.
                                                                        
+
                                                                        ID of the subnet where the cluster is located. The value can contain 1 to 100 characters.
                                                                        
 
                                                                        • Mandatory when a cluster of v1.11.7-r0 or earlier is to be automatically created.
                                                                        • Optional for clusters later than v1.11.7-r0. It is left blank by default.
                                                                        
                                                                         		
 
                                                                        kubernetes.io/elb.autocreate
                                                                        
+
                                                                        kubernetes.io/elb.autocreate
                                                                        
 
                                                                        Yes
                                                                        
+
                                                                        Yes
                                                                        
 
                                                                        elb.autocreate object
                                                                        
+
                                                                        elb.autocreate object
                                                                        
 
                                                                        Whether to automatically create a load balancer associated with an ingress. For details about the field description, see Table 2.
                                                                        
+
                                                                        Whether to automatically create a load balancer associated with an ingress. For details about the field description, see Table 2.
                                                                        
 
                                                                        Example
                                                                        
-
                                                                        • Automatically created shared load balancer with an EIP bound:
                                                                          '{"type":"public","bandwidth_name":"cce-bandwidth-******","bandwidth_chargemode":"traffic","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
                                                                          
-
                                                                        • Automatically created shared load balancer:
                                                                          {"type":"inner","name":"A-location-d-test"}
                                                                          
+
                                                                          • Automatically created dedicated load balancer with an EIP bound:
                                                                            '{"type":"public","bandwidth_name":"cce-bandwidth-1741230802502","bandwidth_chargemode":"traffic","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","available_zone":["*****"],"elb_virsubnet_ids":["*****"],"l7_flavor_name":"L7_flavor.elb.pro.max","l4_flavor_name":"","vip_subnet_cidr_id":"*****"}'
                                                                            
+
                                                                          • Automatically created dedicated load balancer with no EIP bound:
                                                                            '{"type":"inner","available_zone":["*****"],"elb_virsubnet_ids":["*****"],"l7_flavor_name":"L7_flavor.elb.pro.max","l4_flavor_name":"","vip_subnet_cidr_id":"*****"}'
                                                                            
+
                                                                          • Automatically created shared load balancer with an EIP bound:
                                                                            '{"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"traffic,"bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
                                                                            
+
                                                                          • Automatically created shared load balancer with no EIP bound:
                                                                            {"type":"inner","name":"A-location-d-test"}
                                                                            
 
                                                                          
 
                                                                        		
 
                                                                        kubernetes.io/elb.tags
                                                                        
+
                                                                        kubernetes.io/elb.tags
                                                                        
 
                                                                        No
                                                                        
+
                                                                        No
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        Whether to add resource tags to a load balancer. This function is available only when the load balancer is automatically created, and the cluster is of v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later.
                                                                        
+
                                                                        Whether to add resource tags to a load balancer. This function is available only when the load balancer is automatically created, and the cluster is of v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later.
                                                                        
 
                                                                        A tag is in the format of "key=value". Use commas (,) to separate multiple tags.
                                                                        
                                                                         		
 
                                                                        host
                                                                        
+
                                                                        host
                                                                        
 
                                                                        No
                                                                        
+
                                                                        No
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        Domain name for accessing the Service. By default, this parameter is left blank, and the domain name needs to be fully matched. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                        
+
                                                                        Domain name for accessing the Service. By default, this parameter is left blank, and the domain name needs to be fully matched. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                        
                                                                         		
 
                                                                        path
                                                                        
+
                                                                        path
                                                                        
 
                                                                        Yes
                                                                        
+
                                                                        Yes
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        User-defined route path. All external access requests must match host and path.
                                                                        
+
                                                                        User-defined route path. All external access requests must match host and path.
                                                                        
 
                                                                         NOTE: 
                                                                        The access path added here must exist in the backend application. Otherwise, the forwarding fails.
                                                                        
 
                                                                        For example, the default access URL of the Nginx application is /usr/share/nginx/html. When adding /test to the ingress forwarding policy, ensure the access URL of your Nginx application contains /usr/share/nginx/html/test. Otherwise, error 404 will be returned.
                                                                        
 
                                                                        
                                                                         		
 
                                                                        ingress.beta.kubernetes.io/url-match-mode
                                                                        
+
                                                                        ingress.beta.kubernetes.io/url-match-mode
                                                                        
 
                                                                        No
                                                                        
+
                                                                        No
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        Route matching policy.
                                                                        
+
                                                                        Route matching policy.
                                                                        
 
                                                                        Default: STARTS_WITH (prefix match)
                                                                        
 
                                                                        Options:
                                                                        
 
                                                                        • EQUAL_TO: exact match
                                                                        • STARTS_WITH: prefix match
                                                                        • REGEX: regular expression match
                                                                        
                                                                         		
 
                                                                        pathType
                                                                        
+
                                                                        pathType
                                                                        
 
                                                                        Yes
                                                                        
+
                                                                        Yes
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        Path type. This field is supported only by clusters of v1.23 or later.
                                                                        • ImplementationSpecific: The matching method depends on Ingress Controller. The matching method defined by ingress.beta.kubernetes.io/url-match-mode is used in CCE.
                                                                        • Exact: exact matching of the URL, which is case-sensitive.
                                                                        • Prefix: prefix matching, which is case-sensitive. With this method, the URL path is separated into multiple elements by slashes (/) and the elements are matched one by one. If each element in the URL matches the path, the subpaths of the URL can be routed normally.
                                                                           NOTE: 
                                                                          • During prefix matching, each element must be exactly matched. If the last element of the URL is the substring of the last element in the request path, no matching is performed. For example, /foo/bar matches /foo/bar/baz but does not match /foo/barbaz.
                                                                          • When elements are separated by slashes (/), if the URL or request path ends with a slash (/), the slash (/) at the end is ignored. For example, /foo/bar matches /foo/bar/.
                                                                          
+
                                                                        Path type. This field is supported only by clusters of v1.23 or later.
                                                                        • ImplementationSpecific: The matching method depends on Ingress Controller. The matching method defined by ingress.beta.kubernetes.io/url-match-mode is used in CCE.
                                                                        • Exact: exact matching of the URL, which is case-sensitive.
                                                                        • Prefix: prefix matching, which is case-sensitive. With this method, the URL path is separated into multiple elements by slashes (/) and the elements are matched one by one. If each element in the URL matches the path, the subpaths of the URL can be routed normally.
                                                                           NOTE: 
                                                                          • During prefix matching, each element must be exactly matched. If the last element of the URL is the substring of the last element in the request path, no matching is performed. For example, /foo/bar matches /foo/bar/baz but does not match /foo/barbaz.
                                                                          • When elements are separated by slashes (/), if the URL or request path ends with a slash (/), the slash (/) at the end is ignored. For example, /foo/bar matches /foo/bar/.
                                                                          
 
                                                                          
 
                                                                        
 
                                                                        
@@ -297,168 +301,174 @@ spec:
 
                                                                        
 
                                                                        
 
-
                                                                        Table 2 elb.autocreate data structure
                                                                        Parameter
                                                                        
+
                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -475,7 +485,7 @@ ingress-test  cce      *         121.**.**.**     80      10s
                                                                        Associating an Existing Load Balancer to an Ingress While Creating the Ingress
                                                                        CCE allows you to connect to an existing load balancer when creating an ingress.
                                                                        
-
                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                          vi ingress-test.yaml
                                                                          
+
                                                                          1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                          2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                            vi ingress-test.yaml
                                                                            
 
                                                                             
                                                                            • Starting from cluster v1.23, the ingress version is switched from networking.k8s.io/v1beta1 to networking.k8s.io/v1. For details about the differences between v1 and v1beta1, see Ingress API Version Upgrade in CCE Clusters v1.23.
                                                                            • An existing dedicated load balancer must be of the application type (HTTP/HTTPS) and support private networks (with a private IP address).
                                                                            
 
                                                                            
 
                                                                            If the cluster version is 1.23 or later, the YAML file configuration is as follows:
                                                                            apiVersion: networking.k8s.io/v1
@@ -526,43 +536,45 @@ spec:
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                            
 
-
                                                                        Table 2 elb.autocreate data structure
                                                                        Parameter
                                                                        
 
                                                                        Mandatory
                                                                        
+
                                                                        Mandatory
                                                                        
 
                                                                        Type
                                                                        
+
                                                                        Type
                                                                        
 
                                                                        Description
                                                                        
+
                                                                        Description
                                                                        
                                                                         		
 
                                                                        
 
                                                                        name
                                                                        
+
                                                                        name
                                                                        
 
                                                                        No
                                                                        
+
                                                                        No
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        Name of the automatically created load balancer.
                                                                        
+
                                                                        Name of the automatically created load balancer.
                                                                        
 
                                                                        The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                        
 
                                                                        Default: cce-lb+service.UID
                                                                        
                                                                         		
 
                                                                        type
                                                                        
+
                                                                        type
                                                                        
 
                                                                        No
                                                                        
+
                                                                        No
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        Network type of the load balancer.
                                                                        
+
                                                                        Network type of the load balancer.
                                                                        
 
                                                                        • public: public network load balancer
                                                                        • inner: private network load balancer
                                                                        
 
                                                                        Default: inner
                                                                        
                                                                         		
 
                                                                        bandwidth_name
                                                                        
+
                                                                        bandwidth_name
                                                                        
 
                                                                        Yes for public network load balancers
                                                                        
+
                                                                        Yes for public network load balancers
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        Bandwidth name. The default value is cce-bandwidth-******.
                                                                        
+
                                                                        Bandwidth name. The default value is cce-bandwidth-******.
                                                                        
 
                                                                        The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                        
                                                                         		
 
                                                                        bandwidth_chargemode
                                                                        
+
                                                                        bandwidth_chargemode
                                                                        
 
                                                                        No
                                                                        
+
                                                                        No
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        Bandwidth mode.
                                                                        
+
                                                                        Bandwidth mode.
                                                                        
 
                                                                        • traffic: billed by traffic
                                                                        
-
                                                                        Default: traffic
                                                                        
+
                                                                        Default: traffic
                                                                        
                                                                         		
 
                                                                        bandwidth_size
                                                                        
+
                                                                        bandwidth_size
                                                                        
 
                                                                        Yes for public network load balancers
                                                                        
+
                                                                        Yes for public network load balancers
                                                                        
 
                                                                        Integer
                                                                        
+
                                                                        Integer
                                                                        
 
                                                                        Bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. Configure this parameter based on the bandwidth range allowed in your region.
                                                                        
+
                                                                        Bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. Configure this parameter based on the bandwidth range allowed in your region.
                                                                        
 
                                                                        The minimum increment for bandwidth adjustment varies depending on the bandwidth range.
                                                                        • The minimum increment is 1 Mbit/s if the allowed bandwidth does not exceed 300 Mbit/s.
                                                                        • The minimum increment is 50 Mbit/s if the allowed bandwidth ranges from 300 Mbit/s to 1000 Mbit/s.
                                                                        • The minimum increment is 500 Mbit/s if the allowed bandwidth exceeds 1000 Mbit/s.
                                                                        
 
                                                                        
                                                                         		
 
                                                                        bandwidth_sharetype
                                                                        
+
                                                                        bandwidth_sharetype
                                                                        
 
                                                                        Yes for public network load balancers
                                                                        
+
                                                                        Yes for public network load balancers
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        Bandwidth sharing mode.
                                                                        
+
                                                                        Bandwidth sharing mode.
                                                                        
 
                                                                        • PER: dedicated bandwidth
                                                                        
                                                                         		
 
                                                                        eip_type
                                                                        
+
                                                                        eip_type
                                                                        
 
                                                                        Yes for public network load balancers
                                                                        
+
                                                                        Yes for public network load balancers
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        EIP type.
                                                                        
+
                                                                        EIP type.
                                                                        
 
                                                                        • 5_bgp: dynamic BGP
                                                                        
 
                                                                        The specific type varies with regions. For details, see the EIP console.
                                                                        
                                                                         		
 
                                                                        vip_subnet_cidr_id
                                                                        
+
                                                                        vip_subnet_cidr_id
                                                                        
 
                                                                        No
                                                                        
+
                                                                        No
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        Subnet where a load balancer is located. The subnet must belong to the VPC where the cluster resides.
                                                                        
-
                                                                        If this parameter is not specified, the ELB load balancer and the cluster are in the same subnet.
                                                                        
+
                                                                        The ID of the IPv4 subnet where the load balancer resides. This subnet is used to allocate IP addresses for the load balancer to provide external services. The IPv4 subnet must belong to the cluster's VPC.
                                                                        
+
                                                                        If this parameter is not specified, the load balancer and the cluster will be in the same subnet by default.
                                                                        
 
                                                                        This field can be specified only for clusters of v1.21 or later.
                                                                        
+
                                                                        How to Obtain
                                                                        
+
                                                                        Log in to the VPC console. In the navigation pane, choose Subnets. Filter the target subnet by the cluster's VPC name, click the subnet name, and copy the IPv4 Subnet ID on the Summary tab page.
                                                                        
                                                                         		
 
                                                                        vip_address
                                                                        
+
                                                                        ipv6_vip_virsubnet_id
                                                                        
 
                                                                        No
                                                                        
+
                                                                        No
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        Private IP address of the load balancer. Only IPv4 addresses are supported.
                                                                        
+
                                                                        The ID of the IPv6 subnet where the load balancer is deployed. IPv6 must be enabled for the subnet.
                                                                        
+
                                                                        This parameter is available only for dedicated load balancers.
                                                                        
+
                                                                        How to Obtain
                                                                        
+
                                                                        Log in to the VPC console. In the navigation pane, choose Subnets. Filter the target subnet by the cluster's VPC name, click the subnet name, and copy the Network ID on the Summary tab page.
                                                                        
+
                                                                        elb_virsubnet_ids
                                                                        
+
                                                                        No
                                                                        
+
                                                                        Array of strings
                                                                        
+
                                                                        The network ID of the subnet where the load balancer is located. This subnet is used to allocate IP addresses for accessing the backend server. If this parameter is not specified, the subnet specified by vip_subnet_cidr_id will be used by default. Load balancers occupy varying numbers of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters or nodes) as the load balancer's CIDR block.
                                                                        
+
                                                                        This parameter is available only for dedicated load balancers.
                                                                        
+
                                                                        Example:
                                                                        
+
                                                                        "elb_virsubnet_ids": [
+   "14567f27-8ae4-42b8-ae47-9f847a4690dd"
+ ]
                                                                        
+
                                                                        How to Obtain
                                                                        
+
                                                                        Log in to the VPC console. In the navigation pane, choose Subnets. Filter the target subnet by the cluster's VPC name, click the subnet name, and copy the Network ID on the Summary tab page.
                                                                        
+
                                                                        vip_address
                                                                        
+
                                                                        No
                                                                        
+
                                                                        String
                                                                        
+
                                                                        Private IP address of the load balancer. Only IPv4 addresses are supported.
                                                                        
 
                                                                        The IP address must be in the ELB CIDR block. If this parameter is not specified, an IP address will be automatically assigned from the ELB CIDR block.
                                                                        
 
                                                                        This parameter is available only in clusters of v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later versions.
                                                                        
                                                                         		
 
                                                                        available_zone
                                                                        
+
                                                                        available_zone
                                                                        
 
                                                                        Yes
                                                                        
+
                                                                        Yes
                                                                        
 
                                                                        Array of strings
                                                                        
+
                                                                        Array of strings
                                                                        
 
                                                                        AZ where the load balancer is located.
                                                                        
+
                                                                        AZ where the load balancer is located.
                                                                        
 
                                                                        You can obtain all supported AZs by getting the AZ list.
                                                                        
 
                                                                        This parameter is available only for dedicated load balancers.
                                                                        
                                                                         		
 
                                                                        l4_flavor_name
                                                                        
+
                                                                        l4_flavor_name
                                                                        
 
                                                                        Yes
                                                                        
+
                                                                        No
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        Flavor name of the layer-4 load balancer.
                                                                        
+
                                                                        Flavor name of the layer-4 load balancer. This parameter is mandatory when TCP or UDP is used.
                                                                        
 
                                                                        You can obtain all supported types by getting the flavor list.
                                                                        
 
                                                                        This parameter is available only for dedicated load balancers.
                                                                        
                                                                         		
 
                                                                        l7_flavor_name
                                                                        
+
                                                                        l7_flavor_name
                                                                        
 
                                                                        No
                                                                        
+
                                                                        No
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        Flavor name of the layer-7 load balancer.
                                                                        
+
                                                                        Flavor name of the layer-7 load balancer. This parameter is mandatory when HTTP is used.
                                                                        
 
                                                                        You can obtain all supported types by getting the flavor list.
                                                                        
-
                                                                        This parameter is available only for dedicated load balancers. The value of this parameter must be the same as that of l4_flavor_name, that is, both are elastic specifications or fixed specifications.
                                                                        
-
                                                                        elb_virsubnet_ids
                                                                        
-
                                                                        No
                                                                        
-
                                                                        Array of strings
                                                                        
-
                                                                        Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                        
-
                                                                        This parameter is available only for dedicated load balancers.
                                                                        
-
                                                                        Example:
                                                                        
-
                                                                        "elb_virsubnet_ids": [
-   "14567f27-8ae4-42b8-ae47-9f847a4690dd"
- ]
                                                                        
-
                                                                        ipv6_vip_virsubnet_id
                                                                        
-
                                                                        No
                                                                        
-
                                                                        String
                                                                        
-
                                                                        ID of the IPv6 subnet where the load balancer resides. IPv6 must be enabled for the corresponding subnet. This parameter is mandatory only when the dual-stack clusters are used.
                                                                        
-
                                                                        This parameter is available only for dedicated load balancers.
                                                                        
+
                                                                        This parameter is available only for dedicated load balancers. Its value must match that of l4_flavor_name, meaning both must be either elastic specifications or fixed specifications.
                                                                        
                                                                         		
 
                                                                        
                                                                         
 
 
 
                                                                        
-
-
diff --git a/docs/cce/umn/cce_10_0351.html b/docs/cce/umn/cce_10_0351.html
index 79b7c4f8b..e644fbfe9 100644
--- a/docs/cce/umn/cce_10_0351.html
+++ b/docs/cce/umn/cce_10_0351.html
@@ -1,13 +1,13 @@
 
                                                                        CPU Policy
                                                                        
-
                                                                        Application Scenarios
                                                                        By default, kubelet uses CFS quotas to enforce pod CPU limits. When a node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether the pod is throttled and which CPU cores are available at scheduling time. Many workloads are not sensitive to this migration and thus work fine without any intervention. Some applications are CPU-sensitive. They are sensitive to:
                                                                        
+
                                                                        Application Scenarios
                                                                        By default, kubelet uses CFS quotas to enforce pod CPU limits. When a node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether the pod is throttled and which CPU cores are available at scheduling time. Many workloads are not sensitive to this migration and work fine without any intervention. Some applications are CPU-sensitive. They are sensitive to:
                                                                        
 
                                                                        • CPU throttling
                                                                        • Context switching
                                                                        • Processor cache misses
                                                                        • Cross-socket memory access
                                                                        • Hyperthreads that are expected to run on the same physical CPU card
                                                                        
 
                                                                        If your workloads are sensitive to any of these items, you can use Kubernetes CPU management policies to allocate dedicated CPU cores (through CPU core binding) to these workloads. This will shorten scheduling latency and improve application performance. The CPU manager preferentially allocates resources on a socket and full physical cores to avoid interference.
                                                                        
 
                                                                        A CPU management policy is specified by using kubelet --cpu-manager-policy. By default, Kubernetes supports the following policies:
                                                                        
 
                                                                        • none: the default policy. The none policy explicitly enables the existing default CPU affinity scheme, providing no affinity beyond what the OS scheduler does automatically.
                                                                        • static: The static policy allows containers in guaranteed pods with integer CPU requests to be use dedicated CPU resources on nodes through CPU core binding.
                                                                        
 
                                                                        
-
                                                                        Notes and Constraints
                                                                        The CPU management policy cannot take effect on physical cloud server nodes.
                                                                        
+
                                                                        Notes and Constraints
                                                                        The CPU management policy does not apply to ECS (PM) nodes in CCE Turbo clusters.
                                                                        
 
                                                                        
 
                                                                        Enabling CPU Management for the Default Node Pool
                                                                        When creating a cluster, you can enable CPU management in Advanced Settings.
                                                                        
 
                                                                        • If this function is enabled, the static Kubernetes policy is used, where CPU core binding is used.
                                                                        • If this function is disabled, the none Kubernetes policy is used, where CPU core binding is not used.
                                                                        
@@ -18,7 +18,7 @@
 
                                                                      • Click OK.
                                                                        • 
 
                                                                        
 
                                                                        Allowing Pods to Exclusively Use the CPU Resources
                                                                        Prerequisites:
                                                                        
-
+
 
                                                                        You can use node affinity scheduling to schedule the configured pods to the nodes where the static policy is enabled. In this way, the pods can exclusively use the CPU resources.
                                                                        
 
                                                                        Example YAML:
                                                                        kind: Deployment
 apiVersion: apps/v1
@@ -51,7 +51,7 @@ spec:
 
                                                                        Verification
                                                                        Take a node with 8 vCPUs and 16 GiB of memory as an example. Deploy a workload whose CPU request and limit are both 2 on the node beforehand.
                                                                        
 
                                                                        Log in to the node where the workload is running and check the /var/lib/kubelet/cpu_manager_state output.
                                                                        cat /var/lib/kubelet/cpu_manager_state
                                                                        
 
                                                                        
-
                                                                        The command output is as follows:
                                                                        
+
                                                                        Command output:
                                                                        
 
                                                                        {"policyName":"static","defaultCpuSet":"0-1,4-7","entries":{"de14506d-0408-411f-bbb9-822866b58ae2":{"container-1":"2-3"}},"checksum":3744493798}
                                                                        
 
                                                                        • If the policyName is static, the policy has been configured.
                                                                        • Value 2-3 indicates the set of CPUs that can be used by containers in the pod.
                                                                        
 
                                                                        
diff --git a/docs/cce/umn/cce_10_0355.html b/docs/cce/umn/cce_10_0355.html
index 37ec0d3d1..d9329f277 100644
--- a/docs/cce/umn/cce_10_0355.html
+++ b/docs/cce/umn/cce_10_0355.html
@@ -5,13 +5,13 @@
 
                                                                        If node-level affinity is configured for a Service (with externalTrafficPolicy set to Local), the Service will forward traffic only to pods on the node that run these pods. When a node or pod accesses another pod in the same cluster, if the node where the client runs does not have the corresponding backend pod, the access may fail.
                                                                        
 
                                                                        
 
                                                                        Solution
                                                                        CCE supports passthrough networking. You can configure the kubernetes.io/elb.pass-through annotation for the LoadBalancer Service so that the load balancer forwards the intra-cluster access to the IP address of the load balancer associated with the Service to backend pods.
                                                                        
-
                                                                        Figure 1 Passthrough networking illustration
                                                                        
+
                                                                        Figure 1 Passthrough networking illustration
                                                                        
 
                                                                        • CCE clusters
                                                                          When a LoadBalancer Service is accessed within the cluster, the access is forwarded to the backend pods using iptables/IPVS by default.
                                                                          
 
                                                                          When a LoadBalancer Service (configured with elb.pass-through) is accessed within the cluster, the access is first forwarded to the load balancer, then the nodes, and finally to the backend pods using iptables/IPVS.
                                                                          
 
                                                                        • CCE Turbo clusters
                                                                          When a client accesses a LoadBalancer Service from within the cluster, passthrough is used by default. In this case, the client directly accesses the load balancer private network IP address and then access a container through the load balancer.
                                                                          
 
                                                                        
 
                                                                        
-
                                                                        Constraints
                                                                        • In a CCE standard cluster, after passthrough networking is configured for a dedicated load balancer, the private IP address of the load balancer cannot be accessed from the node where the workload pod resides or other containers on the same node as the workload.
                                                                        • Passthrough networking is not supported for clusters of v1.15 or earlier.
                                                                        • In IPVS network mode, the passthrough settings of Services connected to the same load balancer must be the same.
                                                                        • If node-level (local) service affinity is used, kubernetes.io/elb.pass-through is automatically set to onlyLocal to enable pass-through.
                                                                        
+
                                                                        Notes and Constraints
                                                                        • In a CCE standard cluster, after passthrough networking is configured for a dedicated load balancer, the private IP address of the load balancer cannot be accessed from the node where the workload pod resides or other containers on the same node as the workload.
                                                                        • Passthrough networking is not supported for clusters of  or earlier.
                                                                        • In IPVS network mode, the passthrough settings of Services connected to the same load balancer must be the same.
                                                                        • If node-level (local) service affinity is used, kubernetes.io/elb.pass-through is automatically set to onlyLocal to enable pass-through.
                                                                        
 
                                                                        
 
                                                                        Procedure
                                                                        This section describes how to create a Deployment using an Nginx image and create a Service with passthrough networking enabled.
                                                                        
 
                                                                        1. Use the kubectl command line tool to connect to the cluster. 
                                                                        2. Use the Nginx image to create a Deployment.
                                                                          Create an nginx-deployment.yaml file. The file content is as follows:
                                                                          
@@ -43,7 +43,7 @@ spec:
       - name: default-secret
 
                                                                          Run the following command to deploy the workload:
                                                                          kubectl create -f nginx-deployment.yaml
                                                                          
 
                                                                          
-
                                                                        3. Create a LoadBalancer Service and set kubernetes.io/elb.pass-through to true.
                                                                          The content of the nginx-elb-svc.yaml file is as follows. (In this example, a shared load balancer named james is automatically created.)
                                                                          apiVersion: v1 
+
                                                                        4. Create a LoadBalancer Service and set kubernetes.io/elb.pass-through to true.
                                                                          The content of the nginx-elb-svc.yaml file is as follows: (In this example, a shared load balancer named james is automatically created.)
                                                                          apiVersion: v1 
 kind: Service 
 metadata: 
   annotations:   
@@ -68,6 +68,7 @@ spec:
 
                                                                        
 
                                                                        
 
                                                                        Verification
                                                                        1. Log in to the ELB console and check the load balancer (named james in this example) associated with the Service.
                                                                        2. Click the load balancer name and click the Monitoring tab.
                                                                          There is 0 connections to the load balancer.
                                                                          
+
                                                                          
 
                                                                        3. Log in to an Nginx container in the cluster using kubectl and access the IP address of the load balancer.
                                                                          1. Obtain the Nginx containers in the cluster.
                                                                            kubectl get pod
                                                                            
 
                                                                            Information similar to the following is displayed:
                                                                            NAME                     READY   STATUS    RESTARTS   AGE
 nginx-7c4c5cc6b5-vpncx   1/1     Running   0          9m47s
diff --git a/docs/cce/umn/cce_10_0360.html b/docs/cce/umn/cce_10_0360.html
index 7008930d8..24ef2146b 100644
--- a/docs/cce/umn/cce_10_0360.html
+++ b/docs/cce/umn/cce_10_0360.html
@@ -21,7 +21,7 @@ nameserver 10.247.3.10
 search default.svc.cluster.local svc.cluster.local cluster.local
 options ndots:5 timeout single-request-reopen
                                                                            
 
                                                                            When a user accesses the Service name:Port of the Nginx pod, the IP address of the Nginx Service is resolved from CoreDNS, and then the IP address of the Nginx Service is accessed. In this way, the user can access the backend Nginx pod.
                                                                            
-
                                                                            Figure 1 Example of domain name resolution in a cluster
                                                                            
+
                                                                            Figure 1 Example of domain name resolution in a cluster
                                                                            
 
                                                                            
 
                                                                            How Does Domain Name Resolution Work in Kubernetes?
                                                                            DNS policies can be configured for each pod. Kubernetes supports DNS policies Default, ClusterFirst, ClusterFirstWithHostNet, and None. For details, see DNS for Services and Pods. These policies are specified in the dnsPolicy field in the pod-specific.
                                                                            
 
                                                                            • Default: Pods inherit the name resolution configuration from the node that the pods run on. The custom upstream DNS server and the stub domain cannot be used together with this policy.
                                                                            • ClusterFirst: Any DNS query that does not match the configured cluster domain suffix, such as www.kubernetes.io, is forwarded to the upstream name server inherited from the node. Cluster administrators may have extra stub domains and upstream DNS servers configured. 
                                                                            • ClusterFirstWithHostNet: For pods running with hostNetwork, set its DNS policy ClusterFirstWithHostNet.
                                                                            • None: It allows a pod to ignore DNS settings from the Kubernetes environment. All DNS settings are supposed to be provided using the dnsPolicy field in the pod-specific.
                                                                            
@@ -33,7 +33,7 @@ options ndots:5 timeout single-request-reopen
 
                                                                            1. The query is first sent to the DNS caching layer in CoreDNS.
                                                                            2. From the caching layer, the suffix of the request is examined and then the request is forwarded to the corresponding DNS:
                                                                              • Names with the cluster suffix, for example, .cluster.local: The request is sent to CoreDNS.
                                                                              
 
                                                                              • Names with the stub domain suffix, for example, .acme.local: The request is sent to the configured custom DNS resolver that listens, for example, on 1.2.3.4.
                                                                              • Names that do not match the suffix (for example, widget.com): The request is forwarded to the upstream DNS.
                                                                              
 
                                                                            
-
                                                                            Figure 2 Routing
                                                                            
+
                                                                            Figure 2 Routing
                                                                            
 
                                                                            
 
                                                                            Related Operations
                                                                            You can also configure DNS in a workload. For details, see DNS Configuration.
                                                                            
 
                                                                            You can also use CoreDNS to implement user-defined domain name resolution. For details, see Using CoreDNS for Custom Domain Name Resolution.
                                                                            
diff --git a/docs/cce/umn/cce_10_0363.html b/docs/cce/umn/cce_10_0363.html
index db935d251..06defce5e 100644
--- a/docs/cce/umn/cce_10_0363.html
+++ b/docs/cce/umn/cce_10_0363.html
@@ -80,7 +80,7 @@
 
                                                                        
@@ -94,22 +94,21 @@
 
-
@@ -155,7 +154,7 @@
 
diff --git a/docs/cce/umn/cce_10_0364.html b/docs/cce/umn/cce_10_0364.html
index 3d391b4d8..aafd667b0 100644
--- a/docs/cce/umn/cce_10_0364.html
+++ b/docs/cce/umn/cce_10_0364.html
@@ -6,11 +6,11 @@
 
                                                                        Compared with v1beta1, v1 has the following differences in parameters:
                                                                        • The ingress type is specified by spec.ingressClassName instead of kubernetes.io/ingress.class in annotations.
                                                                        • The format of backend has changed.
                                                                        • The pathType parameter must be specified for each path. The options are as follows:
                                                                          • ImplementationSpecific: The matching method depends on Ingress Controller. The matching method defined by ingress.beta.kubernetes.io/url-match-mode is used in CCE, which is the same as v1beta1.
                                                                          • Exact: exact matching of the URL, which is case-sensitive.
                                                                          • Prefix: matching based on the URL prefix separated by a slash (/). The match is case-sensitive, and elements in the path are matched one by one. A path element refers to a list of labels in the path separated by a slash (/).
                                                                          
 
                                                                        
-
                                                                        
+
                                                                        Prerequisites
                                                                        
 
                                                                        
-
                                                                        Creating an Nginx Ingress
                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                          vi ingress-test.yaml
                                                                          
+
                                                                          Creating an Nginx Ingress
                                                                          1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                          2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                            vi ingress-test.yaml
                                                                            
 
                                                                             
                                                                            Starting from cluster v1.23, the ingress version is switched from networking.k8s.io/v1beta1 to networking.k8s.io/v1. For details about the differences between v1 and v1beta1, see Ingress API Version Upgrade in CCE Clusters v1.23.
                                                                            
 
                                                                            
 
                                                                            The following uses HTTP as an example to describe how to configure the YAML file:
                                                                            
@@ -32,7 +32,7 @@ spec:
             property:
               ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
             pathType: ImplementationSpecific
-  ingressClassName: nginx   # Nginx Ingress is used. If multiple Nginx Ingress controllers are installed in the cluster, replace nginx with the custom name of the controller associated with the ingress.
+  ingressClassName: nginx   # Nginx ingresses are used. If multiple NGINX Ingress Controllers are installed in the cluster, replace nginx with the custom names of the controllers associated with the ingresses.
 
                                                                          
 
                                                                          For clusters of v1.21 or earlier:
                                                                          apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
@@ -78,8 +78,8 @@ spec:
 
 
                                                                        
-
diff --git a/docs/cce/umn/cce_10_0365.html b/docs/cce/umn/cce_10_0365.html
index f2f889e18..89b393f54 100644
--- a/docs/cce/umn/cce_10_0365.html
+++ b/docs/cce/umn/cce_10_0365.html
@@ -1,11 +1,11 @@
 
                                                                        DNS Configuration
                                                                        
-
                                                                        Every Kubernetes cluster has a built-in DNS add-on (Kube-DNS or CoreDNS) to provide domain name resolution for workloads in the cluster. When handling a high concurrency of DNS queries, Kube-DNS/CoreDNS may encounter a performance bottleneck, that is, it may fail occasionally to fulfill DNS queries. There are cases when Kubernetes workloads initiate unnecessary DNS queries. This makes DNS overloaded if there are many concurrent DNS queries. Tuning DNS configuration for workloads will reduce the risks of DNS query failures to some extent.
                                                                        
+
                                                                        Every Kubernetes cluster has a built-in DNS add-on (Kube-DNS or CoreDNS) to provide domain name resolution for workloads in the cluster. When handling a high concurrency of DNS queries, Kube-DNS/CoreDNS may encounter a performance bottleneck, that is, it may fail occasionally to fulfill DNS queries. Kubernetes workloads occasionally generate unnecessary DNS queries, which can overload the DNS system during periods of high query concurrency. Tuning DNS configuration for workloads will reduce the risks of DNS query failures to some extent.
                                                                        
 
                                                                        For more information about DNS, see CoreDNS.
                                                                        
 
                                                                        DNS Configuration Items
                                                                        Run the cat /etc/resolv.conf command on a Linux node or container to view the DNS resolver configuration file. The following is an example DNS resolver configuration of a container in a Kubernetes cluster:
                                                                        nameserver 10.247.x.x
 search default.svc.cluster.local svc.cluster.local cluster.local
-options ndots:5
                                                                        
+options single-request-reopen timeout:2 ndots:5
 
                                                                        
 
                                                                        Configuration Options
                                                                        • nameserver: an IP address list of a name server that the resolver will query. If this parameter is set to 10.247.x.x, the resolver will query the kube-dns/CoreDNS. If this parameter is set to another IP address, the resolver will query a cloud or on-premises DNS server.
                                                                        • search: a search list for host-name lookup. When a domain name cannot be resolved, DNS queries will be attempted combining the domain name with each domain in the search list in turn until a match is found or all domains in the search list are tried. For CCE clusters, the search list is currently limited to three domains per container. When a nonexistent domain name is being resolved, eight DNS queries will be initiated because each domain name (including those in the search list) will be queried twice, one for IPv4 and the other for IPv6.
                                                                        • options: options that allow certain internal resolver variables to be modified. Common options include timeout and ndots.
                                                                          The value ndots:5 means that if a domain name has fewer than 5 dots (.), DNS queries will be attempted by combining the domain name with each domain in the search list in turn. If no match is found after all the domains in the search list are tried, the domain name is then used for DNS query. If the domain name has 5 or more than 5 dots, it will be tried first for DNS query. In case that the domain name cannot be resolved, DNS queries will be attempted by combining the domain name with each domain in the search list in turn. 
                                                                          
 
                                                                          For example, the domain name www.***.com has only two dots (smaller than the value of ndots), and therefore the sequence of DNS queries is as follows: www.***.com.default.svc.cluster.local, www.***.com.svc.cluster.local, www.***.com.cluster.local, and www.***.com. This means that at least seven DNS queries will be initiated before the domain name is resolved into an IP address. It is clear that when many unnecessary DNS queries will be initiated to access an external domain name. There is room for improvement in workload's DNS configuration.
                                                                          
@@ -14,7 +14,7 @@
 
                                                                           
                                                                          For more information about configuration options in the resolver configuration file used by Linux operating systems, visit http://man7.org/linux/man-pages/man5/resolv.conf.5.html.
                                                                          
 
                                                                          
 
                                                                        
-
                                                                        Configuring DNS for a Workload Using the Console
                                                                        Kubernetes provides DNS-related configuration options for applications. The use of application's DNS configuration can effectively reduce unnecessary DNS queries in certain scenarios and improve service concurrency. The following procedure uses an Nginx application as an example to describe how to add DNS configurations for a workload on the console.
                                                                        
+
                                                                        Configuring DNS for a Workload Through the Console
                                                                        Kubernetes provides DNS-related configuration options for applications. The use of application's DNS configuration can effectively reduce unnecessary DNS queries in certain scenarios and improve service concurrency. The following procedure uses an Nginx application as an example to describe how to add DNS configurations for a workload on the console.
                                                                        
 
                                                                        1. Log in to the CCE console, access the cluster console, select Workloads in the navigation pane, and click Create Workload in the upper right corner.
                                                                        2. Configure basic information about the workload. For details, see Creating a Workload.
                                                                        3. In the Advanced Settings area, click the DNS tab and set the following parameters as required:
                                                                          • DNS Policy: The DNS policies provided on the console correspond to the dnsPolicy field in the YAML file. For details, see Table 1.
                                                                            • Supplement defaults: corresponds to dnsPolicy=ClusterFirst. Containers can resolve both the cluster-internal domain names registered by a Service and the external domain names exposed to public networks.
                                                                            • Replace defaults: corresponds to dnsPolicy=None. You must configure IP Address and Search Domain. Containers only use the user-defined IP address and search domain configurations for domain name resolution.
                                                                            • Inherit defaults: corresponds to dnsPolicy=Default. Containers use the domain name resolution configuration from the node that pods run on and cannot resolve the cluster-internal domain names.
                                                                            
 
                                                                          • Optional Objects: The options parameters in the dnsConfig field. Each object may have a name property (required) and a value property (optional). After setting the properties, click confirm to add.
                                                                            • timeout: Timeout interval, in seconds.
                                                                            • ndots: Number of dots (.) that must be present in a domain name. If a domain name has dots fewer than this value, the operating system will look up the name in the search domain. If not, the name is a fully qualified domain name (FQDN) and will be tried first as an absolute name.
                                                                            
 
                                                                          • IP Address of DNS Server: nameservers in dnsConfig. You can configure a domain name server for a custom domain name. The value is one or a group of DNS IP addresses.
                                                                          • Search Domain: searches in the dnsConfig. A list of DNS search domains for hostname lookup in the pod. This property is optional. When specified, the provided list will be merged into the search domain names generated from the chosen DNS policy in dnsPolicy. Duplicate domain names are removed.
                                                                          • Host Alias: Add the mapping between domain names and IP addresses to the local configuration file /etc/hosts of a pod for simplified local domain name resolution. For details, see Adding entries to Pod /etc/hosts with HostAliases
                                                                          
@@ -62,7 +62,7 @@ spec:
 
 
                                                                        
-
                                                                        Table 3 Key parameters
                                                                        Parameter
                                                                        
+
                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -102,7 +102,7 @@
 
                                                                        
-
                                                                        Example of Enabling Unsafe Sysctls in Pod Security Policy
                                                                        You can configure allowed-unsafe-sysctls for a node pool. For CCE clusters of v1.17.17 and later versions, add configurations in allowedUnsafeSysctls of the pod security policy to make the configuration take effect. For details, see Table 1.
                                                                        
+
                                                                        Example of Enabling Unsafe sysctls in a PSP
                                                                        You can configure allowed-unsafe-sysctls for a node pool. For CCE clusters of v1.17.17 and later versions, add configurations in allowedUnsafeSysctls of the pod security policy to make the configuration take effect. For details, see Table 1.
                                                                        
 
                                                                        In addition to modifying the global pod security policy, you can add new pod security policies. For example, enable the net.core.somaxconn unsafe sysctls. The following is an example of adding a pod security policy:
                                                                        
 
                                                                        apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
diff --git a/docs/cce/umn/cce_10_0276.html b/docs/cce/umn/cce_10_0276.html
index 88bc2e703..b99c68e9d 100644
--- a/docs/cce/umn/cce_10_0276.html
+++ b/docs/cce/umn/cce_10_0276.html
@@ -2,11 +2,11 @@
 
 
                                                                        Performing Rolling Upgrade for Nodes
                                                                        
 
                                                                        Scenario
                                                                        In a rolling upgrade, a new node is created, existing workloads are migrated to the new node, and then the old node is deleted. Figure 1 shows the migration process.
                                                                        
-
                                                                        Figure 1 Workload migration
                                                                        
+
                                                                        Figure 1 Workload migration
                                                                        
 
                                                                        
 
                                                                        Notes and Constraints
                                                                        • The original node and the target node to which the workload is to be migrated must be in the same cluster.
                                                                        • The cluster must be of v1.13.10 or later.
                                                                        • The default node pool does not support this configuration.
                                                                        
 
                                                                        
-
                                                                        Procedure If the Original Node Is in the Default Pool
                                                                        1. Create a node pool. For details, see Creating a Node Pool.
                                                                        2. On the node pool list page, click View Node in the Operation column of the target node pool. The IP address of the new node is displayed in the node list.
                                                                        1. Install and configure kubectl. For details, see Connecting to a Cluster Using kubectl.
                                                                        1. Migrate the workload.
                                                                          1. Add a taint to the node where the workload needs to be migrated out.
                                                                            kubectl taint node [node] key=value:[effect]
                                                                            
+
                                                                            Procedure If the Original Node Is in the Default Pool
                                                                            1. Create a node pool. For details, see Creating a Node Pool.
                                                                            2. On the node pool list page, click View Node in the Operation column of the target node pool. The IP address of the new node is displayed in the node list.
                                                                            1. Install and configure kubectl. For details, see Accessing a Cluster Using kubectl.
                                                                            1. Migrate the workload.
                                                                              1. Add a taint to the node where the workload needs to be migrated out.
                                                                                kubectl taint node [node] key=value:[effect]
                                                                                
 
                                                                                In the preceding command, [node] indicates the IP address of the node where the workload to be migrated is located. The value of [effect] can be NoSchedule, PreferNoSchedule, or NoExecute. In this example, set this parameter to NoSchedule.
                                                                                
 
                                                                                • NoSchedule: Pods that do not tolerate this taint are not scheduled on the node; existing pods are not evicted from the node.
                                                                                • PreferNoSchedule: Kubernetes tries to avoid scheduling pods that do not tolerate this taint onto the node.
                                                                                • NoExecute: A pod is evicted from the node if it is already running on the node, and is not scheduled onto the node if it is not yet running on the node.
                                                                                
 
                                                                                 
                                                                                To reset a taint, run the kubectl taint node [node] key:[effect]- command to remove the taint.
                                                                                
diff --git a/docs/cce/umn/cce_10_0277.html b/docs/cce/umn/cce_10_0277.html
index 0695892ec..219d30075 100644
--- a/docs/cce/umn/cce_10_0277.html
+++ b/docs/cce/umn/cce_10_0277.html
@@ -3,6 +3,7 @@
 
                                                                                Overview
                                                                                
 
                                                                                CCE provides multiple types of add-ons to extend cluster functions and meet feature requirements. You can install add-ons as required.
                                                                                
 
                                                                                 
                                                                                CCE uses Helm charts to deploy add-ons. To modify or upgrade an add-on, perform operations on the Add-ons page or use open add-on management APIs. Do not directly modify resources related to add-ons in the background. Otherwise, add-on exceptions or other unexpected problems may occur.
                                                                                
+
                                                                                Add-on pods are prioritized over service pods. When cluster resources are limited, the add-on pods can use resources that would otherwise be allocated to service pods. This may result in the eviction of service pods.
                                                                                
 
                                                                                
 
                                                                                Scheduling and Elasticity Add-ons
                                                                                
 
                                                                        Table 3 Key parameters
                                                                        Parameter
                                                                        
 
                                                                        Mandatory
                                                                        
+
                                                                        Mandatory
                                                                        
 
                                                                        Type
                                                                        
+
                                                                        Type
                                                                        
 
                                                                        Description
                                                                        
+
                                                                        Description
                                                                        
                                                                         		
 
                                                                        
 
                                                                        kubernetes.io/elb.id
                                                                        
+
                                                                        kubernetes.io/elb.id
                                                                        
 
                                                                        Yes
                                                                        
+
                                                                        No
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        ID of a load balancer. The value can contain 1 to 100 characters.
                                                                        
+
                                                                        ID of a load balancer. The value can contain 1 to 100 characters.
                                                                        
+
                                                                        Use either this parameter or kubernetes.io/elb.ip. If they conflict, kubernetes.io/elb.id will take precedence.
                                                                        
 
                                                                        How to obtain:
                                                                        
 
                                                                        On the management console, click Service List, and choose Networking > Elastic Load Balance. Click the name of the target load balancer. On the Summary tab page, find and copy the ID.
                                                                        
                                                                         		
 
                                                                        kubernetes.io/elb.ip
                                                                        
+
                                                                        kubernetes.io/elb.ip
                                                                        
 
                                                                        No
                                                                        
+
                                                                        No
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        Service address of a load balancer. The value can be the public IP address of a public network load balancer or the private IP address of a private network load balancer.
                                                                        
+
                                                                        Service address of a load balancer. The value can be the public IP address of a public network load balancer or the private IP address of a private network load balancer.
                                                                        
+
                                                                        Use either this parameter or kubernetes.io/elb.id. If they conflict, kubernetes.io/elb.id will take precedence.
                                                                        
                                                                         		
 
                                                                        kubernetes.io/elb.class
                                                                        
+
                                                                        kubernetes.io/elb.class
                                                                        
 
                                                                        Yes
                                                                        
+
                                                                        Yes
                                                                        
 
                                                                        String
                                                                        
+
                                                                        String
                                                                        
 
                                                                        Load balancer type.
                                                                        
+
                                                                        Load balancer type.
                                                                        
 
                                                                        • union: shared load balancer
                                                                        • performance: dedicated load balancer, which can be used only in clusters of v1.17 and later.
                                                                        
 
                                                                         NOTE: 
                                                                        If a LoadBalancer ingress accesses an existing dedicated load balancer, the dedicated load balancer must be of the application load balancing (HTTP/HTTPS) type.
                                                                        
 
                                                                        
@@ -578,7 +590,7 @@ spec:
 
                                                                        If information similar to the following is displayed, the ingress has been created:
                                                                        
 
                                                                        NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
 ingress-test  cce      *         121.**.**.**     80      10s
                                                                        
-
                                                                      • Enter http://121.**.**.**:80 in the address box of the browser to access the workload (for example, Nginx workload).
                                                                        121.**.**.** indicates the IP address of the unified load balancer.
                                                                        
+
                                                                      • Enter http://121.**.**.**:80 in the address box of the browser to access the workload (for example, Nginx workload).
                                                                        121.**.**.** indicates the IP address of the unified load balancer.
                                                                        
 
                                                                        • 
 
 
diff --git a/docs/cce/umn/cce_10_0275.html b/docs/cce/umn/cce_10_0275.html
index 4ac0e7803..d95938702 100644
--- a/docs/cce/umn/cce_10_0275.html
+++ b/docs/cce/umn/cce_10_0275.html
@@ -3,7 +3,7 @@
 
                                                                        Configuring a Pod Security Policy
                                                                        
 
                                                                        A pod security policy (PSP) is a cluster-level resource that controls sensitive security aspects of the pod specification. The PodSecurityPolicy object in Kubernetes defines a group of conditions that a pod must comply with to be accepted by the system, as well as the default values of related fields.
                                                                        
 
                                                                        By default, the PSP access control component is enabled for clusters of v1.17.17 and a global default PSP named psp-global is created. You can modify the default policy (but not delete it). You can also create a PSP and bind it to the RBAC configuration.
                                                                        
-
                                                                         
                                                                        • In addition to the global default PSP, the system configures independent PSPs for system components in namespace kube-system. Modifying the psp-global configuration does not affect pod creation in namespace kube-system.
                                                                        • PodSecurityPolicy was deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. You can use pod security admission as a substitute for PodSecurityPolicy. For details, see Configuring Pod Security Admission.
                                                                        
+
                                                                         
                                                                        • In addition to the global default PSP, the system configures independent PSPs for system components in namespace kube-system. Modifying the psp-global configuration does not affect pod creation in namespace kube-system.
                                                                        • Starting from Kubernetes v1.21, PSP has been deprecated and will be fully removed in v1.25. Therefore, the information in this section applies only to clusters of a version earlier than v1.25. You can use pod security admission as a substitute for PSP. For details, see Configuring Pod Security Admission.
                                                                        
 
                                                                        
 
                                                                        Modifying the Global Default PSP
                                                                        Before modifying the global default PSP, ensure that a CCE cluster has been created and connected by using kubectl.
                                                                        
 
                                                                        1. Run the following command:
                                                                          kubectl edit psp psp-global
                                                                          
@@ -78,7 +78,7 @@
 
                                                                        
 
                                                                        seLinux
                                                                        
 
                                                                        Controls the configuration of seLinux used in pods.
                                                                        
+
                                                                        Controls the configuration of SELinux used in pods.
                                                                        
                                                                         		
 
                                                                        
 
                                                                        allowedProcMountTypes
                                                                        
@@ -94,7 +94,7 @@
 
                                                                        forbiddenSysctls
                                                                        
 
                                                                        allowedUnsafeSysctls
                                                                        
 
                                                                        Controls the configuration of Sysctl used by containers in a pod.
                                                                        
+
                                                                        Controls the configuration of sysctl used by containers in a pod.
                                                                        
                                                                         		
 
                                                                        
                                                                         
 
 
                                                                        
-
-
+
+
+
-
                                                                        Add-on Name
                                                                        
@@ -18,7 +19,7 @@
 
                                                                        
 
                                                                        CCE Cluster Autoscaler
                                                                        
 
                                                                        This add-on resizes a cluster based on pod scheduling status and resource usage.
                                                                        
+
                                                                        This add-on scales in or out the workload nodes in a cluster based on pod scheduling status and resource usage.
                                                                        
                                                                         		
 
                                                                        
 
                                                                        CCE Advanced HPA
                                                                        
@@ -39,7 +40,12 @@
 
                                                                        
 
                                                                        Cloud Native Cluster Monitoring
                                                                        
 
                                                                        This add-on uses Prometheus-operator and Prometheus to provide easy-to-use, end-to-end Kubernetes cluster monitoring.
                                                                        
+
                                                                        This add-on includes the Prometheus-operator and Prometheus components and provides easy-to-use, end-to-end Kubernetes cluster monitoring.
                                                                        
+
                                                                        Cloud Native Log Collection
                                                                        
+
                                                                        This add-on is developed based on Fluent Bit and OpenTelemetry for collecting logs. It supports CRD-based log collection policies, and collects and forwards standard output logs, container file logs, node logs, and Kubernetes events in a cluster.
                                                                        
                                                                         		
 
                                                                        
 
                                                                        CCE Node Problem Detector
                                                                        
@@ -81,7 +87,7 @@
 
 
                                                                        CoreDNS
                                                                        
 
                                                                        CoreDNS is a DNS server that provides domain name resolution for Kubernetes clusters through a chain add-on.
                                                                        
+
                                                                        This add-on is a DNS server that provides domain name resolution for Kubernetes clusters through a chain add-on.
                                                                        
                                                                         		
 
                                                                        
 
                                                                        NGINX Ingress Controller
                                                                        
@@ -266,9 +272,9 @@
 
                                                                        
 
                                                                        
 
                                                                        
-
                                                                         
                                                                        Add-on rollback is supported in certain add-on versions.
                                                                        
-
                                                                        • CoreDNS: 1.25.11 and later versions
                                                                        • Everest: 2.1.19 and later versions
                                                                        • Autoscaler:
                                                                          • v1.21 clusters: v1.21.22 and later versions
                                                                          • v1.23 clusters: v1.23.24 and later versions
                                                                          • v1.25 clusters: v1.25.14 and later versions
                                                                          
-
                                                                        • kube-prometheus-stack: v3.7.2 and later versions
                                                                        • Volcano: 1.11.4 and later versions
                                                                        • NPD: 1.18.22 and later versions
                                                                        
+
                                                                         
                                                                        Rollback is supported by the following add-ons of certain versions:
                                                                        
+
                                                                        • CoreDNS: 1.25.11 and later versions
                                                                        • CCE Container Storage (Everest): 2.1.19 and later versions
                                                                        • CCE Cluster Autoscaler
                                                                          • v1.21 clusters: v1.21.22 and later versions
                                                                          • v1.23 clusters: v1.23.24 and later versions
                                                                          • v1.25 clusters: v1.25.14 and later versions
                                                                          
+
                                                                        • Volcano Scheduler: 1.11.4 and later versions
                                                                        • CCE Node Problem Detector: 1.18.22 and later versions
                                                                        
 
                                                                        
 
                                                                        
 
                                                                        
diff --git a/docs/cce/umn/cce_10_0278.html b/docs/cce/umn/cce_10_0278.html
index 5d07a4772..212446bd2 100644
--- a/docs/cce/umn/cce_10_0278.html
+++ b/docs/cce/umn/cce_10_0278.html
@@ -8,11 +8,11 @@
 
 
                                                                        Notes and Constraints
                                                                        A maximum of 6000 Services can be created in each namespace. The Services mentioned here indicate the Kubernetes Service resources added for workloads.
                                                                        
 
                                                                        
-
                                                                        Namespace Types
                                                                        Namespaces can be created automatically or manually.
                                                                        
+
                                                                        Namespace Types
                                                                        Namespaces can be categorized based on how they are created.
                                                                        
 
                                                                        • Created automatically: When a cluster is up, the default, kube-public, kube-system, and kube-node-lease namespaces are created by default.
                                                                          • default: All objects for which no namespace is specified are allocated to this namespace.
                                                                          • kube-public: Resources in this namespace can be accessed by all users (including unauthenticated users) so that some resources in the cluster can be readable in the entire cluster. This is a reserved Kubernetes namespace. Its common attributes are only conventions but not requirements.
                                                                          • kube-system: All resources created by Kubernetes are in this namespace.
                                                                          • kube-node-lease: Each node has an associated Lease object in this namespace. The object is periodically updated by the node. Both NodeStatus and NodeLease are considered as heartbeats from a node. In versions earlier than v1.13, only NodeStatus is available. The NodeLease feature is introduced in v1.13. NodeLease is more lightweight than NodeStatus. This feature significantly improves the cluster scalability and performance.
                                                                          
-
                                                                        • Created manually: You can create namespaces to serve separate purposes. For example, you can create three namespaces, one for a development environment, one for joint debugging environment, and one for test environment. You can also create one namespace for login services and one for game services.
                                                                        
+
                                                                      • Created manually: You can create namespaces to serve separate purposes. For example, you can create three namespaces, one for a development environment, one for joint debugging environment, and one for test environment. You can also create one namespace for login services and one for game services.
                                                                      • Service mesh namespace: When ASM is used, namespaces named istio-system, asm-system, istio-operator, and mantis-system will be automatically created. These namespaces do not support quota management. Manually creating namespaces with these names will also affect these namespaces.
                                                                        • 
 
                                                                        
-
                                                                        Creating a Namespace
                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                        2. Choose Namespaces in the navigation pane and click Create Namespace in the upper right corner.
                                                                        3. Set namespace parameters based on Table 1.
                                                                          
+
                                                                          Creating a Namespace on the Console
                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                          2. Choose Namespaces in the navigation pane and click Create Namespace in the upper right corner.
                                                                          3. Set namespace parameters based on Table 1.
                                                                            
 
                                                                            
@@ -44,17 +44,20 @@
 
                                                                          4. After the configuration is complete, click OK.
                                                                            5. 
-
                                                                            Using kubectl to Create a Namespace
                                                                            Define a namespace.
                                                                            
-
                                                                            apiVersion: v1 
+
                                                                            Creating a Namespace Using kubectl
                                                                            1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                            2. Create a namespace.
                                                                              • Method 1: Use a YAML file to configure the namespace and run the kubectl apply command to create it.
                                                                                1. Create a custom-namespace.yaml file with the following data:
                                                                                  apiVersion: v1 
 kind: Namespace 
 metadata: 
   name: custom-namespace 
                                                                                  
-
                                                                                  Run the kubectl command to create it.
                                                                                  
-
                                                                                  $ kubectl create -f custom-namespace.yaml
-namespace/custom-namespace created 
                                                                                  
-
                                                                                  You can also run the kubectl create namespace command to create a namespace.
                                                                                  
-
                                                                                  $ kubectl create namespace custom-namespace 
-namespace/custom-namespace created 
                                                                                  
+
                                                                                2. Run the following command to create the namespace:
                                                                                  kubectl apply -f custom-namespace.yaml
                                                                                  
+
                                                                                  Command output:
                                                                                  
+
                                                                                  namespace/custom-namespace created 
                                                                                  
+
                                                                                
+
                                                                              • Method 2: Run the kubectl create namespace command to create a namespace.
                                                                                kubectl create namespace custom-namespace 
                                                                                
+
                                                                              
+
                                                                            3. Run the following command to verify the creation:
                                                                              kubectl get namespaces
                                                                              
+
                                                                              The custom-namespace namespace is displayed in the list.
                                                                              
+
                                                                              For more details about how to configure a namespace, see Manage Memory, CPU, and API Resources.
                                                                              
+
                                                                            
 
                                                                            
 
                                                                            
diff --git a/docs/cce/umn/cce_10_0279.html b/docs/cce/umn/cce_10_0279.html
index feeabcd23..556c114a0 100644
--- a/docs/cce/umn/cce_10_0279.html
+++ b/docs/cce/umn/cce_10_0279.html
@@ -17,7 +17,7 @@
 
 
                                                                            
-
@@ -48,7 +48,7 @@
 
 
                                                                            Table 1 Parameters for creating a namespace
                                                                            Parameter
                                                                            
                                                                             		
 
                                                                            Description
                                                                            
@@ -32,10 +32,10 @@
 
                                                                            Quota Management
                                                                            
                                                                             		
 
                                                                            Resource quotas can limit the amount of resources available in namespaces, achieving resource allocation by namespace.
                                                                            
-
                                                                             NOTICE: 
                                                                            You are advised to set resource quotas in the namespace as required to prevent cluster or node exceptions caused by resource overload.
                                                                            
-
                                                                            For example, the default number of pods that can be created on each node in a cluster is 110. If you create a cluster with 50 nodes, you can create a maximum of 5,500 pods. Therefore, you can set a resource quota to ensure that the total number of pods in all namespaces does not exceed 5,500.
                                                                            
+
                                                                             NOTICE: 
                                                                            Configure resource quotas for each namespace to prevent overloading the cluster or nodes with excessive resources.
                                                                            
+
                                                                            For example, if your cluster resources are limited but you need to use multiple namespaces to isolate resources of different services, you can configure resource quotas for each namespace to maintain cluster stability and proper resource allocation.
                                                                            
 
                                                                            
-
                                                                            Enter an integer. If the quota of a resource is not specified, no limit is posed on the resource.
                                                                            
+
                                                                            Enter a value. If a resource quota is not specified, there will be no limit imposed on the resource.
                                                                            
 
                                                                            If you want to limit the CPU or memory quota, you must specify the CPU or memory request value when creating a workload.
                                                                            
 
                                                                            		
 
                                                                            
 
 
 
                                                                            Component
                                                                            
 
                                                                            Component Description
                                                                            
+
                                                                            Description
                                                                            
                                                                             		
 
                                                                            Reference
                                                                            
 
                                                                            
-
diff --git a/docs/cce/umn/cce_10_0281.html b/docs/cce/umn/cce_10_0281.html
index de3196e5b..442eda7cf 100644
--- a/docs/cce/umn/cce_10_0281.html
+++ b/docs/cce/umn/cce_10_0281.html
@@ -22,9 +22,9 @@
 
-
-
-
-
@@ -42,6 +42,13 @@
 
                                                                            Max networking scale: 2,000 nodes
                                                                            
+
+
+
+
-
diff --git a/docs/cce/umn/cce_10_0345.html b/docs/cce/umn/cce_10_0345.html
index 0af4a1da4..9d73a2130 100644
--- a/docs/cce/umn/cce_10_0345.html
+++ b/docs/cce/umn/cce_10_0345.html
@@ -2,7 +2,7 @@
 
 
                                                                            Default GPU Scheduling in Kubernetes
                                                                            You can use GPUs in CCE containers.
                                                                            
-
                                                                            Prerequisites
                                                                            • A GPU node has been created. For details, see Creating a Node.
                                                                            • The CCE AI Suite (NVIDIA GPU) add-on has been installed. During the installation, select the driver corresponding to the GPU model on the node. For details, see CCE AI Suite (NVIDIA GPU).
                                                                            • When the default GPU scheduling is used in clusters of v1.27 or earlier, the CCE AI Suite (NVIDIA GPU) add-on mounts the driver directory to /usr/local/nvidia/lib64, so you need to add /usr/local/nvidia/lib64 to the LD_LIBRARY_PATH environment variable to use GPUs in a container. You can skip this step for clusters of v1.28 or later.
                                                                              You can add environment variables in any of the following ways:
                                                                              
+
                                                                              Prerequisites
                                                                              • A GPU node has been created. For details, see Creating a Node.
                                                                              • The CCE AI Suite (NVIDIA GPU) add-on has been installed, with the selected driver matching the GPU model on the node. For details, see CCE AI Suite (NVIDIA GPU).
                                                                              • When default GPU scheduling is used in clusters of v1.27 or earlier, the CCE AI Suite (NVIDIA GPU) add-on mounts the driver directory to /usr/local/nvidia/lib64. To use GPU resources in containers, you need to add /usr/local/nvidia/lib64 to the LD_LIBRARY_PATH environment variable. You can skip this step for clusters of v1.28 or later.
                                                                                You can add environment variables in any of the following ways:
                                                                                
 
                                                                                • Configure the LD_LIBRARY_PATH environment variable in the Dockerfile used for creating an image. (Recommended)
                                                                                  ENV LD_LIBRARY_PATH /usr/local/nvidia/lib64:$LD_LIBRARY_PATH
                                                                                  
 
                                                                                • Configure the LD_LIBRARY_PATH environment variable in the image startup command.
                                                                                  /bin/bash -c "export LD_LIBRARY_PATH=/usr/local/nvidia/lib64:$LD_LIBRARY_PATH && ..."
                                                                                  
 
                                                                                • Define the LD_LIBRARY_PATH environment variable when creating a workload. (Ensure that this variable is not configured in the container. Otherwise, it will be overwritten.)
                                                                                  ...
@@ -49,13 +49,14 @@ spec:
 
                                                                                  After nvidia.com/gpu is specified, workloads will not be scheduled to nodes without GPUs. If the node is GPU-starved, Kubernetes events similar to the following are reported:
                                                                                  
 
                                                                                  • 0/2 nodes are available: 2 Insufficient nvidia.com/gpu.
                                                                                  • 0/4 nodes are available: 1 InsufficientResourceOnSingleGPU, 3 Insufficient nvidia.com/gpu.
                                                                                  
 
                                                                                  To use GPU resources on the CCE console, you only need to configure the GPU quota when creating a workload.
                                                                                  
+
                                                                                  
 
                                                                              
-
                                                                              GPU Node Labels
                                                                              CCE will label GPU-enabled nodes after they are created. Different types of GPU-enabled nodes have different labels.
                                                                              
-
                                                                              $ kubectl get node -L accelerator
-NAME           STATUS   ROLES    AGE     VERSION                                    ACCELERATOR
+
                                                                              GPU Node Labels
                                                                              CCE will label GPU nodes that are ready to use. When using GPUs, you can enable affinity between pods and nodes based on labels so that the pods can be scheduled to the correct nodes. To do so, perform the following operations:
                                                                              
+
                                                                              1. Run the following command to view all nodes in the cluster and retrieve the value of the accelerator label (if applicable):
                                                                                kubectl get node -L accelerator
                                                                                
+
                                                                                The following information is displayed, showing the label value:
                                                                                
+
                                                                                NAME           STATUS   ROLES    AGE     VERSION                                    ACCELERATOR
 10.100.2.179   Ready    <none>   8m43s   v1.19.10-r0-CCE21.11.1.B006-21.11.1.B006   nvidia-t4
                                                                                
-
                                                                                When using GPUs, you can enable the affinity between pods and nodes based on labels so that the pods can be scheduled to the correct nodes.
                                                                                
-
                                                                                apiVersion: apps/v1
+
                                                                              2. When using a YAML file to create a workload, add the following parameters to define affinity between pods and nodes:
                                                                                apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: gpu-test
@@ -86,6 +87,7 @@ spec:
             nvidia.com/gpu: 1   # Maximum number of GPUs that can be used
       imagePullSecrets:
       - name: default-secret
                                                                                
+
                                                                              
 
                                                                              
 
                                                                              
 
                                                                              
diff --git a/docs/cce/umn/cce_10_0348.html b/docs/cce/umn/cce_10_0348.html
index 4fa62f6f8..29c3049bc 100644
--- a/docs/cce/umn/cce_10_0348.html
+++ b/docs/cce/umn/cce_10_0348.html
@@ -36,7 +36,7 @@
 
                                                                            Table 2 Node scaling types
                                                                            Component Name
                                                                            
 
                                                                            Component Description
                                                                            
+
                                                                            Description
                                                                            
                                                                             		
 
                                                                            Application Scenario
                                                                            
                                                                             		
 
                                                                            • Low requirements on performance: As the container tunnel network requires additional VXLAN tunnel encapsulation, it has about 5% to 15% of performance loss when compared with the other two container network models. Therefore, the container tunnel network applies to the scenarios that do not have high performance requirements, such as web applications, and middle-end and back-end services with a small number of access requests.
                                                                            • Large-scale networking: Different from the VPC network that is limited by the VPC route quota, the container tunnel network does not have any restriction on the infrastructure. In addition, the container tunnel network controls the broadcast domain to the node level. The container tunnel network supports a maximum of 2000 nodes.
                                                                            
 
                                                                            • High performance requirements: As no tunnel encapsulation is required, the VPC network model delivers the performance close to that of a VPC network when compared with the container tunnel network model. Therefore, the VPC network model applies to scenarios that have high requirements on performance, such as AI computing and big data computing.
                                                                            • Small- and medium-scale networks: Due to the limitation on VPC routing tables, it is recommended that the number of nodes in a cluster be less than or equal to 1000.
                                                                            
+
                                                                            • High performance requirements: As no tunnel encapsulation is required, the VPC network model delivers the performance close to that of a VPC network when compared with the container tunnel network model. Therefore, the VPC network model applies to scenarios that have high requirements on performance, such as AI computing and big data computing.
                                                                            • Small- and medium-scale networks: Due to the limitation on VPC route tables, it is recommended that the number of nodes in a cluster be less than or equal to 1000.
                                                                            
 
                                                                            • High performance requirements: Cloud Native 2.0 networks use VPC networks to construct container networks, eliminating the need for tunnel encapsulation or NAT when containers communicate. This makes Cloud Native 2.0 networks ideal for scenarios that demand high bandwidth and low latency.
                                                                            • Large-scale networking: Cloud Native 2.0 networks support a maximum of 2,000 ECS nodes and 100,000 pods.
                                                                            
+
                                                                            • High performance requirements: Cloud Native Network 2.0 uses VPC networks to construct container networks, eliminating the need for tunnel encapsulation or NAT when containers communicate. This makes Cloud Native Network 2.0 ideal for scenarios that demand high bandwidth and low latency.
                                                                            • Large-scale networking: Cloud Native Network 2.0 supports up to 2,000 ECS nodes and 100,000 pods.
                                                                            
                                                                             		
 
                                                                            
 
                                                                            Core technology
                                                                            
@@ -86,8 +86,8 @@
                                                                             		
 
                                                                            A maximum of 2000 nodes are supported.
                                                                            
 
                                                                            Suitable for small- and medium-scale networks due to the limitation on VPC routing tables. It is recommended that the number of nodes be less than or equal to 1000.
                                                                            
-
                                                                            Each time a node is added to the cluster, a route is added to the VPC routing tables. Evaluate the cluster scale that is limited by the VPC routing tables before creating the cluster. 
                                                                            
+
                                                                            Suitable for small- and medium-scale networks due to the limitation on VPC route tables. It is recommended that the number of nodes be less than or equal to 1000.
                                                                            
+
                                                                            Each time a node is added to the cluster, a route is added to the VPC route tables. Evaluate the cluster scale that is limited by the VPC route tables before creating the cluster. 
                                                                            
                                                                             		
 
                                                                            A maximum of 2000 nodes are supported.
                                                                            
 
                                                                            In a cloud-native network 2.0 cluster, containers' IP addresses are assigned from VPC CIDR blocks, and the number of containers supported is restricted by these blocks. Evaluate the cluster's scale limitations before creating it.
                                                                            
diff --git a/docs/cce/umn/cce_10_0282.html b/docs/cce/umn/cce_10_0282.html
index 4c1ac1248..b5adc0d31 100644
--- a/docs/cce/umn/cce_10_0282.html
+++ b/docs/cce/umn/cce_10_0282.html
@@ -2,7 +2,7 @@
 
 
                                                                            Tunnel Network Model
                                                                            
 
                                                                            Model Definition
                                                                            A container tunnel network creates a separate network plane for containers by using tunnel encapsulation on the host network plane. The container tunnel network of a CCE cluster uses VXLAN for tunnel encapsulation and Open vSwitch as the virtual switch backend. VXLAN is a protocol that encapsulates Ethernet packets into UDP packets to transmit them through tunnels. Open vSwitch is an open-source virtual switch software that provides functions such as network isolation and data forwarding.
                                                                            
-
                                                                            While there may be some performance costs, packet encapsulation and tunnel transmission allow for greater interoperability and compatibility with advanced features, such as network policy-based isolation, in most common scenarios.
                                                                            Figure 1 Container tunnel network
                                                                            
+
                                                                            While there may be some performance costs, packet encapsulation and tunnel transmission allow for greater interoperability and compatibility with advanced features, such as network policy-based isolation, in most common scenarios.
                                                                            Figure 1 Container tunnel network
                                                                            
 
                                                                            
 
                                                                            In a cluster using the container tunnel model, the communication paths between pods on the same node and between pods on different nodes are different.
                                                                            
 
                                                                            • Inter-pod communication on the same node: Packets are directly forwarded via the OVS bridge on the node.
                                                                            • Inter-pod communication on different nodes: Packets are encapsulated in the OVS bridge and then forwarded to the target pod on the peer node through the host NIC.
                                                                            
@@ -16,7 +16,7 @@
 
                                                                            
 
                                                                            Container IP Address Management
                                                                            The container tunnel network allocates container IP addresses according to the following rules:
                                                                            
 
                                                                            • Container CIDR blocks are separate from node CIDR blocks.
                                                                            • IP addresses are allocated by node. One or more CIDR blocks with a fixed size (16 by default) are allocated to each node in a cluster from the container CIDR block.
                                                                            • When the IP addresses on a node are used up, you can apply for a new CIDR block.
                                                                            • A container CIDR block assigns CIDR blocks to new nodes or existing nodes in a cyclical sequence.
                                                                            • IP addresses from one or more CIDR blocks assigned to a node are allocated to pods scheduled to that node in a cyclical manner.
                                                                            
-
                                                                            Figure 2 IP address allocation of the container tunnel network
                                                                            
+
                                                                            Figure 2 IP address allocation of the container tunnel network
                                                                            
 
                                                                            Maximum number of nodes that can be created in the cluster using the container tunnel network = Number of IP addresses in the container CIDR block/Size of the IP CIDR block allocated to the node by the container CIDR block at a time (16 by default)
                                                                            
 
                                                                            For example, if the container CIDR block is 172.16.0.0/16, the number of IP addresses is 65536. The mask of the container CIDR block allocated to a node is 28. That is, a total of 16 container IP addresses are allocated each time. Therefore, a maximum of 4096 (65536/16) nodes can be created. This is an extreme case. If 4096 nodes are created, a maximum of 16 pods can be created for each node because only a CIDR block with 16 IP addresses is allocated to each node. The number of nodes that can be added to a cluster is also determined by the available IP addresses in the node subnet and the scale of the cluster.
                                                                            
 
                                                                            
@@ -25,7 +25,7 @@
 
 
                                                                            
 
                                                                            Example of Container Tunnel Network Access
                                                                            The following is an example of creating a workload in a cluster using the container tunnel network model:
                                                                            
-
                                                                            1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                            2. Create a Deployment in the cluster.
                                                                              Create the deployment.yaml file. The following shows an example:
                                                                              
+
                                                                              1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                              2. Create a Deployment in the cluster.
                                                                                Create the deployment.yaml file. The following shows an example:
                                                                                
 
                                                                                kind: Deployment
 apiVersion: apps/v1
 metadata:
diff --git a/docs/cce/umn/cce_10_0283.html b/docs/cce/umn/cce_10_0283.html
index 2f07ad69a..6cc1cc362 100644
--- a/docs/cce/umn/cce_10_0283.html
+++ b/docs/cce/umn/cce_10_0283.html
@@ -1,23 +1,23 @@
 
 
 
                                                                                VPC Network Model
                                                                                
-
                                                                                Model Definition
                                                                                The VPC network model seamlessly combines VPC routing with the underlying network, making it ideal for high-performance scenarios. However, the maximum number of nodes allowed in a cluster is determined by the VPC route quota. In the VPC network model, container CIDR blocks are separate from node CIDR blocks. To allocate IP addresses to containers running on a node in a cluster, each node in the cluster is allocated with a container CIDR block for a fixed number of IP addresses. The VPC network model outperforms the container tunnel network model in terms of performance because it does not have tunnel encapsulation overhead. When using the VPC network model in a cluster, the VPC routing table automatically configures the routes between container CIDR blocks and VPC CIDR blocks. This means that pods within the cluster can be accessed directly from cloud servers in the same VPC, even if they are outside the cluster.
                                                                                Figure 1 VPC network model
                                                                                
+
                                                                                Model Definition
                                                                                The VPC network model seamlessly combines VPC routing with the underlying network, making it ideal for high-performance scenarios. However, the maximum number of nodes allowed in a cluster is determined by the VPC route quota. In the VPC network model, container CIDR blocks are separate from node CIDR blocks. To allocate IP addresses to containers running on a node in a cluster, each node in the cluster is allocated with a container CIDR block for a fixed number of IP addresses. The VPC network model outperforms the container tunnel network model in terms of performance because it does not have tunnel encapsulation overhead. When using the VPC network model in a cluster, the VPC route table automatically configures the routes between container CIDR blocks and VPC CIDR blocks. This means that pods within the cluster can be accessed directly from cloud servers in the same VPC, even if they are outside the cluster.
                                                                                Figure 1 VPC network model
                                                                                
 
                                                                                
 
                                                                                In a cluster using the VPC network model, network communication paths are as follows:
                                                                                
-
                                                                                • Inter-pod communication on the same node: Packets are directly forwarded through IPvlan.
                                                                                • Inter-pod communication on different nodes: The traffic accesses the default gateway by following the route specified in the VPC routing table and then is forwarded to the target pod on another node using VPC routing.
                                                                                • Pod communication with the Internet: When a container in a cluster needs to access the Internet, CCE uses NAT to translate the container's IP address into the node IP address so that the pod communicates externally using the node IP address.
                                                                                
+
                                                                                • Inter-pod communication on the same node: Packets are directly forwarded through IPvlan.
                                                                                • Inter-pod communication on different nodes: The traffic accesses the default gateway by following the route specified in the VPC route table and then is forwarded to the target pod on another node using VPC routing.
                                                                                • Pod communication with the Internet: When a container in a cluster needs to access the Internet, CCE uses NAT to translate the container's IP address into the node IP address so that the pod communicates externally using the node IP address.
                                                                                
 
                                                                                
 
                                                                                Advantages and Disadvantages
                                                                                Advantages
                                                                                
-
                                                                                • High performance and simplified network fault locating are achieved by eliminating the need for tunnel encapsulation.
                                                                                • A VPC routing table automatically configures routes between container CIDR blocks and VPC CIDR blocks. This enables resources in the VPC to directly communicate with containers in the cluster.
                                                                                   
                                                                                  Similarly, if the VPC is accessible to other VPCs or data centers and the VPC routing table includes routes to the container CIDR blocks, resources in other VPCs or data centers can directly communicate with containers in the cluster, provided there are no conflicts between the network CIDR blocks.
                                                                                  
+
                                                                                  • High performance and simplified network fault locating are achieved by eliminating the need for tunnel encapsulation.
                                                                                  • A VPC route table automatically configures routes between container CIDR blocks and VPC CIDR blocks. This enables resources in the VPC to directly communicate with containers in the cluster.
                                                                                     
                                                                                    Similarly, if the VPC is accessible to other VPCs or data centers and the VPC route table includes routes to the container CIDR blocks, resources in other VPCs or data centers can directly communicate with containers in the cluster, provided there are no conflicts between the network CIDR blocks.
                                                                                    
 
                                                                                    
 
                                                                                  
 
                                                                                  Disadvantages
                                                                                  
 
                                                                                  • The number of nodes is limited by the VPC route quota.
                                                                                  • Each node is assigned a CIDR block with a fixed size, which results in IP address wastage in the container CIDR block.
                                                                                  • Pods cannot directly use features like EIPs and security groups.
                                                                                  
 
                                                                                  
-
                                                                                  Application Scenarios
                                                                                  • High performance requirements: As no tunnel encapsulation is required, the VPC network model delivers the performance close to that of a VPC network when compared with the container tunnel network model. Therefore, the VPC network model applies to scenarios that have high requirements on performance, such as AI computing and big data computing.
                                                                                  • Small- and medium-scale networks: Due to the limitation on VPC routing tables, it is recommended that the number of nodes in a cluster be less than or equal to 1000.
                                                                                  
+
                                                                                  Application Scenarios
                                                                                  • High performance requirements: As no tunnel encapsulation is required, the VPC network model delivers the performance close to that of a VPC network when compared with the container tunnel network model. Therefore, the VPC network model applies to scenarios that have high requirements on performance, such as AI computing and big data computing.
                                                                                  • Small- and medium-scale networks: Due to the limitation on VPC route tables, it is recommended that the number of nodes in a cluster be less than or equal to 1000.
                                                                                  
 
                                                                                  
 
                                                                                  Container IP Address Management
                                                                                  The VPC network model assigns container IP addresses based on the following guidelines:
                                                                                  
 
                                                                                  • Container CIDR blocks are separate from node CIDR blocks.
                                                                                  • IP addresses are allocated by node. One CIDR block with a fixed size (configurable) is allocated to each node in a cluster from the container CIDR block.
                                                                                  • A container CIDR block assigns CIDR blocks to new nodes in a cyclical sequence.
                                                                                  • IP addresses from the CIDR blocks assigned to a node are allocated to pods scheduled to that node in a cyclical manner.
                                                                                  
-
                                                                                  Figure 2 IP address management of the VPC network
                                                                                  
+
                                                                                  Figure 2 IP address management of the VPC network
                                                                                  
 
                                                                                  Maximum number of nodes that can be created in the cluster using the VPC network = Number of IP addresses in the container CIDR block/Number of IP addresses in the CIDR block allocated to the node by the container CIDR block
                                                                                  
 
                                                                                  For example, if the container CIDR block is 172.16.0.0/16, the number of IP addresses is 65536. The mask of the container CIDR block allocated to a node is 25. That is, the number of container IP addresses on each node is 128. Therefore, a maximum of 512 (65536/128) nodes can be created. The number of nodes that can be added to a cluster is also determined by the available IP addresses in the node subnet and the scale of the cluster. For details, see Recommendation for CIDR Block Planning.
                                                                                  
 
                                                                                  
@@ -29,10 +29,10 @@
 
                                                                                  The container CIDR block is 172.16.0.0/16, and the number of available IP addresses is 65536. As described in Container IP Address Management, the VPC network is allocated a CIDR block with a fixed size (using the mask to determine the maximum number of container IP addresses allocated to each node). For example, if the upper limit is 128, the cluster supports a maximum of 512 (65536/128) nodes.
                                                                                  
 
                                                                                  
 
                                                                                  Example of VPC Network Access
                                                                                  In this example, a cluster using the VPC network model is created, and the cluster contains one node.
                                                                                  
-
                                                                                  On the VPC console, locate the VPC to which the cluster belongs and check the VPC routing table.
                                                                                  
-
                                                                                  You can find that CCE has created a custom route in the routing table. This route has a destination address corresponding to the container CIDR block assigned to the node, and the next hop is directed towards the target node. In the example, the container CIDR block for the cluster is 172.16.0.0/16, with 128 container IP addresses assigned to each node. Therefore, the node's container CIDR block is 172.16.0.0/25, providing a total of 128 container IP addresses.
                                                                                  
+
                                                                                  On the VPC console, locate the VPC to which the cluster belongs and check the VPC route table.
                                                                                  
+
                                                                                  You can find that CCE has created a custom route in the route table. This route has a destination address corresponding to the container CIDR block assigned to the node, and the next hop is directed towards the target node. In the example, the container CIDR block for the cluster is 172.16.0.0/16, with 128 container IP addresses assigned to each node. Therefore, the node's container CIDR block is 172.16.0.0/25, providing a total of 128 container IP addresses.
                                                                                  
 
                                                                                  When a container IP address is accessed, the VPC route will forward the traffic to the next-hop node that corresponds to the destination address. The following is an example:
                                                                                  
-
                                                                                  1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                  2. Create a Deployment in the cluster.
                                                                                    Create the deployment.yaml file. The following shows an example:
                                                                                    kind: Deployment
+
                                                                                    1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                    2. Create a Deployment in the cluster.
                                                                                      Create the deployment.yaml file. The following shows an example:
                                                                                      kind: Deployment
 apiVersion: apps/v1
 metadata:
   name: example
diff --git a/docs/cce/umn/cce_10_0284.html b/docs/cce/umn/cce_10_0284.html
index 4a698c6f4..277c83f37 100644
--- a/docs/cce/umn/cce_10_0284.html
+++ b/docs/cce/umn/cce_10_0284.html
@@ -1,9 +1,9 @@
 
 
-
                                                                                      Cloud Native 2.0 Network Model
                                                                                      
-
                                                                                      Model Definition
                                                                                      Cloud Native 2.0 network model is a proprietary, next-generation container network model that combines the elastic network interfaces (ENIs) and supplementary network interfaces (sub-ENIs) of the Virtual Private Cloud (VPC). This allows ENIs or sub-ENIs to be directly bound to pods, giving each pod its own unique IP address within the VPC. Furthermore, it supports additional features like ELB passthrough container, pod binding to a security group, and pod binding to an EIP. Because container tunnel encapsulation and NAT are not required, the Cloud Native 2.0 network model enables higher network performance than the container tunnel network model and VPC network model.
                                                                                      
-
                                                                                      Figure 1 Cloud Native 2.0 network model
                                                                                      
-
                                                                                      In a cluster using the Cloud Native 2.0 network model, pods rely on ENIs or sub-ENIs to connect to external networks.
                                                                                      
+
                                                                                      Cloud Native Network 2.0
                                                                                      
+
                                                                                      Model Definition
                                                                                      Cloud Native Network 2.0 is a proprietary, next-generation container network model that combines the elastic network interfaces (ENIs) and supplementary network interfaces (sub-ENIs) of the Virtual Private Cloud (VPC). This allows ENIs or sub-ENIs to be directly bound to pods, giving each pod its own unique IP address within the VPC. Furthermore, it supports additional features like ELB passthrough container, pod binding to a security group, and pod binding to an EIP. Because container tunnel encapsulation and NAT are not required, Cloud Native Network 2.0 enables higher network performance than the container tunnel network model and VPC network model.
                                                                                      
+
                                                                                      Figure 1 Cloud Native Network 2.0
                                                                                      
+
                                                                                      In a cluster using Cloud Native Network 2.0, pods rely on ENIs or sub-ENIs to connect to external networks.
                                                                                      
 
                                                                                      • Pods running on BMS nodes use ENIs.
                                                                                      • Pods running on ECS nodes use sub-ENIs that are bound to the ECS' ENIs through VLAN sub-interfaces.
                                                                                      • To run a pod, it is necessary to bind ENIs to it. The number of pods that can run on a node depends on the number of ENIs that can be bound to the node and the number of ENI ports available on the node.
                                                                                      • Traffic for communications between pods on a node, communications between pods on different nodes, and access to networks outside a cluster is forwarded through the ENI or sub-ENI of the VPC.
                                                                                      
 
                                                                                      
 
                                                                                      Notes and Constraints
                                                                                      This network model is available only to CCE Turbo clusters.
                                                                                      
@@ -15,9 +15,9 @@
 
                                                                                      Disadvantages
                                                                                      
 
                                                                                      Container networks are built on VPCs, with each pod receiving an IP address from the VPC CIDR block. As a result, it is crucial to plan the container CIDR block carefully before creating a cluster.
                                                                                      
 
                                                                                      
-
                                                                                      Application Scenarios
                                                                                      • High performance requirements: Cloud Native 2.0 networks use VPC networks to construct container networks, eliminating the need for tunnel encapsulation or NAT when containers communicate. This makes Cloud Native 2.0 networks ideal for scenarios that demand high bandwidth and low latency.
                                                                                      • Large-scale networking: Cloud Native 2.0 networks support a maximum of 2,000 ECS nodes and 100,000 pods.
                                                                                      
+
                                                                                      Application Scenarios
                                                                                      • High performance requirements: Cloud Native Network 2.0 uses VPC networks to construct container networks, eliminating the need for tunnel encapsulation or NAT when containers communicate. This makes Cloud Native Network 2.0 ideal for scenarios that demand high bandwidth and low latency.
                                                                                      • Large-scale networking: Cloud Native Network 2.0 supports up to 2,000 ECS nodes and 100,000 pods.
                                                                                      
 
                                                                                      
-
                                                                                      Container IP Address Management
                                                                                      In the Cloud Native Network 2.0 model, ECS nodes use sub-ENIs.
                                                                                      
+
                                                                                      Container IP Address Management
                                                                                      In Cloud Native Network 2.0, ECS nodes use sub-ENIs.
                                                                                      
 
                                                                                      • The IP address of the pod is directly allocated from the VPC subnet configured for the container network. You do not need to allocate an independent small network segment to the node.
                                                                                      • To add an ECS node to a cluster, bind the ENI that carries the sub-ENI first. After the ENI is bound, you can bind the sub-ENI.
                                                                                      • Number of ENIs bound to an ECS node: For clusters of v1.19.16-r40, v1.21.11-r0, v1.23.9-r0, v1.25.4-r0, v1.27.1-r0, and later versions, the value is 1. For clusters of earlier versions, the value is the maximum number of sub-ENIs that can be bound to the node divided by 64 (rounded up).
                                                                                      • ENIs bound to an ECS node = Number of ENIs used to bear sub-ENIs + Number of sub-ENIs currently used by pods + Number of pre-bound sub-ENIs
                                                                                      • When a pod is created, an available ENI is randomly allocated from the prebinding ENI pool of the node.
                                                                                      • When the pod is deleted, the ENI is released back to the ENI pool of the node.
                                                                                      • When a node is deleted, the ENIs are released back to the pool, and the sub-ENIs are deleted.
                                                                                      
 
                                                                                      Cloud Native Network 2.0 supports dynamic ENI pre-binding policies. The following table lists the scenarios.
                                                                                      
 
@@ -113,14 +113,14 @@
 
                                                                                      Recommendation for CIDR Block Planning
                                                                                      As explained in Cluster Network Structure, network addresses in a cluster are divided into the cluster network, container network, and service network. When planning network addresses, consider the following factors:
                                                                                      
 
                                                                                      • All subnets (including extended subnets) in the VPC where the cluster resides cannot conflict with the Service CIDR blocks.
                                                                                      • Ensure that each CIDR block has sufficient IP addresses.
                                                                                        • The IP addresses in the cluster CIDR block must match the cluster scale. Otherwise, nodes cannot be created due to insufficient IP addresses.
                                                                                        • The IP addresses in the container CIDR block must match the service scale. Otherwise, pods cannot be created due to insufficient IP addresses.
                                                                                        
 
                                                                                      
-
                                                                                      In the Cloud Native 2.0 network model, the container CIDR block and node CIDR block share the network IP addresses in a VPC. It is recommended that the container subnet and node subnet not use the same subnet. Otherwise, containers or nodes may fail to be created due to insufficient IP addresses.
                                                                                      
+
                                                                                      In Cloud Native Network 2.0, the container CIDR block and node CIDR block share the network IP addresses in a VPC. It is recommended that the container subnet and node subnet not use the same subnet. Otherwise, containers or nodes may fail to be created due to insufficient IP addresses.
                                                                                      
 
                                                                                      In addition, a subnet can be added to the container CIDR block after a cluster is created to increase the number of available IP addresses. In this case, ensure that the added subnet does not conflict with other subnets in the container CIDR block.
                                                                                      
-
                                                                                      Figure 2 Configuring CIDR blocks
                                                                                      
+
                                                                                      Figure 2 Configuring CIDR blocks
                                                                                      
 
                                                                                      
 
                                                                                      Example of Cloud Native Network 2.0 Access 
                                                                                      In this example, a CCE Turbo cluster is created, and the cluster contains three ECS nodes.
                                                                                      
 
                                                                                      You can check the basic information about a node on the ECS console. You can see that a primary network interface and an extended network interface are bound to the node. Both of them are ENIs. The IP address of the extended network interface belongs to the container CIDR block and is used to bind sub-ENIs to pods on the node.
                                                                                      
-
                                                                                      The following is an example of creating a workload in a cluster using the Cloud Native 2.0 network model:
                                                                                      
-
                                                                                      1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                      2. Create a Deployment in the cluster.
                                                                                        Create the deployment.yaml file. The following shows an example:
                                                                                        
+
                                                                                        The following is an example of creating a workload in a cluster using Cloud Native Network 2.0:
                                                                                        
+
                                                                                        1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                        2. Create a Deployment in the cluster.
                                                                                          Create the deployment.yaml file. The following shows an example:
                                                                                          
 
                                                                                          kind: Deployment
 apiVersion: apps/v1
 metadata:
diff --git a/docs/cce/umn/cce_10_0285.html b/docs/cce/umn/cce_10_0285.html
index 196480aba..79c07a9f7 100644
--- a/docs/cce/umn/cce_10_0285.html
+++ b/docs/cce/umn/cce_10_0285.html
@@ -7,10 +7,10 @@
 
                                                                                          • Group them in different clusters for different environments.
                                                                                            Resources cannot be shared among different clusters. In addition, services in different environments can access each other only through load balancing.
                                                                                            
 
                                                                                          • Group them in different namespaces for different environments.
                                                                                            Workloads in the same namespace can be mutually accessed by using the Service name. Cross-namespace access can be implemented by using the Service name or namespace name.
                                                                                            
 
                                                                                            The following figure shows namespaces created for the development, joint debugging, and testing environments, respectively.
                                                                                            
-
                                                                                            Figure 1 One namespace for one environment
                                                                                            
+
                                                                                            Figure 1 One namespace for one environment
                                                                                            
 
                                                                                          
 
                                                                                        3. Isolating namespaces by application
                                                                                          You are advised to use this method if a large number of workloads are deployed in the same environment. For example, in the following figure, different namespaces (APP1 and APP2) are created to logically manage workloads as different groups. Workloads in the same namespace access each other using the Service name, and workloads in different namespaces access each other using the Service name or namespace name.
                                                                                          
-
                                                                                          Figure 2 Grouping workloads into different namespaces
                                                                                          
+
                                                                                          Figure 2 Grouping workloads into different namespaces
                                                                                          
 
                                                                                
 
                                                                                
 
                                                                                Managing Namespace Labels
                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Namespaces.
                                                                                2. Locate the row containing the target namespace and choose More > Manage Label in the Operation column.
                                                                                3. In the dialog box that is displayed, the existing labels of the namespace are displayed. Modify the labels as needed.
                                                                                  • Adding a label: Click the add icon, enter the key and value of the label to be added, and click OK.
                                                                                    For example, the key is project and the value is cicd, indicating that the namespace is used to deploy CICD.
                                                                                    
@@ -18,7 +18,7 @@
 
                                                                                  • Switch to the Manage Label dialog box again and check the modified labels.
                                                                                
 
                                                                                
 
                                                                                Enabling Node Affinity in a Namespace
                                                                                After node affinity is enabled in a namespace, the workloads newly created in the namespace can be scheduled only to nodes with specific labels. For details, see PodNodeSelector.
                                                                                
-
                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Namespaces.
                                                                                2. Locate the target namespace and click  in the Node Affinity column.
                                                                                3. In the displayed dialog box, select Enable and click OK.
                                                                                  After node affinity is enabled, new workloads in the current namespace will be scheduled only to nodes with specified labels. For example, in namespace test, the workloads in the namespace can be scheduled only to the node whose label key is kubelet.kubernetes.io/namespace and label value is test.
                                                                                  
+
                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Namespaces.
                                                                                  2. Locate the target namespace and click  in the Node Affinity column.
                                                                                  3. In the displayed dialog box, select Enable and click OK.
                                                                                    After node affinity is enabled, new workloads in the current namespace will be scheduled only to nodes with specified labels. For example, in namespace test, the workloads in the namespace can be scheduled only to the node whose label key is kubelet.kubernetes.io/namespace and label value is test.
                                                                                    
 
                                                                                  4. You can add specified labels to a node in Labels and Taints on the Nodes page. For details, see Managing Node Labels.
                                                                                  
 
                                                                                
 
                                                                                Deleting a Namespace
                                                                                If a namespace is deleted, all resources (such as workloads, jobs, and ConfigMaps) in this namespace will also be deleted. Exercise caution when deleting a namespace. 
                                                                                
diff --git a/docs/cce/umn/cce_10_0288.html b/docs/cce/umn/cce_10_0288.html
index 454fd1d87..ad23b49a1 100644
--- a/docs/cce/umn/cce_10_0288.html
+++ b/docs/cce/umn/cce_10_0288.html
@@ -41,7 +41,7 @@
 
                                                                              3. After setting the parameters, click OK.
                                                                                After the security group is created, the system automatically returns to the security group list page where you can see the new security group.
                                                                                
 
                                                                              
 
                                                                            
-
                                                                            Using kubectl
                                                                            1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                            2. Create a description file named securitygroup-demo.yaml.
                                                                              vi securitygroup-demo.yaml
                                                                              
+
                                                                              Using kubectl
                                                                              1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                              2. Create a description file named securitygroup-demo.yaml.
                                                                                vi securitygroup-demo.yaml
                                                                                
 
                                                                                For example, create the following SecurityGroup to bind all nginx workloads with two security groups 64566556-bd6f-48fb-b2c6-df8f44617953 and 5451f1b0-bd6f-48fb-b2c6-df8f44617953 that have been created in advance. An example is as follows:
                                                                                
 
                                                                                apiVersion: crd.yangtse.cni/v1
 kind: SecurityGroup
diff --git a/docs/cce/umn/cce_10_0290.html b/docs/cce/umn/cce_10_0290.html
index 7c865d382..199bf2049 100644
--- a/docs/cce/umn/cce_10_0290.html
+++ b/docs/cce/umn/cce_10_0290.html
@@ -58,7 +58,7 @@
 
                                                                                • Prometheus is an open-source monitoring and alarming framework that can collect multiple types of metrics. Prometheus has been a standard monitoring solution of Kubernetes.
                                                                                • Metrics Server is a cluster-wide aggregator of resource utilization data. Metrics Server collects metrics from the Summary API exposed by kubelet. These metrics are set for core Kubernetes resources, such as pods, nodes, containers, and Services. Metrics Server provides a set of standard APIs for external systems to collect these metrics.
                                                                                
 
                                                                                HPA can work with Metrics Server for auto scaling based on the CPU and memory usage. It can also work with Prometheus for auto scaling based on custom monitoring metrics.
                                                                                
 
                                                                                Figure 1 shows how HPA works.
                                                                                
-
                                                                                Figure 1 HPA working process
                                                                                
+
                                                                                Figure 1 HPA working process
                                                                                
 
                                                                              
 
                                                                              Two core modules of HPA:
                                                                              
 
                                                                              • Data Source Monitoring
                                                                                The community provided only CPU- and memory-based HPA at the early stage. With the population of Kubernetes and Prometheus, developers need more custom metrics or monitoring information at the access layer for their own applications, for example, the QPS of the load balancer and the number of online users of the website. In response, the community defines a set of standard metric APIs to provide services externally through these aggregated APIs.
                                                                                
diff --git a/docs/cce/umn/cce_10_0291.html b/docs/cce/umn/cce_10_0291.html
index 07b0fb510..a4fa849a4 100644
--- a/docs/cce/umn/cce_10_0291.html
+++ b/docs/cce/umn/cce_10_0291.html
@@ -1,7 +1,8 @@
 
 
 
                                                                                Scaling a Node
                                                                                
-
                                                                                
+
                                                                                
+
                                                                                
 
                                                                                
 
 
 
                                                                                
diff --git a/docs/cce/umn/cce_10_0293.html b/docs/cce/umn/cce_10_0293.html
index 1641cc6d5..087cdeff1 100644
--- a/docs/cce/umn/cce_10_0293.html
+++ b/docs/cce/umn/cce_10_0293.html
@@ -1,7 +1,8 @@
 
 
 
                                                                                Scaling a Workload
                                                                                
-
                                                                                
+
                                                                                
+
                                                                                
 
                                                                                
 
                                                                                  
 
                                                                                • Workload Scaling Rules
                                                                                  
diff --git a/docs/cce/umn/cce_10_0296.html b/docs/cce/umn/cce_10_0296.html
index b00dd6295..940cc4d2b 100644
--- a/docs/cce/umn/cce_10_0296.html
+++ b/docs/cce/umn/cce_10_0296.html
@@ -15,7 +15,7 @@
 
                                                                                
 
                                                                                
 
                                                                                Cluster Autoscaler Architecture
                                                                                Figure 1 shows the Cluster Autoscaler architecture and its core modules.
                                                                                
-
                                                                                Figure 1 Cluster Autoscaler architecture
                                                                                
+
                                                                                Figure 1 Cluster Autoscaler architecture
                                                                                
 
                                                                                Description
                                                                                
 
                                                                                • Estimator: Evaluates the number of nodes to be added to each node pool to host unschedulable pods.
                                                                                • Simulator: Finds the nodes that meet the scale-in conditions in the scale-in scenario.
                                                                                • Expander: Selects an optimal node from the node pool picked out by the Estimator based on the user-defined policy in the scale-out scenario. Table 1 lists the Expander policies.
 
                                                                                  
-
-
@@ -90,16 +90,16 @@
 
-
-
-
-
@@ -108,7 +108,7 @@
 
-
@@ -119,7 +119,7 @@
 
-
diff --git a/docs/cce/umn/cce_10_0307.html b/docs/cce/umn/cce_10_0307.html
index 0b46add07..4510c62b8 100644
--- a/docs/cce/umn/cce_10_0307.html
+++ b/docs/cce/umn/cce_10_0307.html
@@ -2,7 +2,7 @@
 
 
                                                                                  Overview
                                                                                  Container Storage
                                                                                  CCE container storage is implemented based on Kubernetes container storage APIs (CSI). CCE integrates multiple types of cloud storage and covers different application scenarios. CCE is fully compatible with Kubernetes native storage services, such as emptyDir, hostPath, secret, and ConfigMap.
                                                                                  
-
                                                                                  Figure 1 Container storage types
                                                                                  
+
                                                                                  Figure 1 Container storage types
                                                                                  
 
                                                                                  
 
                                                                                  CCE allows workload pods to use multiple types of storage:
                                                                                  
 
                                                                                  • In terms of implementation, storage supports Container Storage Interface (CSI) and Kubernetes native storage.
@@ -246,9 +246,9 @@
 
                                                                                  
-
-
diff --git a/docs/cce/umn/cce_10_0336.html b/docs/cce/umn/cce_10_0336.html
index 236816156..1f95cb66b 100644
--- a/docs/cce/umn/cce_10_0336.html
+++ b/docs/cce/umn/cce_10_0336.html
@@ -3,18 +3,15 @@
 
                                                                                  Using a Custom Access Key (AK/SK) to Mount an OBS Volume
                                                                                  Scenario
                                                                                  CCE Container Storage (Everest) of v1.2.8 or later supports custom access keys. In this way, IAM users can use their own custom access keys to mount an OBS volume. 
                                                                                  
 
                                                                                  
-
                                                                                  Prerequisites
                                                                                  
+
                                                                                  Prerequisites
                                                                                  
 
                                                                                  
 
                                                                                  Notes and Constraints
                                                                                  • When an OBS volume is mounted using a custom access key (AK/SK), the access key cannot be deleted or disabled. Otherwise, the service container cannot access the mounted OBS volume.
                                                                                  • Custom access keys cannot be configured for Kata containers.
                                                                                  
 
                                                                                  
 
                                                                                  Disabling Auto Key Mounting
                                                                                  On the earlier version's console, you need to upload the AK/SK, which is then used by default for mounting an OBS volume. As a result, all IAM users within your account will use the same key to mount OBS buckets, and they will have identical permissions on the buckets. However, this setting does not allow you to set different permissions for individual IAM users.
                                                                                  
-
                                                                                  If you have uploaded the AK/SK, disable the automatic mounting of access keys by enabling the disable_auto_mount_secret parameter in the Everest add-on to prevent IAM users from performing unauthorized operations. In this way, the access keys uploaded on the console will not be used when creating OBS volumes.
                                                                                  
-
                                                                                   
                                                                                  • When enabling disable-auto-mount-secret, ensure that no OBS volume exists in the cluster. A workload mounted with an OBS volume, when scaled or restarted, will fail to remount the OBS volume because it needs to specify the access key but is prohibited by disable-auto-mount-secret.
                                                                                  • If disable-auto-mount-secret is set to true, an access key must be specified when a PV or PVC is created. Otherwise, the OBS volume fails to be mounted.
                                                                                  
+
                                                                                  If you have uploaded the AK/SK, disable the automatic mounting of access keys by enabling the DISABLE_AUTO_MOUNT_SECRET parameter in the Everest add-on to prevent IAM users from performing unauthorized operations. In this way, the access keys uploaded on the console will not be used when you use OBS volumes.
                                                                                  
+
                                                                                   
                                                                                  • Before enabling DISABLE_AUTO_MOUNT_SECRET, ensure that there are no OBS volumes in the cluster. Workloads using OBS volumes may fail to remount after scaling or restart due to missing access keys, which are blocked by DISABLE_AUTO_MOUNT_SECRET.
                                                                                  • If DISABLE_AUTO_MOUNT_SECRET is set to true, an access key must be specified when a PV or PVC is created. Otherwise, mounting the OBS volume will fail.
                                                                                  
 
                                                                                  
-
                                                                                  kubectl edit ds everest-csi-driver -nkube-system
                                                                                  
-
                                                                                  Search for disable-auto-mount-secret and set it to true.
                                                                                  
-
                                                                                  
-
                                                                                  Run :wq to save the settings and exit. Wait until the pod is restarted.
                                                                                  
+
                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CCE Container Storage (Everest) on the right, and click Edit.
                                                                                  2. Configure the add-on parameters. Set Prohibit Global Secret from Mounting Object Storage (disable_auto_mount_secret) to Yes.
                                                                                  3. Click OK.
                                                                                  
 
                                                                                  
 
                                                                                  Obtaining an Access Key
                                                                                  1. Log in to the console.
                                                                                  2. Hover the cursor over the username in the upper right corner and choose My Credentials from the drop-down list.
                                                                                  3. In the navigation pane, choose Access Keys.
                                                                                  4. Click Create Access Key. The Create Access Key dialog box is displayed.
                                                                                  5. Click OK to download the access key.
                                                                                  
 
                                                                                  
@@ -226,7 +223,7 @@ spec:
 
                                                                                  touch: setting times of '/temp/test': No such file or directory
 command terminated with exit code 1
                                                                                  
 
                                                                                • Set the read/write permissions for the IAM user who mounted the OBS volume by referring to the bucket policy configuration.
                                                                                  
-
                                                                                  
+
                                                                                  
 
                                                                                • Write data into the mount path again. In this example, the write operation succeeded.
                                                                                  kubectl exec obs-secret-5cd558f76f-vxslv -- touch /temp/test
                                                                                  
 
                                                                                • Check the mount path in the container to see whether the data is successfully written.
                                                                                  kubectl exec obs-secret-5cd558f76f-vxslv -- ls -l /temp/
                                                                                  
 
                                                                                  Expected outputs:
                                                                                  
diff --git a/docs/cce/umn/cce_10_0337.html b/docs/cce/umn/cce_10_0337.html
index d88642428..d7f19abf8 100644
--- a/docs/cce/umn/cce_10_0337.html
+++ b/docs/cce/umn/cce_10_0337.html
@@ -67,10 +67,10 @@
 
                                                                                  • Table 1 Expander policies supported by CCE
                                                                                  Policy
                                                                                  
@@ -67,7 +67,7 @@
 
                                                                                  A combined policy. The priorities for the policies are as follows: priority > least-waste > random.
                                                                                  
 
                                                                                  It is an enhanced least-waste policy configured based on the node pool or scaling group priority. If multiple node pools meet the condition, the least-waste policy is used for further decision-making.
                                                                                  
 
                                                                                  This policy allows you to configure the priorities of node pools or scaling groups through the console or API, while the least-waste policy can effectively minimize resource waste in various scenarios. The priority policy is used as the default preferred policy thanks to its good universality.
                                                                                  
+
                                                                                  This policy allows you to configure the priorities of node pools or scaling groups through the console or API, while the least-waste policy can effectively minimize resource waste in various scenarios. The priority policy is used as the default preferred policy thanks to its good universality.
                                                                                  
                                                                                   		
 
                                                                                  Assume that auto scaling is enabled for node pools 1 and 2 in the cluster and the scale-out upper limit is not reached. The policy for scaling out the number of pods for a workload is as follows:
                                                                                  
 
                                                                                  1. Pending pods trigger the Autoscaler to determine the scale-out process.
                                                                                  2. Autoscaler simulates the scheduling phase and evaluates that some pending pods can be scheduled to the added nodes in both node pools 1 and 2.
                                                                                  3. Autoscaler evaluates that node pool 1 has a higher priority than node pool 2. Therefore, Autoscaler selects node pool 1 for scale-out.
                                                                                  
diff --git a/docs/cce/umn/cce_10_0300.html b/docs/cce/umn/cce_10_0300.html
index 51c3990d9..4a48944f0 100644
--- a/docs/cce/umn/cce_10_0300.html
+++ b/docs/cce/umn/cce_10_0300.html
@@ -2,11 +2,11 @@
 
 
                                                                                  Using HPA and CA for Auto Scaling of Workloads and Nodes
                                                                                  
 
                                                                                  Application Scenarios
                                                                                  The best way to handle surging traffic is to automatically adjust the number of machines based on the traffic volume or resource usage, which is called scaling.
                                                                                  
-
                                                                                  When deploying applications in pods, you can configure requested resources and resource limits for the pods to prevent unlimited usage of resources during peak hours. However, after the upper limit is reached, an application error may occur. Pod scaling can effectively resolve this issue. If the resource usage on the node increases to a certain extent, newly added pods cannot be scheduled to this node. In this case, CCE will add nodes accordingly.
                                                                                  
+
                                                                                  To prevent pods from using up node resources without limit during peak hours, it is a common practice to specify request and limit values for pods before deploying an application. However, this approach may encounter a resource bottleneck as an application exception may occur once the upper limit of resource usage is reached. To address this problem, you can scale the pods in or out to distribute the workload. If the node resource usage reaches its upper limit after pods are added and new pods cannot be scheduled, you can scale the nodes in or out depending on the node resource usage.
                                                                                  
 
                                                                                  
 
                                                                                  Solution
                                                                                  Two major auto scaling policies are HPA (Horizontal Pod Autoscaling) and CA (Cluster AutoScaling). HPA is for workload auto scaling and CA is for node auto scaling.
                                                                                  
 
                                                                                  HPA and CA work with each other. HPA requires sufficient cluster resources for successful scaling. When the cluster resources are insufficient, CA is needed to add nodes. If HPA reduces workloads, the cluster will have a large number of idle resources. In this case, CA needs to release nodes to avoid resource waste.
                                                                                  
-
                                                                                  As shown in Figure 1, HPA performs scale-out based on the monitoring metrics. When cluster resources are insufficient, newly created pods are in Pending state. CA then checks these pending pods and selects the most appropriate node pool based on the configured scaling policy to scale out the node pool. 
                                                                                  Figure 1 HPA and CA working flows
                                                                                  
+
                                                                                  As shown in Figure 1, HPA performs scale-out based on the monitoring metrics. When cluster resources are insufficient, newly created pods are in Pending state. CA then checks these pending pods and selects the most appropriate node pool based on the configured scaling policy to scale out the node pool. 
                                                                                  Figure 1 HPA and CA working flows
                                                                                  
 
                                                                                  
 
                                                                                  Using HPA and CA enables automatic scaling for most scenarios while also providing monitoring capabilities.
                                                                                  
 
                                                                                  This section uses an example to describe the auto scaling process using HPA and CA policies together.
                                                                                  
@@ -29,7 +29,7 @@ RUN chmod a+rx index.php
 
                                                                                  
 
                                                                                • Run the following command to build an image named hpa-example with the tag latest.
                                                                                  docker build -t hpa-example:latest .
                                                                                  
 
                                                                                • (Optional) Log in to the SWR console, choose Organizations in the navigation pane, and click Create Organization in the upper right corner.
                                                                                  Skip this step if you already have an organization.
                                                                                  
-
                                                                                • In the navigation pane, choose My Images and then click Upload Through Client. On the page displayed, click Generate a temporary login command and click  to copy the command.
                                                                                • Run the login command copied in the previous step on the cluster node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                • Tag the hpa-example image.
                                                                                  docker tag {Image name 1:Tag 1}/{Image repository address}/{Organization name}/{Image name 2:Tag 2}
                                                                                  
+
                                                                                • In the navigation pane, choose My Images and then click Upload Through Client. On the page displayed, click Generate a temporary login command and click  to copy the command.
                                                                                • Run the login command copied in the previous step on the cluster node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                • Tag the hpa-example image.
                                                                                  docker tag {Image name 1:Tag 1}/{Image repository address}/{Organization name}/{Image name 2:Tag 2}
                                                                                  
 
                                                                                  • {Image name 1:Tag 1}: name and tag of the local image to be uploaded.
                                                                                  • {Image repository address}: the domain name at the end of the login command in login command. It can be obtained on the SWR console.
                                                                                  • {Organization name}: name of the created organization.
                                                                                  • {Image name 2:Tag 2}: desired image name and tag to be displayed on the SWR console.
                                                                                  
 
                                                                                  The following is an example:
                                                                                  
 
                                                                                  docker tag hpa-example:latest swr.eu-de.otc.t-systems.com/group/hpa-example:latest
                                                                                  
@@ -46,8 +46,8 @@ latest: digest: sha256:eb7e3bbd*** size: **
 
                                                                                  • 
 
                                                                                  
 
                                                                                  Creating a Node Pool and a Node Scaling Policy
                                                                                  1. Log in to the CCE console, access the created cluster, click Nodes on the left, click the Node Pools tab, and click Create Node Pool in the upper right corner.
                                                                                  2. Configure the node pool.
                                                                                    • Node Type: Select a node type.
                                                                                    • Specifications: 2 vCPUs | 4 GiB
                                                                                    
-
                                                                                    Retain the defaults for other parameters. For details, see Creating a Node Pool.
                                                                                    
-
                                                                                  3. Locate the row containing the newly created node pool and click Auto Scaling in the upper right corner. For details, see Creating a Node Scaling Policy.
                                                                                    If the CCE Cluster Autoscaler add-on is not installed in the cluster, install it first. For details, see autoscaler.
                                                                                    • Customize scale-out rules.: Click Add Rule. In the dialog box displayed, configure parameters. If the CPU allocation rate is greater than 70%, a node is added to each associated node pool. A node scaling policy needs to be associated with a node pool. Multiple node pools can be associated. When you need to scale nodes, node with proper specifications will be added or reduced from the node pool based on the minimum waste principle.
                                                                                    • Nodes: Modify the node quantity range. The number of nodes in a node pool will always be within the range during auto scaling.
                                                                                    • Cooldown Period: a period during which the nodes added in the current node pool cannot be scaled in
                                                                                    
+
                                                                                    Retain the default values for other parameters. For details, see Creating a Node Pool.
                                                                                    
+
                                                                                  4. Locate the row containing the newly created node pool and click Auto Scaling in the upper right corner. For details, see Creating a Node Scaling Policy.
                                                                                    If the CCE Cluster Autoscaler add-on is not installed in the cluster, install it first. For details, see autoscaler.
                                                                                    • Customize scale-out rules.: Click Add Rule. In the dialog box displayed, configure parameters. If the CPU allocation rate is greater than 70%, a node is added to each associated node pool. A node scaling policy needs to be associated with a node pool. Multiple node pools can be associated. When you need to scale nodes, node with proper specifications will be added or reduced from the node pool based on the minimum waste principle.
                                                                                    • Nodes: Modify the node quantity range. The number of nodes in a node pool will always be within the range during auto scaling.
                                                                                    • Cooldown Period: a period during which the nodes added in the current node pool cannot be scaled in
                                                                                    • Specifications: Configure whether to enable auto scaling for node flavors in a node pool.
                                                                                    
 
                                                                                    
 
                                                                                  5. Click OK.
                                                                                  
 
                                                                                  
@@ -119,7 +119,7 @@ spec:
           averageUtilization: 50
 
                                                                                  Configure the parameters as follows if you are using the console.
                                                                                  
 
                                                                                  
-
                                                                                  
+
                                                                                  
 
                                                                                  
 
                                                                                  Observing the Auto Scaling Process
                                                                                  1. Check the cluster node status. In the following example, there are two nodes.
                                                                                    # kubectl get node
 NAME            STATUS   ROLES    AGE     VERSION
@@ -210,7 +210,7 @@ Events:
   Normal  SuccessfulRescale  6m45s  horizontal-pod-autoscaler  New size: 3; reason: All metrics below target
   Normal  SuccessfulRescale  90s    horizontal-pod-autoscaler  New size: 1; reason: All metrics below target
                                                                                    
 
                                                                                    You can also view the HPA policy execution history on the console. Wait until the one node is reduced.
                                                                                    
-
                                                                                    The reason why the other two nodes in the node pool are not reduced is that they both have pods in the kube-system namespace (and these pods are not created by DaemonSets). For details, see Node Scaling Mechanisms.
                                                                                    
+
                                                                                    The reason why the other two nodes in the node pool are not reduced is that they both have pods in the kube-system namespace, and these pods are not created by DaemonSets. For details about the conditions in which nodes will not be removed, see Node Scaling Mechanisms.
                                                                                    
 
                                                                                  
 
                                                                                  
 
                                                                                  Summary
                                                                                  By using HPA and CA, auto scaling can be effortlessly implemented in various scenarios. Additionally, the scaling process of nodes and pods can be conveniently tracked.
                                                                                  
diff --git a/docs/cce/umn/cce_10_0302.html b/docs/cce/umn/cce_10_0302.html
index 932802aed..6007d37f1 100644
--- a/docs/cce/umn/cce_10_0302.html
+++ b/docs/cce/umn/cce_10_0302.html
@@ -1,12 +1,12 @@
 
 
 
                                                                                  Before You Start
                                                                                  
-
                                                                                  Before the upgrade, you can check whether your cluster can be upgraded and which versions are available on the CCE console. For details, see Process and Method of Upgrading a Cluster.
                                                                                  
+
                                                                                  Before the upgrade, you can check whether your cluster can be upgraded and which versions are available on the CCE console. For details, see Cluster Upgrade Overview.
                                                                                  
 
                                                                                  Precautions
                                                                                  Before upgrading a cluster, pay attention to the following points:
                                                                                  
 
                                                                                  • Perform an upgrade during off-peak hours to minimize the impact on your services.
                                                                                  • Before upgrading a cluster, learn about the features and differences of each cluster version in Kubernetes Release Notes to prevent exceptions due to the use of an incompatible cluster version. For example, check whether any APIs deprecated in the target version are used in the cluster. Otherwise, calling the APIs may fail after the upgrade. For details, see Deprecated APIs.
                                                                                  
 
                                                                                  During a cluster upgrade, pay attention to the following points that may affect your services:
                                                                                  
 
                                                                                  • During a cluster upgrade, do not perform any operation on the cluster. If you stop, restart, or delete nodes while upgrading the cluster, the upgrade will fail.
                                                                                  • Before upgrading a cluster, ensure no high-risk operations are performed in the cluster. Otherwise, the cluster upgrade may fail or the configuration may be lost after the upgrade. Common high-risk operations include modifying cluster node configurations locally and modifying the configurations of the listeners managed by CCE on the ELB console. Instead, modify configurations on the CCE console so that the modifications can be automatically inherited during the upgrade.
                                                                                  • During a cluster upgrade, the running workloads will not be interrupted, but access to the API server will be temporarily interrupted.
                                                                                  • By default, application scheduling is not restricted during a cluster upgrade. During an upgrade of the following early cluster versions, the node.kubernetes.io/upgrade taint (equivalent to NoSchedule) will be added to the nodes in the cluster and removed after the cluster is upgraded:
                                                                                    • All v1.15 clusters
                                                                                    • All v1.17 clusters
                                                                                    • v1.19 clusters with patch versions earlier than or equal to v1.19.16-r4
                                                                                    • v1.21 clusters with patch versions earlier than or equal to v1.21.7-r0
                                                                                    • v1.23 clusters with patch versions earlier than or equal to v1.23.5-r0
                                                                                    
-
                                                                                  • Clusters of version 1.27 or later do not support nodes running EulerOS 2.5 or CentOS 7.7. If a node running EulerOS 2.5 or CentOS 7.7 is used, migrate the node OS to EulerOS release 2.9, Ubuntu 22.04, or HCE OS 2.0 before the cluster upgrade. For details, see Resetting a Node.
                                                                                  
+
                                                                                • Clusters of version 1.27 or later do not support nodes running EulerOS 2.5 or CentOS 7.7. If a node running EulerOS 2.5 or CentOS 7.7 is used, migrate the node OS to EulerOS release 2.9, Ubuntu 22.04, or HCE OS 2.0 before the cluster upgrade. For details, see Resetting a Node.
                                                                                • During a cluster upgrade, if an add-on is also upgraded and cluster resources are limited, add-on pods can use resources that would otherwise be allocated to service pods. This may result in the eviction of service pods. After the add-on is upgraded, the evicted service pods will automatically recover.
                                                                                  • 
 
                                                                                  
 
                                                                                  Notes and Constraints
                                                                                  • If an error occurred during a cluster upgrade, the cluster can be rolled back using the backup data. If you perform other operations (for example, modifying cluster specifications) after a successful cluster upgrade, the cluster cannot be rolled back using the backup data.
                                                                                  • When clusters using the tunnel network model are upgraded to v1.19.16-r4, v1.21.7-r0, v1.23.5-r0, v1.25.1-r0, or later, the SNAT rule whose destination address is the container CIDR block but the source address is not the container CIDR block will be removed. If you have configured VPC routes to directly access all pods outside the cluster, only the pods on the corresponding nodes can be directly accessed after the upgrade.
                                                                                  • For more details, see Version Differences.
                                                                                  
 
                                                                                  
@@ -65,7 +65,7 @@
 
                                                                                  
 
                                                                                  Guaranteed
                                                                                  
 
                                                                                  Besteffort
                                                                                  
+
                                                                                  BestEffort
                                                                                  
                                                                                   		
 
                                                                                  Burstable
                                                                                  
 
                                                                                  No
                                                                                  
                                                                                   		
 
                                                                                  Besteffort
                                                                                  
+
                                                                                  BestEffort
                                                                                  
 
                                                                                  Besteffort
                                                                                  
+
                                                                                  BestEffort
                                                                                  
 
                                                                                  Besteffort
                                                                                  
+
                                                                                  BestEffort
                                                                                  
                                                                                   		
 
                                                                                  No
                                                                                  
                                                                                   		
 
                                                                                  Besteffort
                                                                                  
+
                                                                                  BestEffort
                                                                                  
                                                                                   		
 
                                                                                  Burstable
                                                                                  
 
                                                                                  No
                                                                                  
                                                                                   		
 
                                                                                  Besteffort
                                                                                  
+
                                                                                  BestEffort
                                                                                  
                                                                                   		
 
                                                                                  Guaranteed
                                                                                  
 
                                                                                  
 
                                                                                  Burstable
                                                                                  
 
                                                                                  Besteffort
                                                                                  
+
                                                                                  BestEffort
                                                                                  
                                                                                   		
 
                                                                                  Burstable
                                                                                  
                                                                                   		
 
                                                                                  Static storage volumes are not supported.
                                                                                  
 
                                                                                  Using a Local PV Through a Dynamic PV is supported.
                                                                                  
 
                                                                                  For details, see Using a Local EV.
                                                                                  
+
                                                                                  For details, see Local EV.
                                                                                  
 
                                                                                  For details, see Using a Temporary Path.
                                                                                  
+
                                                                                  For details, see Temporary Path.
                                                                                  
                                                                                   		
 
                                                                                  For details, see hostPath.
                                                                                  
                                                                                   		
 
                                                                                  
 
                                                                                  
 
                                                                                  
-
                                                                                  You can set other mount options if needed. For details, see Mounting an NFS File System to ECSs (Linux).
                                                                                  
+
                                                                                  You can configure other mount options if needed. For details, see Mounting an NFS File System to ECSs (Linux).
                                                                                  
 
                                                                                
 
                                                                                Configuring Mount Options in a PV
                                                                                You can use the mountOptions field to configure mount options in a PV. The options you can configure in mountOptions are listed in SFS Volume Mount Options.
                                                                                
-
                                                                                1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                2. Configure mount options in a PV. Example:
                                                                                  apiVersion: v1
+
                                                                                  1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                  2. Configure mount options in a PV. Example:
                                                                                    apiVersion: v1
 kind: PersistentVolume
 metadata:
   annotations:
@@ -85,12 +85,12 @@ spec:
   csi:
     driver: nas.csi.everest.io    # Dependent storage driver for the mounting
     fsType: nfs
-    volumeHandle: <your_volume_id>   # ID of the SFS Capacity-Oriented volume
+    volumeHandle: <your_volume_id>   # ID of the SFS Capacity-Oriented volume
     volumeAttributes:
       everest.io/share-export-location: <your_location>  # Shared path of the SFS volume
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
   persistentVolumeReclaimPolicy: Retain    # Reclaim policy
-  storageClassName: csi-nas                # StorageClass name. 
+  storageClassName: csi-nas                # Storage class name.
   mountOptions:                            # Mount options
   - vers=3
   - nolock
@@ -107,7 +107,7 @@ spec:
 
                                                                                  
 
                                                                                
 
                                                                                Configuring Mount Options in a StorageClass
                                                                                You can use the mountOptions field to configure mount options in a StorageClass. The options you can configure in mountOptions are listed in SFS Volume Mount Options.
                                                                                
-
                                                                                1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                2. Create a custom StorageClass. Example:
                                                                                  apiVersion: storage.k8s.io/v1
+
                                                                                  1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                  2. Create a custom StorageClass. Example:
                                                                                    apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
   name: csi-sfs-mount-option
diff --git a/docs/cce/umn/cce_10_0341.html b/docs/cce/umn/cce_10_0341.html
index 164d7dd23..b5456b9bc 100644
--- a/docs/cce/umn/cce_10_0341.html
+++ b/docs/cce/umn/cce_10_0341.html
@@ -2,7 +2,7 @@
 
 
                                                                                    Space Allocation of a Data Disk
                                                                                    
 
                                                                                    This section describes how to allocate data disk space to nodes so that you can configure the data disk space accordingly.
                                                                                    
-
                                                                                    Allocating Default Data Disk Space
                                                                                     
                                                                                    • In clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0, a default data disk will be added to the node its container runtime and kubelet components. You can customize the space allocation of the default data disk.
                                                                                    • In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, a default data disk will be added to the node for its container runtime and kubelet components only if System Component Storage is set to Data Disk. You can customize the space allocation of the default data disk.
                                                                                    
+
                                                                                    Allocating Default Data Disk Space
                                                                                     
                                                                                    • In clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.29.4-r0, or v1.28.8-r0, a default data disk will be added to the node for the container runtime and kubelet components. You can customize the space allocation of the default data disk.
                                                                                    • In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, a default data disk will be added to the node for the container runtime and kubelet components only if System Component Storage is set to Data Disk. You can customize the space allocation of the default data disk.
                                                                                    
 
                                                                                    
 
                                                                                    When creating a node, you can customize Data Disk Space Allocation in the expanded area of Data Disk.
                                                                                    
 
                                                                                    
@@ -10,17 +10,17 @@
 
                                                                                     
                                                                                    If the sum of the container engine and container image space and the kubelet and emptyDir space is less than 100%, the remaining space will be allocated for user data. You can mount the storage volume to a service path. Do not leave the path empty or set it to a key OS path such as the root directory.
                                                                                    
 
                                                                                    
 
                                                                              
-
                                                                            3. Space Allocation for Pods: indicates the basesize of a pod. You can set an upper limit for the disk space occupied by each workload pod (including the space occupied by container images). This setting prevents the pods from taking all the disk space available, which may cause service exceptions. It is recommended that the value is less than or equal to 80% of the container engine space. This parameter is related to the node OS and container storage rootfs and is not supported in some scenarios. For details, see Mapping Between OS and Container Storage Rootfs.
                                                                            4. Write Mode
                                                                              • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                              • Striped: available only if there are at least two data disks. A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence. This allows data to be concurrently read and written. A storage pool consisting of striped volumes cannot be scaled-out.
                                                                              
+
                                                                            5. Space Allocation for Pods: indicates the basesize of a pod. You can set an upper limit for the disk space occupied by each workload pod (including the space occupied by container images). This setting prevents the pods from taking all the disk space available, which may cause service exceptions. It is recommended that the value is less than or equal to 80% of the container engine space. This parameter is related to the node OS and container storage Rootfs and is not supported in some scenarios. For details, see Mapping Between OS and Container Storage Rootfs.
                                                                            6. Write Mode
                                                                              • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                              • Striped: available only if there are at least two data disks. A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence. This allows data to be concurrently read and written. A storage pool consisting of striped volumes cannot be scaled-out.
                                                                              
 
                                                                              7. 
 
                                                                            
 
                                                                            Space Allocation for Container Engines
                                                                            For a node using a non-shared data disk (100 GiB for example), the division of the disk space varies depending on the container storage Rootfs type Device Mapper or OverlayFS. For details about the container storage Rootfs corresponding to different OSs, see Mapping Between OS and Container Storage Rootfs.
                                                                            
 
                                                                            • Rootfs (Device Mapper)
                                                                              By default, the container engine and image space, occupying 90% of the data disk, can be divided into the following two parts:
                                                                              • The /var/lib/docker directory is used as the Docker working directory and occupies 20% of the container engine and container image space by default. (Space size of the /var/lib/docker directory = Data disk space x 90% x 20%)
                                                                              • The thin pool is used to store container image data, image metadata, and container data, and occupies 80% of the container engine and container image space by default. (Thin pool space = Data disk space x 90% x 80%)
                                                                                The thin pool is dynamically mounted. You can view it by running the lsblk command on a node, but not the df -h command.
                                                                                
 
                                                                              
 
                                                                              
-
                                                                              Figure 1 Space allocation for container engines of Device Mapper
                                                                              
+
                                                                              Figure 1 Space allocation for container engines of Device Mapper
                                                                              
 
                                                                            
 
                                                                            • Rootfs (OverlayFS)
                                                                              No separate thin pool. The entire container engine and container image space (90% of the data disk by default) are in the /var/lib/docker directory.
                                                                              
-
                                                                              Figure 2 Space allocation for container engines of OverlayFS
                                                                              
+
                                                                              Figure 2 Space allocation for container engines of OverlayFS
                                                                              
 
                                                                            
 
                                                                            
 
                                                                            Space Allocation for Pods
                                                                            The customized pod container space (basesize) is related to the node OS and container storage Rootfs. For details about the container storage Rootfs, see Mapping Between OS and Container Storage Rootfs.
                                                                            
diff --git a/docs/cce/umn/cce_10_0342.html b/docs/cce/umn/cce_10_0342.html
index 871ba54ae..b59edbe58 100644
--- a/docs/cce/umn/cce_10_0342.html
+++ b/docs/cce/umn/cce_10_0342.html
@@ -31,7 +31,7 @@
 
                                                                            For users who have higher requirements on performance, resource utilization, and full-scenario coverage
                                                                            
                                                                             		
 
                                                                            Specification difference
                                                                            
+
                                                                            Specification difference
                                                                            
                                                                             		
 
                                                                            Network model
                                                                            
                                                                             		
 
 
                                                                            hostPort
                                                                            
+
                                                                            Supported
                                                                            
+
                                                                            Not supported
                                                                            
+
                                                                            
 
                                                                            Network performance
                                                                            
                                                                             		
 
                                                                            The container network is overlaid with the VPC network, causing certain performance loss.
                                                                            
@@ -56,7 +63,7 @@
 
                                                                            Pods can be associated with security groups for isolation. This isolation policy, based on security groups, ensures consistent security isolation both within and outside of a cluster.
                                                                            
                                                                             		
 
                                                                            Security isolation
                                                                            
+
                                                                            Container resource isolation
                                                                            
                                                                             		
 
                                                                            cgroups are used to isolate common containers.
                                                                            
                                                                             		
 
                                                                            
 
                                                                            
 
                                                                          
-
                                                                          Number of Allocatable Container IP Addresses on a Node
                                                                          When creating a cluster in the VPC network model, specify the number of container IP addresses that can be allocated on each node using alpha.cce/fixPoolMask based on the rules for managing container IP addresses.
                                                                          
+
                                                                          Number of Allocatable Container IP Addresses on a Node
                                                                          When creating a cluster in the VPC network model, follow the  and specify the number of container IP addresses that can be allocated to each node using alpha.cce/fixPoolMask.
                                                                          
 
                                                                          The maximum number of pods that can be created on a node is determined by the number of container IP addresses that can be allocated to it. In a container network, each pod needs its own IP address. If there are not enough pre-allocated container IP addresses on the node, pods cannot be created. If hostNetwork: true is configured in the YAML file, pods will use the host network instead of the allocatable container IP addresses. For details, see Pod IP Address Allocation Differences Between the Container Network and Host Network.
                                                                          
 
                                                                          By default, a node occupies three container IP addresses (network address, gateway address, and broadcast address). Therefore, the number of container IP addresses that can be allocated to a node equals the number of selected container IP addresses minus 3. 
                                                                          
 
                                                                          
diff --git a/docs/cce/umn/cce_10_0349.html b/docs/cce/umn/cce_10_0349.html
index 4b48c83cd..7437c5f43 100644
--- a/docs/cce/umn/cce_10_0349.html
+++ b/docs/cce/umn/cce_10_0349.html
@@ -16,7 +16,7 @@
 
 
                                                                        A mature, stable kube-proxy mode, but its performance is average. It applies to scenarios where the number of Services is small (less than 3000) or there are a large number of short concurrent connections on the client. For details, see iptables.
                                                                        
 
                                                                        A high-performance kube-proxy mode. It applies to scenarios where the cluster scale is large or the number of Services is large. For details, see IPVS.
                                                                        
+
                                                                        A high-performance kube-proxy mode. This mode is suitable for large cluster scales or when there are a large number of Services. For details, see IPVS.
                                                                        
                                                                         		
 
                                                                        
 
                                                                        Throughput
                                                                        
@@ -53,7 +53,7 @@
                                                                         		
 
                                                                        When there are more than 3000 Services in a cluster, network delay may occur.
                                                                        
 
                                                                        • If an ingress and a Service use the same load balancer, the ingress cannot be accessed from the nodes and containers in the cluster because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge. This bridge intercepts the traffic of the load balancer used by the ingress. Use different load balancers for the ingress and Service.
                                                                        
+
                                                                        • If you use the same load balancer for both the ingress and Service in the same cluster or for the Service ports in different clusters, you will not be able to access the ingress from the nodes or containers in the cluster, or the Service ports in other clusters. This is because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge, which intercepts the load balancer traffic. Use separate load balancers for these ingresses and Services.
                                                                        
                                                                         		
 
                                                                        
 
 
 
                                                                        System Disk
                                                                        
                                                                         		
 
                                                                        System disk used by the node OS. The value ranges from 40 GiB to 1024 GiB. The default value is 50 GiB.
                                                                        
-
                                                                        System Disk Encryption: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. Only the nodes of the Elastic Cloud Server (VM) type in certain regions support system disk encryption. For details, see the console.
                                                                        • Not encrypted is selected by default.
                                                                        • If you select Enabled (key) for System Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
                                                                        • If you select Enabled (KMS key ID) for System Disk Encryption, enter a KMS key (which can be shared by others) in the current region.
                                                                        
+
                                                                        System Disk Encryption: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. Only the nodes of the Elastic Cloud Server (VM) type in certain regions support system disk encryption. For details, see the console.
                                                                        • Not encrypted is selected by default.
                                                                        • If you select Enabled (key) for System Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
                                                                        • If you select Enabled (KMS key ID) for System Disk Encryption, enter a KMS key (which can be shared by others) in the current region.
                                                                        
 
                                                                        
 
                                                                        		
 
                                                                        
 
                                                                        Data Disk
                                                                        
 
                                                                        At least one data disk is required for the container runtime and kubelet components in clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.
                                                                        • Default data disk: used for container runtime and kubelet components. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB.
                                                                        • Other common data disks: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.
                                                                        
-
                                                                        
-
                                                                        In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, if System Component Storage is set to System Disk, you have the option not to add the default data disk. In this case, all data disks are common ones: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.
                                                                        
+
                                                                        • At least one default data disk must be added for storing container runtime and kubelet components if System Component Storage is set to Data Disk. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable. This function is available for clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0.
                                                                          • Default data disk: used for container runtime and kubelet components. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB.
                                                                          • Other common data disks: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.
                                                                          
+
                                                                        • If System Component Storage is set to System Disk, you do not need to add a default data disk. In this case, all data disks are common ones: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB. This function is available for clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later versions.
                                                                        
 
                                                                         NOTE: 
                                                                        • If the node flavor is disk-intensive or ultra-high I/O, one data disk can be a local disk.
                                                                        • Local disks may break down and do not ensure data reliability. Store your service data in EVS disks, which are more reliable than local disks.
                                                                        
 
                                                                        
 
                                                                        Advanced Settings
                                                                        
-
                                                                        Expand the area and configure the following parameters:
                                                                        
-
                                                                        • Data Disk Space Allocation: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Space Allocation of a Data Disk.
                                                                        • Data Disk Encryption: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. 
                                                                          • Not encrypted is selected by default.
                                                                          • If you select Enabled (key) for Data Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
                                                                          • If you select Enabled (KMS key ID) for Data Disk Encryption, enter a KMS key (which can be shared by others) in the current region.
                                                                          
+
                                                                          Expand the area and configure the following parameters:
                                                                          
+
                                                                          • Data Disk Space Allocation: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Space Allocation of a Data Disk.
                                                                          • Data Disk Encryption: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. 
                                                                            • Not encrypted is selected by default.
                                                                            • If you select Enabled (key) for Data Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
                                                                            • If you select Enabled (KMS key ID) for Data Disk Encryption, enter a KMS key (which can be shared by others) in the current region.
                                                                            
 
                                                                          
-
                                                                          Adding data disks
                                                                          
+
                                                                          Adding data disks
                                                                          
 
                                                                          A maximum of 16 data disks can be attached to an ECS. By default, a raw disk is created without any processing. You can also click Expand and select any of the following options:
                                                                          
 
                                                                          • Default: By default, a raw disk is created without any processing.
                                                                          • Mount Disk: The data disk is attached to a specified directory.
                                                                          • Use as PV: applicable when there is a high performance requirement on PVs. The node.kubernetes.io/local-storage-persistent label is added to the node with PV configured. The value is linear or striped.
                                                                          • Use as ephemeral volume: applicable when there is a high performance requirement on emptyDir.
                                                                          
-
                                                                           NOTE: 
                                                                          • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                          • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
                                                                          
+
                                                                          PVs and EVs support the following write modes:
                                                                          
+
                                                                          • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                          • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence. This allows data to be concurrently read and written. A storage pool consisting of striped volumes cannot be scaled-out. This option can be selected only when there are multiple volumes.
                                                                          
+
                                                                           NOTE: 
                                                                          • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                          • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
                                                                          
 
                                                                          
-
                                                                          Local PVs and local EVs can be written in the following modes:
                                                                          • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                          • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence. This allows data to be concurrently read and written. A storage pool consisting of striped volumes cannot be scaled-out. This option can be selected only when multiple volumes exist.
                                                                          
-
                                                                          
 
                                                                        		
 
                                                                        
 
                                                                        Resource Tag
                                                                        
                                                                         		
 
                                                                        You can add resource tags to classify resources. A maximum of eight resource tags can be added.
                                                                        
-
                                                                        You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                        
+
                                                                        You can create predefined tags on the TMS console. These tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                        
 
                                                                        CCE will automatically create the "CCE-Dynamic-Provisioning-Node=Node ID" tag.
                                                                        
                                                                         		
 
                                                                        
 
 
 
                                                                        String
                                                                        
 
                                                                        nginx: indicates that Nginx Ingress is used. This option is available only after the NGINX Ingress Controller add-on is installed. If multiple NGINX Ingress Controllers are installed in the cluster, replace nginx with the custom name of the controller associated with the ingress.
                                                                        
-
                                                                        Multiple NGINX Ingress Controller add-ons can be installed in one cluster if the add-on version is 2.5.4 or later. In this case, the value of this parameter must be the controller name customized during controller installation, which indicates that the ingress is managed by the controller.
                                                                        
+
                                                                        nginx: indicates that Nginx Ingress is used. This option is available only after the NGINX Ingress Controller add-on is installed.
                                                                        
+
                                                                        Multiple NGINX Ingress Controller add-ons can be installed in a single cluster if the add-on version is 2.5.4 or later. In this case, the value of this parameter must be the controller name customized during controller installation, indicating that the ingress is managed by that specific controller.
                                                                        
 
                                                                        This parameter is mandatory when an ingress is created by calling the API.
                                                                        
                                                                         		
 
                                                                        
 
 
                                                                        ClusterFirst (default value)
                                                                        
 
                                                                        Custom DNS configuration added to the default DNS configuration. By default, the application connects to CoreDNS (CoreDNS of the CCE cluster connects to the DNS on the cloud by default). The custom dnsConfig will be added to the default DNS parameters. Containers can resolve both the cluster-internal domain names registered by a Service and the external domain names exposed to public networks. The search list (search option) and ndots: 5 are present in the DNS configuration file. Therefore, when accessing an external domain name and a long cluster-internal domain name (for example, kubernetes.default.svc.cluster.local), the search list will usually be traversed first, resulting in at least six invalid DNS queries. The issue of invalid DNS queries disappears only when a short cluster-internal domain name (for example, kubernetes) is being accessed.
                                                                        
+
                                                                        Custom DNS configuration added to the default DNS configuration. By default, the application connects to CoreDNS (CoreDNS of the CCE cluster connects to the DNS on the cloud by default). The custom dnsConfig will be added to the default DNS parameters. Containers can resolve both the cluster-internal domain names registered by a Service and the external domain names exposed to public networks. The search list (search option) and ndots: 5 are present in the DNS configuration file. Therefore, when accessing an external domain name and a long cluster-internal domain name (for example, kubernetes.default.svc.cluster.local), the search list will usually be traversed first, resulting in at least six invalid DNS queries. The issue of invalid DNS queries disappears only when a short cluster-internal domain name (for example, kubernetes) is being accessed.
                                                                        
                                                                         		
 
                                                                        
 
                                                                        ClusterFirstWithHostNet
                                                                        
@@ -110,6 +110,9 @@ spec:
 
                                                                        nameservers
                                                                        
                                                                         		
 
                                                                        A list of IP addresses that will be used as DNS servers. If workload's dnsPolicy is set to None, the list must contain at least one IP address, otherwise this property is optional. The servers listed will be combined to the nameservers generated from the specified DNS policy in dnsPolicy with duplicate addresses removed.
                                                                        
+
                                                                         NOTE: 
                                                                        A maximum of three DNS addresses can be configured for a nameserver in the container DNS configuration file.
                                                                        
+
                                                                        • If dnsPolicy is set to ClusterFirst and the cluster uses CoreDNS, you can add two custom DNS addresses in addition to the CoreDNS address. Excess DNS addresses are invalid.
                                                                        
+
                                                                        
                                                                         		
 
                                                                        
 
                                                                        searches
                                                                        
@@ -142,7 +145,7 @@ spec:
 
                                                                        Container's DNS configuration file:
                                                                        
 
                                                                        nameserver 10.247.3.10
 search default.svc.cluster.local svc.cluster.local cluster.local
-options ndots:5
                                                                        
+options timeout:2 single-request-reopen ndots:5
 
                                                                      • Use Case 2: Using a Cloud DNS
                                                                        Scenario
                                                                        
 
                                                                        A DNS cannot resolve cluster-internal domain names and therefore applies to the scenario where workloads access only external domain names registered with the Internet.
                                                                        
 
                                                                        Example:
                                                                        
@@ -158,8 +161,9 @@ spec:
   dnsPolicy: Default  # The DNS configuration file that the kubelet --resolv-conf parameter points to is used. In this case, the CCE cluster uses the DNS on the cloud.
   imagePullSecrets:
     - name: default-secret
-
                                                                        Container's DNS configuration file:
                                                                        
-
                                                                        nameserver 100.125.x.x
                                                                        
+
                                                                        The DNS configuration file of the container is as follows: (100.125.x.x is the DNS address of the node subnet.)
                                                                        
+
                                                                        nameserver 100.125.x.x
+options timeout:2 single-request-reopen
                                                                        
 
                                                                      • Use Case 3: Using Kube-DNS/CoreDNS for Workloads Running with hostNetwork
                                                                        Scenario
                                                                        
 
                                                                        By default, a DNS is used for workloads running with hostNetwork. If workloads need to use Kube-DNS/CoreDNS, set dnsPolicy to ClusterFirstWithHostNet.
                                                                        
 
                                                                        Example:
                                                                        
@@ -180,7 +184,7 @@ spec:
 
                                                                        Container's DNS configuration file:
                                                                        
 
                                                                        nameserver 10.247.3.10
 search default.svc.cluster.local svc.cluster.local cluster.local
-options ndots:5
                                                                        
+options ndots:5 single-request-reopen timeout:2
 
                                                                      • Use Case 4: Customizing Application's DNS Configuration
                                                                        Scenario
                                                                        
 
                                                                        You can flexibly customize the DNS configuration file for applications. Using dnsPolicy and dnsConfig together can address almost all scenarios, including the scenarios in which an on-premises DNS will be used, multiple DNSs will be cascaded, and DNS configuration options will be modified.
                                                                        
 
                                                                        Example 1: Using Your On-Premises DNS
                                                                        
@@ -211,7 +215,7 @@ spec:
 
                                                                        Container's DNS configuration file:
                                                                        
 
                                                                        nameserver 10.2.3.4
 search ns1.svc.cluster.local my.dns.search.suffix
-options timeout:3 ndots:2
                                                                        
+options timeout:3 ndots:2 single-request-reopen 
 
                                                                        Example 2: Modifying the ndots Option in the DNS Configuration File to Reduce Invalid DNS Queries
                                                                        
 
                                                                        Set dnsPolicy to a value other than None so the DNS parameters configured in dnsConfig are added to the DNS configuration file generated based on dnsPolicy.
                                                                        
 
                                                                        apiVersion: v1
@@ -233,7 +237,7 @@ spec:
 
                                                                        Container's DNS configuration file:
                                                                        
 
                                                                        nameserver 10.247.3.10
 search default.svc.cluster.local svc.cluster.local cluster.local
-options ndots:2
                                                                        
+options ndots:2 single-request-reopen timeout:2
                                                                        
 
                                                                        Example 3: Using Multiple DNSs in Serial Sequence
                                                                        
 
                                                                        apiVersion: v1
 kind: Pod
@@ -250,10 +254,14 @@ spec:
     - 10.2.3.4 # IP address of your on-premises DNS
   imagePullSecrets:
     - name: default-secret
                                                                        
+
                                                                         
                                                                        A maximum of three DNS addresses can be configured for a nameserver in the container DNS configuration file.
                                                                        
+
                                                                        • If dnsPolicy is set to ClusterFirst and the cluster uses CoreDNS, you can add two custom DNS addresses in addition to the CoreDNS address. Excess DNS addresses are invalid.
                                                                        
+
                                                                        
 
                                                                        Container's DNS configuration file:
                                                                        
-
                                                                        nameserver 10.247.3.10 10.2.3.4
+
                                                                        nameserver 10.247.3.10 
+nameserver 10.2.3.4
 search default.svc.cluster.local svc.cluster.local cluster.local
-options ndots:5
                                                                        
+options timeout:2 single-request-reopen ndots:5
                                                                        
 
                                                                        • 
 
 
diff --git a/docs/cce/umn/cce_10_0367.html b/docs/cce/umn/cce_10_0367.html
index 7e8caf177..403f34902 100644
--- a/docs/cce/umn/cce_10_0367.html
+++ b/docs/cce/umn/cce_10_0367.html
@@ -1,33 +1,44 @@
 
 
 
                                                                        Accessing a Cluster Using a Custom Domain Name
                                                                        
-
                                                                        Scenario
                                                                        Subject Alternative Name (SAN) allows multiple values (including IP addresses, domain names, and so on) to be associated with certificates. A SAN is usually used by the client to verify the server validity in TLS handshakes. Specifically, the validity check includes whether the server certificate is issued by a CA trusted by the client and whether the SAN in the certificate matches the IP address or DNS domain name that the client actually accesses.
                                                                        
+
                                                                        Scenario
                                                                        Subject Alternative Name (SAN) enables certificates to be associated with multiple values, including IP addresses and domain names. A SAN is usually used by the client to verify the server validity in TLS handshakes. Specifically, the validity check includes whether the server certificate is issued by a CA trusted by the client and whether the SAN in the certificate matches the IP address or DNS domain name that the client actually accesses.
                                                                        
 
                                                                        If the client cannot directly access the private IP or EIP of the cluster, you can sign the IP address or DNS domain name that can be directly accessed by the client into the cluster server certificate as a SAN to enable two-way authentication on the client, which improves security. Typical use cases include DNAT access and domain name access.
                                                                        
 
                                                                        If you have particular proxy access requirements or need to access resources in other regions, you can customize a SAN. Typical domain name access scenarios:
                                                                        
 
                                                                        • Add the domain name mapping by either adding the DNS domain name address in the host domain name configuration on the client or configuring /etc/hosts on the client host.
                                                                        • Use domain name access in the intranet. DNS allows you to configure mappings between cluster EIPs and custom domain names. After an EIP is updated, you can continue to use two-way authentication and the domain name to access the cluster without downloading the kubeconfig.json file again.
                                                                        • Add A records on a self-built DNS server.
                                                                        
 
                                                                        
 
                                                                        Prerequisites
                                                                        A cluster of v1.19 or later is available.
                                                                        
 
                                                                        
-
                                                                        Customizing a SAN
                                                                        1. Log in to the CCE console.
                                                                        2. Click the name of the target cluster in the cluster list to go to the cluster Overview page.
                                                                        3. In the Connection Information area, click  next to Custom SAN. In the dialog box displayed, enter the IP address or domain name and click Save.
                                                                           
                                                                          1. This operation will restart kube-apiserver and update the kubeconfig.json file for a short period of time. Do not perform operations on the cluster during this period.
                                                                          
-
                                                                          2. A maximum of 128 domain names or IP addresses, separated by commas (,), are allowed.
                                                                          
-
                                                                          3. If a custom domain name needs to be bound to an EIP, ensure that an EIP has been configured.
                                                                          
+
                                                                          Customizing a SAN
                                                                          You can add a custom SAN on the CCE console. To do so, perform the following operations:
                                                                          
+
                                                                          1. Log in to the CCE console.
                                                                          2. Click the name of the target cluster in the cluster list to go to the cluster Overview page.
                                                                          3. In the Connection Information area, click  next to Custom SAN. In the dialog box displayed, enter the IP address or domain name and click Save.
                                                                            
+
                                                                             
                                                                            • The kube-apiserver will be restarted and the kubeconfig certificate will be updated, which will take approximately 5 minutes. Do not perform any operations on the cluster during this period. After the operation is complete, download the updated kubeconfig certificate.
                                                                            • A maximum of 128 domain names or IP addresses, separated by commas (,), are allowed.
                                                                            • If a custom domain name needs to be bound to an EIP, ensure that you have configured an EIP.
                                                                            
 
                                                                            
 
                                                                          
 
                                                                          
-
                                                                          Connecting to a Cluster Using the SAN
                                                                          Using kubectl to access the cluster
                                                                          
-
                                                                          1. Download the kubeconfig.json file again after the SAN is modified.
                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                            2. On the Overview page, locate the Connection Info area, click Configure next to kubectl. On the page displayed, download the configuration file.
                                                                            
-
                                                                          2. Configure kubectl.
                                                                            1. Log in to your client and copy the kubeconfig.json file downloaded in 1.b to the /home directory on your client.
                                                                            2. Configure the kubectl authentication file.
                                                                              cd /home
+
                                                                              Using kubectl to Access a Cluster
                                                                              After the SAN is modified, the original kubeconfig.json file becomes invalid. If you previously accessed the cluster using kubectl, you need to reconfigure the settings.
                                                                              
+
                                                                              1. Download the kubeconfig.json file again after the SAN is modified.
                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                2. On the Overview page, locate the Connection Information area, click Configure next to kubectl. On the page displayed, download the configuration file.
                                                                                
+
                                                                              2. Configure kubectl.
                                                                                1. Log in to your client and copy the kubeconfig.json file downloaded in 1 to the /home directory on your client.
                                                                                2. Configure the kubectl authentication file.
                                                                                  cd /home
 mkdir -p $HOME/.kube
 mv -f kubeconfig.json $HOME/.kube/config
                                                                                  
-
                                                                                3. Change the kubectl access mode and use the SAN to access the cluster.
                                                                                  kubectl config use-context customSAN-0
                                                                                  
-
                                                                                  In the preceding command, customSAN-0 indicates the configuration name of the custom SAN. If multiple SANs are configured, the number in the configuration name of each SAN starts from 0 and increases in ascending order, for example, customSAN-0, customSAN-1, and so on.
                                                                                  
+
                                                                                4. Change the kubectl access mode and use the SAN to access the cluster.
                                                                                  kubectl config use-context customSAN-0
                                                                                  
+
                                                                                  In the preceding command, customSAN-0 indicates the configuration name of the custom SAN. When multiple SANs are configured, each SAN is named with an incrementing number starting from 0, such as customSAN-0, customSAN-1, and more.
                                                                                  
 
                                                                                
+
                                                                              3. Run the following command on the client to check whether the client can access the cluster using kubectl:
                                                                                kubectl cluster-info    # Check the cluster information.
                                                                                
+
                                                                                If the following information is displayed, the client can access the cluster using kubectl:
                                                                                
+
                                                                                Kubernetes control plane is running at https://xx.xx.xx.xx:5443
+CoreDNS is running at https://xx.xx.xx.xx:5443/api/v1/namespaces/kube-system/services/coredns:dns/proxy
+To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
                                                                                
 
                                                                              
-
                                                                              Using an X.509 certificate to access the cluster
                                                                              
-
                                                                              1. After the SAN is modified, download the X509 certificate again.
                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                2. On the Overview page, locate the Connection Info area, and click Download next to X.509 certificate.
                                                                                3. In the Obtain Certificate dialog box displayed, select the certificate expiration time and download the X.509 certificate of the cluster as prompted.
                                                                                
-
                                                                              2. Call native Kubernetes APIs using the cluster certificate.
                                                                                For example, run the curl command to call an API to obtain the pod information. In the following information, example.com:5443 indicates the custom SAN.
                                                                                
-
                                                                                curl --cacert ./ca.crt --cert ./client.crt --key ./client.key  https://example.com:5443/api/v1/namespaces/default/pods/
                                                                                
-
                                                                                For more cluster APIs, see Kubernetes API.
                                                                                
+
                                                                              
+
                                                                              Using an X.509 Certificate to Access a Cluster
                                                                              After the SAN is modified, the original X.509 certificate becomes invalid. If you previously accessed the cluster using the X.509 certificate, you need to reconfigure the settings.
                                                                              
+
                                                                              1. After the SAN is modified, download the X.509 certificate again.
                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                2. On the Overview page, locate the Connection Information area, and click Download next to X.509 certificate.
                                                                                3. In the Obtain Certificate dialog box displayed, select the certificate expiration time and download the X.509 certificate of the cluster as prompted.
                                                                                
+
                                                                              2. Call Kubernetes native APIs using the cluster certificate.
                                                                                For example, run the curl command to call an API to obtain the pod information. In the following information, example.com:5443 indicates the custom SAN.
                                                                                
+
                                                                                curl --cacert ./ca.crt --cert ./client.crt --key ./client.key  https://example.com:5443/api/v1/namespaces/default/pods/
                                                                                
+
                                                                                If the following information is displayed, the X.509 certificate is correctly configured and the API Server of the cluster is running properly:
                                                                                
+
                                                                                {
+  "kind": "PodList",
+  "apiVersion": "v1",
+...
                                                                                
+
                                                                                For more cluster APIs, see Kubernetes API.
                                                                                
 
                                                                              
 
                                                                              
 
                                                                          
diff --git a/docs/cce/umn/cce_10_0373.html b/docs/cce/umn/cce_10_0373.html
index 489c12c8a..6181a512b 100644
--- a/docs/cce/umn/cce_10_0373.html
+++ b/docs/cce/umn/cce_10_0373.html
@@ -18,7 +18,8 @@ nginx_connections_reading 0
 
                                                                          
 
                                                                          Constraints
                                                                          • To use Prometheus to monitor custom metrics, the application needs to provide a metric monitoring API. For details, see Prometheus Monitoring Data Collection.
                                                                          • Currently, metrics in the kube-system and monitoring namespaces cannot be collected when pod and service annotations are used. To collect metrics in the two namespaces, use PodMonitor and ServiceMonitor.
                                                                          • The nginx/nginx-prometheus-exporter:0.9.0 image is pulled for the Nginx application. You need to add an EIP for the node where the application is deployed or upload the image to SWR to prevent application deployment failures.
                                                                          
 
                                                                          
-
                                                                          Installing and Accessing Cloud Native Cluster Monitoring
                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                          2. In the navigation pane, choose Add-ons. On the displayed page, locate the Cloud Native Cluster Monitoring add-on and click Install. 
                                                                            When installing this add-on, pay attention to the following configurations. Configure other parameters as required. For details, see Cloud Native Cluster Monitoring.
                                                                            • For 3.8.0 or later, enable custom metric collection.
                                                                              
+
                                                                              Installing and Accessing Cloud Native Cluster Monitoring
                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                              2. In the navigation pane, choose Add-ons. On the displayed page, locate Cloud Native Cluster Monitoring and click Install. 
                                                                                When installing this add-on, pay attention to the following configurations. Configure other parameters as required. For details, see Cloud Native Cluster Monitoring.
                                                                                • For 3.8.0 or later, enable custom metric collection.
                                                                                  
+
                                                                                  
 
                                                                                • For 3.8.0 or earlier, do not enable custom metric collection.
                                                                                
 
                                                                                
 
                                                                              3. After this add-on is installed, deploy workloads and Services. The Prometheus server will be deployed as a StatefulSet in the monitoring namespace.
                                                                                You can create a public network LoadBalancer Service so that Prometheus can be accessed from external networks.
                                                                                
@@ -86,12 +87,13 @@ ADD nginx.conf /etc/nginx/nginx.conf
 EXPOSE 80
 CMD ["nginx", "-g", "daemon off;"]
 
                                                                              
-
                                                                            • Use this Dockerfile to create an image and upload it to SWR. The image name is nginx:exporter. 
                                                                              1. In the navigation pane, choose My Images. In the upper right corner, click Upload Through Client. In the displayed dialog box, click Generate a temporary login command. Then, click  to copy the command.
                                                                              2. Run the login command copied in the previous step on the node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                              3. Run the following command to build an image named nginx. The image version is exporter.
                                                                                docker build -t nginx:exporter .
                                                                                
+
                                                                              4. Use this Dockerfile to create an image and upload it to SWR. The image name is nginx:exporter. 
                                                                                1. In the navigation pane, choose My Images. In the upper right corner, click Upload Through Client. In the displayed dialog box, click Generate a temporary login command. Then, click  to copy the command.
                                                                                2. Run the login command copied in the previous step on the node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                3. Run the following command to build an image named nginx. The image version is exporter.
                                                                                  docker build -t nginx:exporter .
                                                                                  
 
                                                                                4. Tag the image and upload it to the image repository. Change the image repository address and organization name based on your requirements.
                                                                                  docker tag nginx:exporter {swr-address}/{group}/nginx:exporter
 docker push {swr-address}/{group}/nginx:exporter
                                                                                  
 
                                                                                
-
                                                                              5. View application metrics.
                                                                                1. Use nginx:exporter to create a workload.
                                                                                2. Access the container and use http://<ip_address>:8080/stub_status to obtain nginx monitoring data. <ip_address> indicates the IP address of the container. Information similar to the following is displayed.
                                                                                  # curl http://127.0.0.1:8080/stub_status
-Active connections: 3 
+
                                                                                3. View application metrics.
                                                                                  1. Use nginx:exporter to create a workload.
                                                                                  2. Log in to the container and obtain the Nginx monitoring data through http://<ip_address>:8080/stub_status. <ip_address> indicates the IP address of the container.
                                                                                    curl http://127.0.0.1:8080/stub_status
                                                                                    
+
                                                                                    The command output is as follows:
                                                                                    
+
                                                                                    Active connections: 3 
 server accepts handled requests
  146269 146269 212 
 Reading: 0 Writing: 1 Waiting: 2
                                                                                    
@@ -357,7 +359,7 @@ spec:
 
                                                                            
 
                                                                            
 
                                                                            
-
                                                                            Parent topic: Best Practices
                                                                            
+
                                                                            Parent topic: O&M Best Practices
                                                                            
 
                                                                            
 
                                                                            
 
diff --git a/docs/cce/umn/cce_10_0377.html b/docs/cce/umn/cce_10_0377.html
index ac03560f3..6b523987f 100644
--- a/docs/cce/umn/cce_10_0377.html
+++ b/docs/cce/umn/cce_10_0377.html
@@ -5,7 +5,7 @@
 
                                                                             
                                                                            • Avoid using hostPath volumes as much as possible, as they are prone to security risks. If hostPath volumes must be used, they can only be applied to files or directories and mounted in read-only mode.
                                                                            • After the pod to which a hostPath volume is mounted is deleted, the data in the hostPath volume is retained.
                                                                            
 
                                                                            
 
                                                                            Mounting a hostPath Volume on the Console
                                                                            You can mount a path on the host to a specified container path. A hostPath volume is usually used to store workload logs permanently or used by workloads that need to access internal data structure of the Docker engine on the host.
                                                                            
-
                                                                            1. Log in to the CCE console.
                                                                            2. When creating a workload, click Data Storage in Container Settings. Click Add Volume and choose hostPath from the drop-down list.
                                                                            3. Set parameters for adding a local volume, as listed in Table 1.
                                                                              
+
                                                                              1. Log in to the CCE console.
                                                                              2. When creating a workload, click Data Storage in the Container Information area under Container Settings and choose Add Volume > hostPath.
                                                                              3. Set parameters for adding a local volume, as listed in Table 1.
                                                                                
 
                                                                                
-
-
-
                                                                                Table 1 Setting parameters for mounting a hostPath volume
                                                                                Parameter
                                                                                
                                                                                 		
 
                                                                                Description
                                                                                
@@ -14,13 +14,13 @@
 
                                                                                
 
                                                                                Volume Type
                                                                                
 
                                                                                Select HostPath.
                                                                                
+
                                                                                Select hostPath.
                                                                                
                                                                                 		
 
                                                                                HostPath
                                                                                
+
                                                                                hostPath
                                                                                
                                                                                 		
 
                                                                                Path of the host to which the local volume is to be mounted, for example, /etc/hosts.
                                                                                
-
                                                                                 NOTE: 
                                                                                HostPath cannot be set to the root directory /. Otherwise, the mounting fails. Mount paths can be as follows:
                                                                                
+
                                                                                 NOTE: 
                                                                                hostPath cannot be set to the root directory /. Otherwise, the mounting fails. Mount paths can be as follows:
                                                                                
 
                                                                                • /opt/xxxx (excluding /opt/cloud)
                                                                                • /mnt/xxxx (excluding /mnt/paas)
                                                                                • /tmp/xxx
                                                                                • /var/xxx (excluding key directories such as /var/lib, /var/script, and /var/paas)
                                                                                • /xxxx (It cannot conflict with the system directory, such as bin, lib, home, root, boot, dev, etc, lost+found, mnt, proc, sbin, srv, tmp, var, media, opt, selinux, sys, and usr.)
                                                                                
 
                                                                                Do not set this parameter to /home/paas, /var/paas, /var/lib, /var/script, /mnt/paas, or /opt/cloud. Otherwise, the system or node installation will fail.
                                                                                
 
                                                                                
@@ -29,14 +29,14 @@
 
                                                                                Mount Path
                                                                                
                                                                                 		
 
                                                                                Enter a mount path, for example, /tmp.
                                                                                
-
                                                                                This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                 NOTICE: 
                                                                                If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                
+
                                                                                This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                 NOTICE: 
                                                                                If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                
 
                                                                                
 
                                                                                
 
                                                                                		
 
                                                                                
 
                                                                                Subpath
                                                                                
 
                                                                                Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                
+
                                                                                Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                
                                                                                 		
 
                                                                                
 
                                                                                Permission
                                                                                
diff --git a/docs/cce/umn/cce_10_0378.html b/docs/cce/umn/cce_10_0378.html
index 92a40a8b4..a93ea5048 100644
--- a/docs/cce/umn/cce_10_0378.html
+++ b/docs/cce/umn/cce_10_0378.html
@@ -5,7 +5,7 @@
 
                                                                                1. When a container is rebuilt, files in the container will be lost.
                                                                                2. When multiple containers run in a pod at the same time, files need to be shared among the containers.
                                                                                
 
                                                                                Kubernetes volumes resolve both of these problems. Volumes, as part of a pod, cannot be created independently and can only be defined in pods. All containers in a pod can access its volumes, but the volumes must have been mounted to any directory in a container.
                                                                                
 
                                                                                The following figure shows how a storage volume is used between containers in a pod.
                                                                                
-
                                                                                
+
                                                                                
 
                                                                                The basic principles for using volumes are as follows:
                                                                                
 
                                                                                • Multiple volumes can be mounted to a pod. However, do not mount too many volumes to a pod.
                                                                                • Multiple types of volumes can be mounted to a pod.
                                                                                • Each volume mounted to a pod can be shared among containers in the pod.
                                                                                • You are advised to use PVCs and PVs to mount volumes for Kubernetes.
                                                                                
 
                                                                                 
                                                                                The lifecycle of a volume is the same as that of the pod to which the volume is mounted. When the pod is deleted, the volume is also deleted. However, files in the volume may outlive the volume, depending on the volume type.
                                                                                
@@ -37,9 +37,9 @@
 
                                                                                PV and PVC
                                                                                Kubernetes provides PersistentVolumes (PVs) and PersistentVolumeClaims (PVCs) to abstract details of how storage is provided from how it is consumed. You can request specific size of storage when needed, just like pods can request specific levels of resources (CPU and memory).
                                                                                
 
                                                                                • PV: describes a persistent storage volume in a cluster. A PV is a cluster-level resource just like a node. It applies to the entire Kubernetes cluster. A PV has a lifecycle independent of any individual Pod that uses the PV.
                                                                                • PVC: describes a request for storage by a user. When configuring storage for an application, claim a storage request (that is, PVC). Kubernetes selects a PV that best meets the request and binds the PV to the PVC. A PVC to PV binding is a one-to-one mapping. When creating a PVC, describe the attributes of the requested persistent storage, such as the storage size and read/write permission.
                                                                                
 
                                                                                You can bind PVCs to PVs in a pod so that the pod can use storage resources. The following figure shows the relationship between PVs and PVCs.
                                                                                
-
                                                                                Figure 1 PVC-to-PV binding
                                                                                
+
                                                                                Figure 1 PVC-to-PV binding
                                                                                
 
                                                                                
-
                                                                                CSI
                                                                                CSI is a standard for container storage interfaces and a storage plugin implementation solution recommended by the Kubernetes community. Everest is a storage add-on developed based on CSI. It provides different types of persistent storage for containers.
                                                                                
+
                                                                                CSI
                                                                                CSI is a standard for container storage interfaces and a storage plugin implementation solution recommended by the Kubernetes community. CCE Container Storage (Everest) is a storage add-on developed based on CSI. It provides different types of persistent storage for containers.
                                                                                
 
                                                                                
 
                                                                                Volume Access Modes
                                                                                Storage volumes can be mounted to the host system only in the mode supported by underlying storage resources. For example, a file storage system can be read and written by multiple nodes, but an EVS disk can be read and written by only one node.
                                                                                
 
                                                                                • ReadWriteOnce: A storage volume can be mounted to a single node in read-write mode.
                                                                                • ReadWriteMany: A storage volume can be mounted to multiple nodes in read-write mode.
                                                                                
@@ -170,8 +170,8 @@ metadata:
     everest.io/reclaim-policy: retain-volume-only
   name: pv-evs-test
   labels:
-    failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed
-    failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed
+    failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed
+    failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed
 spec:
   accessModes:
     - ReadWriteOnce
diff --git a/docs/cce/umn/cce_10_0379.html b/docs/cce/umn/cce_10_0379.html
index 44ebd1834..45f9917c0 100644
--- a/docs/cce/umn/cce_10_0379.html
+++ b/docs/cce/umn/cce_10_0379.html
@@ -2,10 +2,10 @@
 
 
                                                                                Using an Existing OBS Bucket Through a Static PV
                                                                                
 
                                                                                This section describes how to use an existing Object Storage Service (OBS) bucket to statically create PVs and PVCs for data persistence and sharing in workloads.
                                                                                
-
                                                                                Prerequisites
                                                                                
+
                                                                                Prerequisites
                                                                                
 
                                                                                
-
                                                                                Notes and Constraints
                                                                                • If OBS volumes are used, the owner group and permission of the mount point cannot be modified.
                                                                                • Every time an OBS volume is mounted to a workload through a PVC, a resident process is created in the backend. When a workload uses too many OBS volumes or reads and writes a large number of object storage files, resident processes will consume a significant amount of memory. To ensure stable running of the workload, make sure that the number of OBS volumes used does not exceed the requested memory. For example, if the workload requests for 4 GiB of memory, the number of OBS volumes should be no more than 4.
                                                                                • Kata containers do not support OBS volumes.
                                                                                • Hard links are not supported when common buckets are mounted.
                                                                                
-
                                                                                • Multiple PVs can use the same OBS storage volume with the following restrictions:
                                                                                  • Do not mount the PVCs/PVs that use the same underlying OBS volume to one pod. This will lead to a pod startup failure because not all PVCs can be mounted to the pod due to the same volumeHandle value.
                                                                                  • The persistentVolumeReclaimPolicy parameter in the PVs must be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                  • If underlying storage is repeatedly used, you are required to maintain data consistency. Enable isolation and protection for ReadWriteMany at the application layer and prevent multiple clients from writing the same file to prevent data overwriting and loss.
                                                                                  
+
                                                                                  Notes and Constraints
                                                                                  • If OBS volumes are used, the owner group and permission of the mount point cannot be modified.
                                                                                  • Every time an OBS volume is mounted to a workload through a PVC, a resident process is created in the backend. When a workload uses too many OBS volumes or reads and writes a large number of object storage files, resident processes will consume a significant amount of memory. To ensure stable running of the workload, make sure that the number of OBS volumes used does not exceed the requested memory. For example, if the workload requests for 4 GiB of memory, the number of OBS volumes should be no more than 4.
                                                                                  • Secure containers do not support OBS volumes.
                                                                                  • Hard links are not supported when common buckets are mounted.
                                                                                  
+
                                                                                  • Multiple PVs can use the same OBS storage volume with the following restrictions:
                                                                                    • Do not mount multiple PVCs or PVs that use the same underlying OBS volume to a single pod. Doing so will cause pod startup failures, as not all PVCs can be mounted due to identical volumeHandle value.
                                                                                    • The persistentVolumeReclaimPolicy parameter in the PVs must be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                    • If underlying storage is repeatedly used, you are required to maintain data consistency. Enable isolation and protection for ReadWriteMany at the application layer and prevent multiple clients from writing the same file to prevent data overwriting and loss.
                                                                                    
 
                                                                                  
 
                                                                                  
 
                                                                                  Using an Existing OBS Bucket on the Console
                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                  2. Statically create a PVC and PV.
                                                                                    1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
@@ -79,34 +79,34 @@
 
                                                                                
 
                                                                              4. Click Create to create a PVC and a PV.
                                                                                You can choose Storage in the navigation pane and view the created PVC and PV on the PVCs and PVs tab pages, respectively.
                                                                                
 
                                                                                5. 
-
                                                                              5. Create an application.
                                                                                1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                  Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
-
                                                                                  Table 1 Mounting a storage volume
                                                                                  Parameter
                                                                                  
+
                                                                                3. Create an application.
                                                                                  1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                  2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Information area under Container Settings and choose Add Volume > PVC.
                                                                                    Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                    
-
-
-
-
-
-
-
-
-
@@ -139,7 +139,6 @@ spec:
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
       everest.io/obs-volume-type: STANDARD
       everest.io/region: <your_region>                        # Region where the OBS volume is
-
     nodePublishSecretRef:            # Custom secret of the OBS volume
       name: <your_secret_name>       # Custom secret name
       namespace: <your_namespace>    # Namespace of the custom secret
@@ -183,8 +182,8 @@ spec:
 
-
-
@@ -116,43 +117,46 @@ metadata:
 
-
-
-
-
-
-
-
+
-
-
-
+
-
-
-
+
-
@@ -161,43 +165,53 @@ metadata:
 
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
@@ -206,42 +220,64 @@ metadata:
 
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
+
+
+
+
+
@@ -250,20 +286,51 @@ metadata:
 
-
-
-
+
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -307,7 +374,7 @@ spec:
 
                                                                                    Table 1 Mounting a storage volume
                                                                                    Parameter
                                                                                    
 
                                                                                    Description
                                                                                    
+
                                                                                    Description
                                                                                    
                                                                                     		
 
                                                                                    
 
                                                                                    PVC
                                                                                    
+
                                                                                    PVC
                                                                                    
 
                                                                                    Select an existing OBS volume.
                                                                                    
+
                                                                                    Select an existing OBS volume.
                                                                                    
                                                                                     		
 
                                                                                    Mount Path
                                                                                    
+
                                                                                    Mount Path
                                                                                    
 
                                                                                    Enter a mount path, for example, /tmp.
                                                                                    
+
                                                                                    Enter a mount path, for example, /tmp.
                                                                                    
 
                                                                                    This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                     NOTICE: 
                                                                                    If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                    
 
                                                                                    
 
                                                                                    
                                                                                     		
 
                                                                                    Subpath
                                                                                    
+
                                                                                    Subpath
                                                                                    
 
                                                                                    Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                    
+
                                                                                    Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                    
                                                                                     		
 
                                                                                    Permission
                                                                                    
+
                                                                                    Permission
                                                                                    
 
                                                                                    • Read-only: You can only read the data in the mounted volumes.
                                                                                    • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                    
+
                                                                                    • Read-only: You can only read the data in the mounted volumes.
                                                                                    • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                    
                                                                                     		
 
                                                                                    
                                                                                     
 
                                                                                    Yes
                                                                                    
 
                                                                                    OBS storage class.
                                                                                    
-
                                                                                    • If fsType is set to s3fs, STANDARD (standard bucket) and WARM (infrequent access bucket) are supported.
                                                                                    • This parameter is invalid when fsType is set to obsfs.
                                                                                    
+
                                                                                    OBS StorageClass.
                                                                                    
+
                                                                                    • If fsType is set to s3fs, standard buckets (STANDARD) and infrequent access buckets (WARM) are supported.
                                                                                    • This parameter is invalid when fsType is set to obsfs.
                                                                                    
                                                                                     		
 
                                                                                    
 
                                                                                    everest.io/region
                                                                                    
@@ -200,7 +199,7 @@ spec:
 
                                                                                    No
                                                                                    
                                                                                     		
 
                                                                                    Access key (AK/SK) used for mounting the object storage volume. You can use the AK/SK to create a secret and mount it to the PV. For details, see Using a Custom Access Key (AK/SK) to Mount an OBS Volume.
                                                                                    
-
                                                                                    An example is as follows:
                                                                                    nodePublishSecretRef:
+
                                                                                    Example:
                                                                                    nodePublishSecretRef:
   name: secret-demo
   namespace: default
                                                                                    
 
                                                                                    
@@ -229,7 +228,7 @@ spec:
 
                                                                                    Yes
                                                                                    
                                                                                     		
 
                                                                                    Storage capacity, in Gi.
                                                                                    
-
                                                                                    For OBS, this field is used only for verification (cannot be empty or 0). Its value is fixed at 1, and any value you set does not take effect for OBS.
                                                                                    
+
                                                                                    For OBS, this parameter is used only for verification (cannot be empty or 0). Its value is fixed at 1, and any value you set does not take effect for OBS.
                                                                                    
                                                                                     		
 
                                                                                    
 
                                                                                    storageClassName
                                                                                    
@@ -253,9 +252,8 @@ metadata:
     volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
     everest.io/obs-volume-type: STANDARD
     csi.storage.k8s.io/fstype: obsfs
-    csi.storage.k8s.io/node-publish-secret-name: <your_secret_name>  # Custom secret name.
-    csi.storage.k8s.io/node-publish-secret-namespace: <your_namespace>        # Namespace of the custom secret.
-
+    csi.storage.k8s.io/node-publish-secret-name: <your_secret_name>  # Custom secret name
+    csi.storage.k8s.io/node-publish-secret-namespace: <your_namespace>        # Namespace of the custom secret
 spec:
   accessModes:
   - ReadWriteMany                  # The value must be ReadWriteMany for OBS.
@@ -292,7 +290,7 @@ spec:
 
                                                                                    Yes
                                                                                    
                                                                                     		
 
                                                                                    Requested capacity in the PVC, in Gi.
                                                                                    
-
                                                                                    For OBS, this field is used only for verification (cannot be empty or 0). Its value is fixed at 1, and any value you set does not take effect for OBS.
                                                                                    
+
                                                                                    For OBS, this parameter is used only for verification (cannot be empty or 0). Its value is fixed at 1, and any value you set does not take effect for OBS.
                                                                                    
                                                                                     		
 
                                                                                    
 
                                                                                    storageClassName
                                                                                    
diff --git a/docs/cce/umn/cce_10_0380.html b/docs/cce/umn/cce_10_0380.html
index 128872c6d..ef4a771e1 100644
--- a/docs/cce/umn/cce_10_0380.html
+++ b/docs/cce/umn/cce_10_0380.html
@@ -49,7 +49,8 @@ csi-disk            everest-csi-provisioner         17d          # EVS disk
 csi-disk-topology   everest-csi-provisioner         17d          # EVS disks created with delay
 csi-nas             everest-csi-provisioner         17d          # SFS 1.0
 csi-obs             everest-csi-provisioner         17d          # OBS
-csi-sfsturbo        everest-csi-provisioner         17d          # SFS Turbo
+csi-sfsturbo        everest-csi-provisioner         17d          # SFS Turbo
+
 
                                                                                    Each StorageClass contains the default parameters used for dynamically creating a PV. The following is an example of StorageClass for EVS disks:
                                                                                    kind: StorageClass
 apiVersion: storage.k8s.io/v1
 metadata:
@@ -93,7 +94,7 @@ metadata:
 
                                                                                    
 
                                                                                    volumeBindingMode
                                                                                    
 
                                                                                    Specifies the volume binding mode, that is, the time when a PV is dynamically created. The value can be Immediate or WaitForFirstConsumer.
                                                                                    
+
                                                                                    Specifies the volume binding mode, which is the time when a PV is dynamically created. The value can be Immediate or WaitForFirstConsumer.
                                                                                    
 
                                                                                    • Immediate: After a PVC is created, the storage resources and PV will be created and associated with the PVC without delay.
                                                                                    • WaitForFirstConsumer: After a PVC is created, it will not be immediately bound to a PV. Instead, the storage resources and PV will be generated and bound to the PVC only after the pod that requires the PVC is scheduled.
                                                                                    
                                                                                     		
 
                                                                                    
 
 
                                                                                    EVS
                                                                                    
-
                                                                                    
-
                                                                                    
-
                                                                                    
+
                                                                                    EVS
                                                                                    
 
                                                                                    csi.storage.k8s.io/csi-driver-name
                                                                                    
+
                                                                                    csi.storage.k8s.io/csi-driver-name
                                                                                    
 
                                                                                    Yes
                                                                                    
+
                                                                                    Yes
                                                                                    
 
                                                                                    Driver type. If an EVS disk is used, the parameter value is fixed at disk.csi.everest.io.
                                                                                    
+
                                                                                    Driver type. If an EVS disk is used, the parameter value is fixed at disk.csi.everest.io.
                                                                                    
                                                                                     		
 
                                                                                    csi.storage.k8s.io/fstype
                                                                                    
+
                                                                                    EVS
                                                                                    
 
                                                                                    Yes
                                                                                    
+
                                                                                    csi.storage.k8s.io/fstype
                                                                                    
 
                                                                                    If an EVS disk is used, the parameter value can be ext4 or xfs.
                                                                                    
-
                                                                                    The restrictions on using xfs are as follows:
                                                                                    • The nodes must run CentOS 7, HCE OS 2.0, or Ubuntu 22.04, and the Everest version in the cluster must be 2.3.2 or later.
                                                                                    • Only common containers are supported.
                                                                                    
+
                                                                                    Yes
                                                                                    
+
                                                                                    If an EVS disk is used, the parameter value can be ext4 or xfs.
                                                                                    
+
                                                                                    The restrictions on using xfs are as follows:
                                                                                    • The nodes must run CentOS 7, HCE OS 2.0, or Ubuntu 22.04, and the Everest version in the cluster must be 2.3.2 or later.
                                                                                    • Only common containers are supported.
                                                                                    
 
                                                                                    
                                                                                     		
 
                                                                                    everest.io/disk-volume-type
                                                                                    
+
                                                                                    EVS
                                                                                    
 
                                                                                    Yes
                                                                                    
+
                                                                                    everest.io/disk-volume-type
                                                                                    
 
                                                                                    EVS disk type. All letters are in uppercase.
                                                                                    • SATA: common I/O
                                                                                    • SAS: high I/O
                                                                                    • SSD: ultra-high I/O
                                                                                    • GPSSD: general-purpose SSD
                                                                                    • ESSD: extreme SSD
                                                                                    
+
                                                                                    Yes
                                                                                    
+
                                                                                    EVS disk type. All letters are in uppercase.
                                                                                    • SATA: common I/O
                                                                                    • SAS: high I/O
                                                                                    • SSD: ultra-high I/O
                                                                                    • GPSSD: general-purpose SSD
                                                                                    • ESSD: extreme SSD
                                                                                    
 
                                                                                    
                                                                                     		
 
                                                                                    everest.io/passthrough
                                                                                    
+
                                                                                    EVS
                                                                                    
 
                                                                                    Yes
                                                                                    
+
                                                                                    everest.io/passthrough
                                                                                    
 
                                                                                    The parameter value is fixed at true, which indicates that the EVS device type is SCSI. Other parameter values are not allowed.
                                                                                    
+
                                                                                    Yes
                                                                                    
+
                                                                                    The parameter value is fixed at true, which indicates that the EVS device type is SCSI. No other parameter values are allowed.
                                                                                    
                                                                                     		
 
                                                                                    SFS
                                                                                    
+
                                                                                    SFS
                                                                                    
                                                                                     		
 
                                                                                    csi.storage.k8s.io/csi-driver-name
                                                                                    
 
                                                                                    Driver type. If SFS is used, the parameter value is fixed at nas.csi.everest.io.
                                                                                    
                                                                                     		
 
                                                                                    csi.storage.k8s.io/fstype
                                                                                    
+
                                                                                    SFS
                                                                                    
 
                                                                                    Yes
                                                                                    
+
                                                                                    csi.storage.k8s.io/fstype
                                                                                    
 
                                                                                    If SFS is used, the value can be nfs.
                                                                                    
+
                                                                                    Yes
                                                                                    
+
                                                                                    If SFS is used, the value can be nfs.
                                                                                    
                                                                                     		
 
                                                                                    everest.io/share-access-level
                                                                                    
+
                                                                                    SFS
                                                                                    
 
                                                                                    Yes
                                                                                    
+
                                                                                    everest.io/share-access-level
                                                                                    
 
                                                                                    The parameter value is fixed at rw, indicating that the SFS data is readable and writable.
                                                                                    
+
                                                                                    Yes
                                                                                    
+
                                                                                    The parameter value is fixed at rw, indicating that the SFS data is readable and writable.
                                                                                    
                                                                                     		
 
                                                                                    everest.io/share-access-to
                                                                                    
+
                                                                                    SFS
                                                                                    
 
                                                                                    Yes
                                                                                    
+
                                                                                    everest.io/share-access-to
                                                                                    
 
                                                                                    VPC ID of the cluster.
                                                                                    
+
                                                                                    Yes
                                                                                    
+
                                                                                    VPC ID of the cluster.
                                                                                    
                                                                                     		
 
                                                                                    everest.io/share-is-public
                                                                                    
+
                                                                                    SFS
                                                                                    
 
                                                                                    No
                                                                                    
+
                                                                                    everest.io/share-is-public
                                                                                    
 
                                                                                    The parameter value is fixed at false, indicating that the file is shared to private.
                                                                                    
+
                                                                                    No
                                                                                    
+
                                                                                    The parameter value is fixed at false, indicating that the file is shared to private.
                                                                                    
 
                                                                                    When you use SFS 3.0, there is no need to configure this parameter.
                                                                                    
                                                                                     		
 
                                                                                    everest.io/sfs-version
                                                                                    
+
                                                                                    SFS
                                                                                    
 
                                                                                    No
                                                                                    
+
                                                                                    everest.io/sfs-version
                                                                                    
 
                                                                                    This parameter is only required for SFS 3.0 and its value is fixed at sfs3.0.
                                                                                    
+
                                                                                    No
                                                                                    
+
                                                                                    This parameter is only required for SFS 3.0 and its value is fixed at sfs3.0.
                                                                                    
                                                                                     		
 
                                                                                    SFS Turbo
                                                                                    
+
                                                                                    SFS Turbo
                                                                                    
                                                                                     		
 
                                                                                    csi.storage.k8s.io/csi-driver-name
                                                                                    
 
                                                                                    Driver type. If SFS Turbo is used, the parameter value is fixed at sfsturbo.csi.everest.io.
                                                                                    
                                                                                     		
 
                                                                                    csi.storage.k8s.io/fstype
                                                                                    
+
                                                                                    SFS Turbo
                                                                                    
 
                                                                                    Yes
                                                                                    
+
                                                                                    csi.storage.k8s.io/fstype
                                                                                    
 
                                                                                    If SFS Turbo is used, the value can be nfs.
                                                                                    
+
                                                                                    Yes
                                                                                    
+
                                                                                    If SFS Turbo is used, the value can be nfs.
                                                                                    
                                                                                     		
 
                                                                                    everest.io/share-access-to
                                                                                    
+
                                                                                    SFS Turbo
                                                                                    
 
                                                                                    Yes
                                                                                    
+
                                                                                    everest.io/share-access-to
                                                                                    
 
                                                                                    VPC ID of the cluster.
                                                                                    
+
                                                                                    Yes
                                                                                    
+
                                                                                    VPC ID of the cluster.
                                                                                    
                                                                                     		
 
                                                                                    everest.io/share-expand-type
                                                                                    
+
                                                                                    SFS Turbo
                                                                                    
 
                                                                                    No
                                                                                    
+
                                                                                    everest.io/share-expand-type
                                                                                    
 
                                                                                    Extension type. The default value is bandwidth, indicating an enhanced file system. This parameter does not take effect.
                                                                                    
+
                                                                                    No
                                                                                    
+
                                                                                    Extension type. The default value is bandwidth, indicating an enhanced file system. This parameter does not take effect.
                                                                                    
                                                                                     		
 
                                                                                    everest.io/share-source
                                                                                    
+
                                                                                    SFS Turbo
                                                                                    
 
                                                                                    Yes
                                                                                    
+
                                                                                    everest.io/share-source
                                                                                    
 
                                                                                    The parameter value is fixed at sfs-turbo.
                                                                                    
+
                                                                                    Yes
                                                                                    
+
                                                                                    The parameter value is fixed at sfs-turbo.
                                                                                    
                                                                                     		
 
                                                                                    everest.io/share-volume-type
                                                                                    
+
                                                                                    SFS Turbo
                                                                                    
 
                                                                                    No
                                                                                    
+
                                                                                    everest.io/share-volume-type
                                                                                    
 
                                                                                    SFS Turbo StorageClass. The default value is STANDARD, indicating standard and standard enhanced editions. This parameter does not take effect.
                                                                                    
+
                                                                                    No
                                                                                    
+
                                                                                    SFS Turbo StorageClass. The default value is STANDARD, indicating standard and standard enhanced editions. This parameter does not take effect.
                                                                                    
                                                                                     		
 
                                                                                    OBS
                                                                                    
+
                                                                                    SFS Turbo
                                                                                    
+
                                                                                    everest.io/reclaim-policy
                                                                                    
+
                                                                                    No
                                                                                    
+
                                                                                    Whether to retain subdirectories when deleting a PVC. This parameter must be used with reclaim policies. This parameter is available only when the PV reclaim policy is Delete. Options:
                                                                                    
+
                                                                                    • retain-volume-only: If a PVC is deleted, the PV will be deleted, but its associated subdirectories will be retained.
                                                                                    • delete: When a PVC is deleted, the associated PV and its subdirectories will also be deleted.
                                                                                       NOTE: 
                                                                                      When a subdirectory is deleted, only the absolute path of the subdirectory configured in the PVC will be deleted. The upper-layer directory will not be deleted.
                                                                                      
+
                                                                                      
+
                                                                                    
+
                                                                                    OBS
                                                                                    
                                                                                     		
 
                                                                                    csi.storage.k8s.io/csi-driver-name
                                                                                    
 
                                                                                    Driver type. If OBS is used, the parameter value is fixed at obs.csi.everest.io.
                                                                                    
                                                                                     		
 
                                                                                    csi.storage.k8s.io/fstype
                                                                                    
+
                                                                                    OBS
                                                                                    
 
                                                                                    Yes
                                                                                    
+
                                                                                    csi.storage.k8s.io/fstype
                                                                                    
 
                                                                                    Instance type, which can be obsfs or s3fs.
                                                                                    
+
                                                                                    Yes
                                                                                    
+
                                                                                    Instance type, which can be obsfs or s3fs.
                                                                                    
 
                                                                                    • obsfs: a parallel file system
                                                                                    • s3fs: object bucket
                                                                                    
                                                                                     		
 
                                                                                    everest.io/obs-volume-type
                                                                                    
+
                                                                                    OBS
                                                                                    
 
                                                                                    Yes
                                                                                    
+
                                                                                    everest.io/obs-volume-type
                                                                                    
 
                                                                                    OBS StorageClass.
                                                                                    
-
                                                                                    • If fsType is set to s3fs, STANDARD (standard bucket) and WARM (infrequent access bucket) are supported.
                                                                                    • This parameter is invalid when fsType is set to obsfs.
                                                                                    
+
                                                                                    Yes
                                                                                    
+
                                                                                    OBS StorageClass.
                                                                                    
+
                                                                                    • If fsType is set to s3fs, standard buckets (STANDARD) and infrequent access buckets (WARM) are supported.
                                                                                    • This parameter is invalid when fsType is set to obsfs.
                                                                                    
+
                                                                                    Local PV
                                                                                    
+
                                                                                    csi.storage.k8s.io/csi-driver-name
                                                                                    
+
                                                                                    Yes
                                                                                    
+
                                                                                    Driver type. If a local PV is used, the parameter value is fixed at local.csi.everest.io.
                                                                                    
+
                                                                                    Local PV
                                                                                    
+
                                                                                    csi.storage.k8s.io/fstype
                                                                                    
+
                                                                                    Yes
                                                                                    
+
                                                                                    File system type. The value can only be ext4.
                                                                                    
+
                                                                                    Local PV
                                                                                    
+
                                                                                    volume-type
                                                                                    
+
                                                                                    Yes
                                                                                    
+
                                                                                    Volume type. The value can only be persistent.
                                                                                    
                                                                                     		
 
                                                                                    
 
                                                                                    When a user migrates services from an on-premises Kubernetes cluster or other Kubernetes services to CCE, the StorageClass used in the original application YAML file is different from that used in CCE. As a result, a large number of YAML files or Helm chart packages need to be modified when the storage is used, which is complex and error-prone.
                                                                                    
                                                                                     		
 
                                                                                    Create a StorageClass with the same name as that in the original application YAML file in the CCE cluster. After the migration, you do not need to modify the StorageClassName in the application YAML file.
                                                                                    
-
                                                                                    For example, the EVS disk StorageClass used before the migration is disk-standard. After migrating services to a CCE cluster, you can copy the YAML file of the csi-disk StorageClass in the CCE cluster, change its name to disk-standard, and create another StorageClass.
                                                                                    
+
                                                                                    For example, the StorageClass of the EVS disk used before the migration is disk-standard. After migrating services to a CCE cluster, you can copy the YAML file of the csi-disk StorageClass in the CCE cluster, change its name to disk-standard, and create another StorageClass.
                                                                                    
                                                                                     		
 
                                                                                    
 
                                                                                    StorageClassName must be specified in the YAML file to use the storage. If not, the storage cannot be created.
                                                                                    
@@ -323,7 +390,7 @@ spec:
 
 
 
                                                                                    Scenario 1: Specifying the Disk Type in a StorageClass
                                                                                    This section uses the custom StorageClass of EVS disks as an example to describe how to define SAS EVS disk and SSD EVS disk as a StorageClass, respectively. For example, if you define a StorageClass named csi-disk-sas, which is used to create SAS storage, the differences are shown in the following figure. When editing a PVC's YAML file, you only need to specify StorageClassName.
                                                                                    
-
                                                                                    
+
                                                                                    
 
                                                                                    • You can customize a high I/O StorageClass in a YAML file. For example, the name csi-disk-sas indicates that the disk type is SAS (high I/O).
                                                                                      apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
diff --git a/docs/cce/umn/cce_10_0381.html b/docs/cce/umn/cce_10_0381.html
index 452726cbe..9a104dec7 100644
--- a/docs/cce/umn/cce_10_0381.html
+++ b/docs/cce/umn/cce_10_0381.html
@@ -30,7 +30,8 @@ spec:
 
                                                                                    
 
                                                                                    Using a Snapshot to Create a PVC
                                                                                    The disk type, encryption setting, and disk mode of the created EVS PVC are consistent with those of the snapshot's source EVS disk.
                                                                                    
 
                                                                                    Using the CCE console
                                                                                    
-
                                                                                    1. Log in to the CCE console.
                                                                                    2. Click the cluster name to go to the cluster console. Choose Storage in the navigation pane. In the right pane, click the Snapshots and Backups tab.
                                                                                    3. Locate the snapshot that you want to use for creating a PVC, click Create PVC, and configure PVC parameters in the displayed dialog box.
                                                                                      • PVC Name: Enter a PVC name.
                                                                                      • Resource Tag: Resource tags can be added to classify resources, which is supported only when the Everest version in the cluster is 2.1.39 or later.
                                                                                        You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                                        
+
                                                                                        1. Log in to the CCE console.
                                                                                        2. Click the cluster name to go to the cluster console. Choose Storage in the navigation pane. In the right pane, click the Snapshots and Backups tab.
                                                                                        3. Locate the snapshot that you want to use for creating a PVC, click Create PVC, and configure PVC parameters in the displayed dialog box.
                                                                                          • PVC Name: Enter a PVC name.
                                                                                          • Storage Volume Name Prefix: specifies the prefix for the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". This parameter is optional. If left blank, the default prefix pvc will be used. For example, if the storage volume name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                            This parameter is available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                            
+
                                                                                          • Resource Tag: You can add resource tags to classify resources, which is supported only when the Everest version in the cluster is 2.1.39 or later.
                                                                                            You can create predefined tags on the TMS console. These tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                                            
 
                                                                                            CCE automatically creates system tags CCE-Cluster-ID={Cluster ID}, CCE-Cluster-Name={Cluster name}, and CCE-Namespace={Namespace name}. These tags cannot be modified.
                                                                                            
 
                                                                                          
 
                                                                                        4. Click Create.
                                                                                        
@@ -42,7 +43,7 @@ metadata:
   namespace: default
   annotations:
     everest.io/disk-volume-type: SSD     # EVS disk type, which must be the same as that of the snapshot's source EVS disk.
-    everest.io/disk-volume-tags: '{"key1":"value1","key2":"value2"}' # (Optional) Custom resource tags
+    everest.io/disk-volume-tags: '{"key1":"value1","key2":"value2"}' # (Optional) Custom resource tags
     csi.storage.k8s.io/fstype: xfs    # (Optional) Configure this field when the snapshot file system is of the xfs type.
   labels:
     failure-domain.beta.kubernetes.io/region: <your_region>   # Replace the region with the one where the EVS disk is located.
diff --git a/docs/cce/umn/cce_10_0382.html b/docs/cce/umn/cce_10_0382.html
index c42951362..06c72f705 100644
--- a/docs/cce/umn/cce_10_0382.html
+++ b/docs/cce/umn/cce_10_0382.html
@@ -1,60 +1,76 @@
 
 
 
                                                                                        Configuring QoS for a Pod
                                                                                        
-
                                                                                        Scenario
                                                                                        Bandwidth preemption occurs between different containers deployed on the same node, which may cause service jitter. You can configure QoS rate limiting for inter-pod access to prevent this problem.
                                                                                        
+
                                                                                        Scenario
                                                                                        Bandwidth preemption occurs between different containers deployed on the same node, which may cause service jitter. You can configure bandwidth limitation for the pod to solve this problem.
                                                                                        
 
                                                                                        
-
                                                                                        Notes and Constraints
                                                                                        The following shows constraints on setting the rate limiting for inter-pod access:
-
                                                                                        Constraint
                                                                                        
+
                                                                                        Specifications
                                                                                        The following table lists the bandwidth limitation specifications of pods.
+
                                                                                        
-
-
-
+
-
-
-
-
+
-
-
+
+
+
-
-
+
+
+
-
-
+
+
+
-
-
-
-
-
-
-
                                                                                        Specifications
                                                                                        
 
                                                                                        Tunnel Network
                                                                                        
+
                                                                                        Tunnel
                                                                                        
 
                                                                                        VPC Network
                                                                                        
+
                                                                                        VPC
                                                                                        
 
                                                                                        Cloud Native 2.0 Network
                                                                                        
+
                                                                                        Cloud Native Network 2.0
                                                                                        
+
                                                                                        Cloud Native Network 2.0 + DataPlane V2
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        Supported versions
                                                                                        
+
                                                                                        Supported cluster versions
                                                                                        
 
                                                                                        All versions
                                                                                        
+
                                                                                        All versions
                                                                                        
 
                                                                                        Clusters of v1.19.10 and later
                                                                                        
+
                                                                                        Clusters of v1.19.10 and later
                                                                                        
 
                                                                                        Clusters of v1.19.10 and later
                                                                                        
+
                                                                                        Clusters of v1.19.10 and later
                                                                                        
+
                                                                                        v1.27.16-r10, v1.28.15-r0, v1.29.10-r0, v1.30.6-r0, or later
                                                                                        
                                                                                         		
 
                                                                                        Supported runtime types
                                                                                        
+
                                                                                        Egress bandwidth limitation
                                                                                        
 
                                                                                        Only regular containers (runC as the container runtime) are supported. Secure containers (Kata Containers as the container runtime) are not supported.
                                                                                        
+
                                                                                        Supported
                                                                                        
+
                                                                                        Supported
                                                                                        
+
                                                                                        Supported
                                                                                        
+
                                                                                        Supported
                                                                                        
                                                                                         		
 
                                                                                        Supported pod types
                                                                                        
+
                                                                                        Ingress bandwidth limitation
                                                                                        
 
                                                                                        Only non-HostNetwork pods
                                                                                        
+
                                                                                        Supported
                                                                                        
+
                                                                                        Supported
                                                                                        
+
                                                                                        Supported
                                                                                        
+
                                                                                        Not supported
                                                                                        
                                                                                         		
 
                                                                                        Supported scenarios
                                                                                        
+
                                                                                        Scenarios where bandwidth limitation is not supported
                                                                                        
 
                                                                                        Inter-pod access, pods accessing nodes, and pods accessing services
                                                                                        
+
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
+
                                                                                        • Pod access to cloud service CIDR blocks such as 100.125.0.0/16
                                                                                        • Pod health check
                                                                                        
+
                                                                                        • Pod access to cloud service CIDR blocks such as 100.125.0.0/16
                                                                                        • Pod health check
                                                                                        
                                                                                         		
 
                                                                                        Constraints
                                                                                        
+
                                                                                        Bandwidth limitation range
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        Only the rate limit in the unit of Mbit/s or Gbit/s is supported, for example, 100 Mbit/s and 1 Gbit/s. The minimum value is 1 Mbit/s and the maximum value is 4.29 Gbit/s.
                                                                                        
 
                                                                                        None
                                                                                        
-
                                                                                        • Pods access external cloud service CIDR blocks 100.64.0.0/10 and 214.0.0.0/8.
                                                                                        • Traffic rate limiting of health check
                                                                                        
-
                                                                                        Value range of rate limit
                                                                                        
-
                                                                                        Only the rate limit in the unit of Mbit/s or Gbit/s is supported, for example, 100 Mbit/s and 1 Gbit/s. The minimum value is 1 Mbit/s and the maximum value is 4.29 Gbit/s.
                                                                                        
+
                                                                                        The minimum value is 1 Kbit/s, and the maximum value is 1 Pbit/s.
                                                                                        
                                                                                         		
 
                                                                                        
                                                                                         
 
                                                                                        
 
                                                                                        
+
                                                                                        • CCE DataPlane V2 is released with restrictions. To use this feature, submit a service ticket to CCE.
                                                                                        • After DataPlane V2 network acceleration is enabled, pods on HCE OS 2.0 use Earliest Departure Time (EDT) to limit the egress bandwidth. The ingress bandwidth limitation is not supported. In other network modes, a Token Bucket Filter (TBF) qdisc is used to limit the bandwidth.
                                                                                        • Pod bandwidth limitation applies to regular containers (runC as the container runtime), not secure containers (Kata Containers as the container runtime).
                                                                                        • Pod bandwidth limitation does not apply to hostNetwork pods.
                                                                                        
 
                                                                                        
 
                                                                                        
 
                                                                                        Using the CCE Console
                                                                                        When creating a workload on the console, you can set pod ingress and egress bandwidth limits by clicking Network Configuration in the Advanced Settings area.
                                                                                        
diff --git a/docs/cce/umn/cce_10_0384.html b/docs/cce/umn/cce_10_0384.html
index 037e1c873..ff32ba7c6 100644
--- a/docs/cce/umn/cce_10_0384.html
+++ b/docs/cce/umn/cce_10_0384.html
@@ -4,7 +4,7 @@
 
                                                                                        Many services see surges in traffic. To ensure performance and stability, resources are often requested at the maximum needed. However, the surges may ebb very shortly and resources, if not released, are wasted in non-peak hours. Especially for online jobs that request a large quantity of resources to ensure SLA, resource utilization can be as low as it gets.
                                                                                        
 
                                                                                        Resource oversubscription is the process of making use of idle requested resources. Oversubscribed resources are suitable for deploying offline jobs, which focus on throughput but have low SLA requirements and can tolerate certain failures.
                                                                                        
 
                                                                                        Hybrid deployment of online and offline jobs in a cluster can better utilize cluster resources.
                                                                                        
-
                                                                                        Figure 1 Resource oversubscription
                                                                                        
+
                                                                                        Figure 1 Resource oversubscription
                                                                                        
 
                                                                                        Features
                                                                                         
                                                                                        After dynamic resource oversubscription and elastic scaling are enabled in a node pool, oversubscribed resources change rapidly because the resource usage of high-priority applications changes in real time. To prevent frequent node scale-ins and scale-outs, do not consider oversubscribed resources when evaluating node scale-ins.
                                                                                        
 
                                                                                        
 
                                                                                        Hybrid deployment is supported, and CPU and memory resources can be oversubscribed. The key features are as follows:
                                                                                        
@@ -72,7 +72,7 @@
 
 
                                                                                        
 
                                                                                        Compatible kubelet Oversubscription
                                                                                         
                                                                                        Specifications
                                                                                        • Cluster version
                                                                                          • v1.19: v1.19.16-r4 or later
                                                                                          • v1.21: v1.21.7-r0 or later
                                                                                          • v1.23: v1.23.5-r0 or later
                                                                                          • v1.25 or later
                                                                                          
-
                                                                                        • Cluster type: CCE standard or CCE Turbo
                                                                                        • Node OS: EulerOS 2.9 (kernel-4.18.0-147.5.1.6.h729.6.eulerosv2r9.x86_64) or HCE OS 2.0
                                                                                        • Node type: ECS
                                                                                        • Volcano version: 1.7.0 or later
                                                                                        
+
                                                                                      • Cluster type: CCE standard or Turbo
                                                                                      • Node OS: EulerOS 2.9 (kernel-4.18.0-147.5.1.6.h729.6.eulerosv2r9.x86_64) or HCE OS 2.0
                                                                                      • Node type: ECS
                                                                                      • Volcano version: 1.7.0 or later
                                                                                        • 
 
                                                                                        
 
                                                                                        Constraints
                                                                                        • Before enabling oversubscription, ensure that the overcommit add-on is not enabled on Volcano.
                                                                                        • Modifying the label of an oversubscribed node does not affect the running pods.
                                                                                        • Running pods cannot be converted between online and offline services. To convert services, rebuild pods.
                                                                                        • If the label volcano.sh/oversubscription=true is configured for a node in the cluster, the oversubscription configuration must be added to the Volcano add-on. Otherwise, the scheduling of oversold nodes will be abnormal. Ensure that you have correctly configure labels because the scheduler does not check the add-on and node configurations. For details, see Table 1.
                                                                                        • To disable oversubscription, perform the following operations:
                                                                                          • Remove the volcano.sh/oversubscription label from the oversubscribed node.
                                                                                          • Set over-subscription-resource to false.
                                                                                          • Modify the configmap of Volcano Scheduler named volcano-scheduler-configmap and remove the oversubscription add-on.
                                                                                          
 
                                                                                        • If you have set cpu-manager-policy to statically bind CPU cores on a node, do not assign the QoS class of Guaranteed to offline pods. This is because offline pods may occupy the CPUs of online pods, leading to an online pod startup failure and offline pods failing to start even though they have been successfully scheduled. To prevent this, switch the pods to online pods if CPU core binding is required.
                                                                                        • If cpu-manager-policy is set to static CPU core binding on a node, do not bind CPU cores to all online pods. This is because doing so can cause online pods to occupy all available CPU or memory resources, leaving only a small number of oversubscribed resources.
                                                                                        
@@ -187,7 +187,7 @@ Annotations:      ...
 
                                                                                        volcano.sh/evicting-memory-low-watermark
                                                                                        
                                                                                         		
 
                                                                                        Lower limit for memory usage. When the memory usage of a node is higher than the upper limit, offline jobs will be evicted. The node accepts the offline jobs again only when the memory usage of the node is lower than the lower limit.
                                                                                        
-
                                                                                        The default value is 30, indicating that offline jobs are accepted again when the memory usage of a node is less than 30%.
                                                                                        
+
                                                                                        The default value is 30, indicating that offline jobs are accepted again when the memory usage of a node is lower than 30%.
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        volcano.sh/oversubscription-types
                                                                                        
@@ -219,7 +219,7 @@ preemptionPolicy: PreemptLowerPriority
 value: -90000
  
 EOF
-
                                                                                      • Deploy online and offline jobs and configure priorityClasses for these jobs.
                                                                                        The volcano.sh/qos-level annotation needs to be added to distinguish offline jobs. The value is an integer ranging from -7 to 7. If the value is less than 0, the job is an offline job. If the value is greater than or equal to 0, the job is an online job. You do not need to set this annotation for online jobs. For both online and offline jobs, set schedulerName to volcano to enable Volcano.
                                                                                        
+
                                                                                      • Deploy online and offline jobs and configure PriorityClasses for these jobs.
                                                                                        The volcano.sh/qos-level annotation needs to be added to distinguish offline jobs. The value is an integer ranging from -7 to 7. If the value is less than 0, the job is an offline job. If the value is greater than or equal to 0, the job is an online job. You do not need to set this annotation for online jobs. For both online and offline jobs, set schedulerName to volcano to enable Volcano.
                                                                                        
 
                                                                                         
                                                                                        The priorities between online jobs and between offline jobs are not differentiated, and the value validity is not verified. If the value of volcano.sh/qos-level of an offline job is not a negative integer ranging from -7 to 0, the job is processed as an online job.
                                                                                        
 
                                                                                        
 
                                                                                        For an offline job:
                                                                                        
diff --git a/docs/cce/umn/cce_10_0385.html b/docs/cce/umn/cce_10_0385.html
index 16be739d1..0ef815f0e 100644
--- a/docs/cce/umn/cce_10_0385.html
+++ b/docs/cce/umn/cce_10_0385.html
@@ -2,7 +2,7 @@
 
 
                                                                                        Configuring LoadBalancer Services Using Annotations
                                                                                        
 
                                                                                        You can add annotations to a YAML file to use some CCE advanced functions. This section describes the available annotations when a LoadBalancer service is created.
                                                                                        
-
+
 
                                                                                        Interconnection with ELB
                                                                                        
 
                                                                                        
@@ -21,6 +21,7 @@
 
@@ -29,7 +30,7 @@
 
-
-
@@ -206,7 +207,7 @@ metadata:
     kubernetes.io/elb.id: <your_elb_id>                         # Load balancer ID. Replace it with the actual value.
     kubernetes.io/elb.class: union                   # Load balancer type
     kubernetes.io/elb.session-affinity-mode: SOURCE_IP          # The sticky session type is source IP address.
-    kubernetes.io/elb.session-affinity-option: '{"persistence_timeout": "30"}'     # Stickiness duration (min)
+    kubernetes.io/elb.session-affinity-option: '{"persistence_timeout": "30"}'     # Stickiness duration, which is measured in minutes
 spec:
   selector: 
      app: nginx
@@ -234,8 +235,8 @@ spec:
 
@@ -289,7 +290,7 @@ spec:
     protocol: TCP 
     targetPort: 80
   type: LoadBalancer
-
                                                                                      • For details about how to use kubernetes.io/elb.health-check-options, see Configuring Health Check on Multiple Ports of a LoadBalancer Service.
                                                                                        • 
+
                                                                                      • For details about how to use kubernetes.io/elb.health-check-options, see Configuring Health Check on Multiple LoadBalancer Service Ports.
                                                                                        • HTTP or HTTPS
                                                                                        
 
                                                                                        Table 1 Annotations for interconnecting with ELB
                                                                                        Parameter
                                                                                        
 
                                                                                        Select a proper load balancer type.
                                                                                        
 
                                                                                        Options:
                                                                                        
 
                                                                                        • union: shared load balancer
                                                                                        • performance: dedicated load balancer, which can be used only in clusters of v1.17 and later.
                                                                                        
+
                                                                                        The default value is union.
                                                                                        
                                                                                         		
 
                                                                                        v1.9 or later
                                                                                        
                                                                                         		
 
                                                                                        String
                                                                                        
 
                                                                                        Mandatory when an existing load balancer is to be associated.
                                                                                        
+
                                                                                        Mandatory when an existing load balancer is associated.
                                                                                        
 
                                                                                        ID of a load balancer.
                                                                                        
 
                                                                                        How to obtain:
                                                                                        
 
                                                                                        On the management console, click Service List, and choose Networking > Elastic Load Balance. Click the name of the target load balancer. On the Summary tab page, find and copy the ID.
                                                                                        
@@ -46,8 +47,10 @@
                                                                                         		
 
                                                                                        Mandatory when load balancers are automatically created.
                                                                                        
 
                                                                                        Example
                                                                                        
-
                                                                                        • Automatically created shared load balancer with an EIP bound:
                                                                                          '{"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"traffic","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
                                                                                          
-
                                                                                        • Automatically created shared load balancer with no EIP bound:
                                                                                          {"type":"inner","name":"A-location-d-test"}
                                                                                          
+
                                                                                          • Automatically created dedicated load balancer with an EIP bound:
                                                                                            '{"type":"public","bandwidth_name":"cce-bandwidth-1741230802502","bandwidth_chargemode":"traffic","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","available_zone":["*****"],"elb_virsubnet_ids":["*****"],"l7_flavor_name":"","l4_flavor_name":"L4_flavor.elb.pro.max","vip_subnet_cidr_id":"*****"}'
                                                                                            
+
                                                                                          • Automatically created dedicated load balancer with no EIP bound:
                                                                                            '{"type":"inner","available_zone":["*****"],"elb_virsubnet_ids":["*****"],"l7_flavor_name":"","l4_flavor_name":"L4_flavor.elb.pro.max","vip_subnet_cidr_id":"*****"}'
                                                                                            
+
                                                                                          • Automatically created shared load balancer with an EIP bound:
                                                                                            '{"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"traffic,"bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
                                                                                            
+
                                                                                          • Automatically created shared load balancer with no EIP bound:
                                                                                            {"type":"inner","name":"A-location-d-test"}
                                                                                            
 
                                                                                          
 
                                                                                        		
 
                                                                                        v1.9 or later
                                                                                        
@@ -59,10 +62,10 @@
                                                                                         		
 
                                                                                        Optional when load balancers are automatically created.
                                                                                        
 
                                                                                        ID of the subnet where the cluster is located. The value can contain 1 to 100 characters.
                                                                                        
-
                                                                                        • Mandatory when a cluster of v1.11.7-r0 or earlier is to be automatically created.
                                                                                        • Optional for clusters later than v1.11.7-r0.
                                                                                        
+
                                                                                        • Mandatory when a cluster of v1.11.7-r0 or earlier is to be automatically created.
                                                                                        • Optional for clusters of a version later than v1.11.7-r0.
                                                                                        
 
                                                                                        Mandatory for clusters earlier than v1.11.7-r0
                                                                                        
-
                                                                                        Discarded in clusters later than v1.11.7-r0
                                                                                        
+
                                                                                        Mandatory for clusters of a version earlier than v1.11.7-r0
                                                                                        
+
                                                                                        Discarded in clusters of a version later than v1.11.7-r0
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        kubernetes.io/elb.lb-algorithm
                                                                                        
@@ -112,7 +115,6 @@ metadata:
       "bandwidth_sharetype": "PER",
       "eip_type": "5_bgp"
     }'
-
     kubernetes.io/elb.lb-algorithm: ROUND_ROBIN     # Load balancer algorithm
   labels: 
     app: nginx 
@@ -148,7 +150,6 @@ metadata:
       ],
       "l4_flavor_name": "L4_flavor.elb.s1.small"
     }'
-
     kubernetes.io/elb.lb-algorithm: ROUND_ROBIN     # Load balancer algorithm
 spec:
   selector:
@@ -179,7 +180,7 @@ spec:
 
                                                                                        String
                                                                                        
                                                                                         		
 
                                                                                        Source IP address-based sticky session means that access requests from the same IP address are forwarded to the same backend server.
                                                                                        
-
                                                                                        • Disabling sticky session: Do not configure this parameter.
                                                                                        • Enabling sticky session: Set this parameter to SOURCE_IP, indicating that the sticky session is based on the source IP address.
                                                                                        
+
                                                                                        • To disable sticky sessions, leave this parameter unconfigured.
                                                                                        • To enable sticky session, add this parameter and set it to SOURCE_IP, indicating that the sticky session is based on the source IP address.
                                                                                        
 
                                                                                         NOTE: 
                                                                                        When kubernetes.io/elb.lb-algorithm is set to SOURCE_IP (source IP hash), sticky session cannot be enabled.
                                                                                        
 
                                                                                        
 
                                                                                        String
                                                                                        
                                                                                         		
 
                                                                                        Whether to enable the ELB health check.
                                                                                        
-
                                                                                        • Enabling health check: Leave blank this parameter or set it to on.
                                                                                        • Disabling health check: Set this parameter to off.
                                                                                        
-
                                                                                        If this parameter is enabled, the kubernetes.io/elb.health-check-option field must also be specified at the same time.
                                                                                        
+
                                                                                        • Enabling health check: Leave this parameter blank or set it to on.
                                                                                        • Disabling health check: Set this parameter to off.
                                                                                        
+
                                                                                        If this parameter is enabled, the kubernetes.io/elb.health-check-option field must also be specified.
                                                                                        
                                                                                         		
 
                                                                                        v1.9 or later
                                                                                        
                                                                                         		
 
 
                                                                                        Table 4 Annotations for using HTTP or HTTPS
                                                                                        Parameter
                                                                                        
@@ -326,7 +327,7 @@ spec:
 
 
                                                                                        
 
                                                                                        
-
                                                                                        For details, see Configuring HTTP/HTTPS for a LoadBalancer Service.
                                                                                        
+
                                                                                        For details about application scenarios and use cases, see Configuring HTTP/HTTPS for a LoadBalancer Service.
                                                                                        
 
                                                                                        
 
                                                                                        SNI
                                                                                        
 
                                                                                        Table 5 Annotations for using SNIs
                                                                                        Parameter
                                                                                        
@@ -422,7 +423,7 @@ spec:
 
 
                                                                                        
 
                                                                                        
-
                                                                                        For details, see Configuring Passthrough Networking for a LoadBalancer Service.
                                                                                        
+
                                                                                        For details about application scenarios and use cases, see Configuring Passthrough Networking for a LoadBalancer Service.
                                                                                        
 
                                                                                        
 
                                                                                        Blocklist/Trustlist
                                                                                        
 
                                                                                        
-
@@ -451,7 +454,7 @@ spec:
 
@@ -489,6 +492,7 @@ spec:
     targetPort: 80
   type: LoadBalancer
+
                                                                                        For details about application scenarios and use cases, see Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Service.
                                                                                        Host Network
                                                                                        
 
                                                                                        Table 8 Annotations for ELB access control
                                                                                        Parameter
                                                                                        
@@ -439,7 +440,9 @@ spec:
 
 
                                                                                        String
                                                                                        
 
                                                                                        • If this parameter is not specified, CCE does not modify access control on the ELB.
                                                                                        • If this parameter is left empty, all IP addresses are allowed to access the load balancer.
                                                                                        • If this parameter is set to the IP address group ID of the load balancer, access control is enabled and you need to configure an IP address blocklist or trustlist for the load balancer. Additionally, you need to configure both kubernetes.io/elb.acl-status and kubernetes.io/elb.acl-type.
                                                                                          How to obtain:
                                                                                          
+
                                                                                        • If this parameter is not specified, CCE does not modify access control on the ELB.
                                                                                        • If this parameter is left empty, all IP addresses are allowed to access the load balancer.
                                                                                        • If this parameter is set to the IP address group ID of the load balancer, access control is enabled and you need to configure an IP address blocklist or trustlist for the load balancer. Additionally, you need to configure both kubernetes.io/elb.acl-status and kubernetes.io/elb.acl-type.
                                                                                           NOTE: 
                                                                                          For clusters of v1.25.16-r10, v1.27.16-r10, v1.28.15-r0, v1.29.10-r0, v1.30.6-r0, v1.31.1-r0, or later, when using a dedicated load balancer, you can select a maximum of five IP address groups at a time, separated by commas (,).
                                                                                          
+
                                                                                          
+
                                                                                          How to obtain:
                                                                                          
 
                                                                                          Log in to the console. In the Service List, choose Networking > Elastic Load Balance. On the Network Console, choose Elastic Load Balance > IP Address Groups and copy the ID of the target IP address group. 
                                                                                          
 
                                                                                        
 
                                                                                        String
                                                                                        
                                                                                         		
 
                                                                                        This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                        
-
                                                                                        • on: Access control is enabled.
                                                                                        • off: Access control is disabled.
                                                                                        
+
                                                                                        • on or true: Access control is enabled.
                                                                                        • off or false: Access control is disabled.
                                                                                        
                                                                                         		
 
                                                                                        v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                        
                                                                                         		
 
 
 
                                                                                        
@@ -551,7 +555,7 @@ spec:
 
                                                                                        Table 9 Annotations for host network
                                                                                        Parameter
                                                                                        
@@ -507,7 +511,7 @@ spec:
 
 
                                                                                        If the pod uses hostNetwork, the ELB forwards the request to the host network after this annotation is used.
                                                                                        
 
                                                                                        Options:
                                                                                        
-
                                                                                        • true: enabled
                                                                                        • false (default): disabled
                                                                                        
+
                                                                                        • true: enabled
                                                                                        • false (default): disabled
                                                                                        
                                                                                         		
 
                                                                                        v1.9 or later
                                                                                        
                                                                                         		
 
                                                                                        Timeout for client connections. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                        
 
                                                                                        Value:
                                                                                        
-
                                                                                        • For TCP listeners, the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                        • For HTTP, HTTPS, and TERMINATED_HTTPS listeners, the value ranges from 0 to 4000 (in seconds). The default value is 60.
                                                                                        • For UDP listeners, this parameter does not take effect. 
                                                                                        
+
                                                                                        • For TCP listeners, the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                        • For HTTP, HTTPS, and TERMINATED_HTTPS listeners, the value ranges from 0 to 4000 (in seconds). The default value is 60.
                                                                                        • For UDP listeners (supported only by dedicated load balancers), the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                        
                                                                                         		
 
                                                                                        Dedicated load balancers: v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later
                                                                                        
 
                                                                                        Shared load balancers: v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later
                                                                                        
@@ -581,7 +585,7 @@ spec:
 
 
                                                                                        
 
                                                                                        
-
                                                                                        For details, see Configuring Timeout for a LoadBalancer Service.
                                                                                        
+
                                                                                        For details about application scenarios and use cases, see Configuring Timeout for a LoadBalancer Service.
                                                                                        
 
                                                                                        
 
                                                                                        Resource Tags
                                                                                        
 
                                                                                        Table 11 Annotations
                                                                                        Parameter
                                                                                        
@@ -607,10 +611,10 @@ spec:
 
 
                                                                                        
 
                                                                                        
-
                                                                                        For details, see Using kubectl to Create a Service (Automatically Creating a Load Balancer).
                                                                                        
+
                                                                                        For details about application scenarios and use cases, see Using kubectl to Create a Service (Automatically Creating a Load Balancer).
                                                                                        
 
                                                                                        
 
                                                                                        HTTP/2
                                                                                        
-
                                                                                        Table 12 Annotations of using HTTP/2
                                                                                        Parameter
                                                                                        
+
                                                                                        
@@ -635,7 +639,7 @@ spec:
 
                                                                                        Table 12 Annotations for using HTTP/2
                                                                                        Parameter
                                                                                        
                                                                                         		
 
                                                                                        Type
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        
-
                                                                                        For details, see Configuring HTTP/2 for a LoadBalancer Service.
                                                                                        
+
                                                                                        For details about application scenarios and use cases, see Configuring HTTP/2 for a LoadBalancer Service.
                                                                                        
 
 
                                                                                        Obtaining Client IP Addresses
                                                                                        
 
                                                                                        Table 13 Annotations for obtaining client IP addresses
                                                                                        Parameter
                                                                                        
@@ -661,10 +665,10 @@ spec:
 
 
                                                                                        
 
                                                                                        
-
                                                                                        For details, see Enabling a LoadBalancer Service to Obtain the Client IP Address.
                                                                                        
+
                                                                                        For details about application scenarios and use cases, see Enabling a LoadBalancer Service to Obtain the Client IP Address.
                                                                                        
 
                                                                                        
-
                                                                                        Configuring a Custom EIP
                                                                                        
-
                                                                                        Table 14 Annotations of custom EIP configurations
                                                                                        Parameter
                                                                                        
+
                                                                                        Changing a Custom EIP
                                                                                        
+
                                                                                        
@@ -681,13 +685,13 @@ spec:
 
-
                                                                                        Table 14 Annotations for changing a custom EIP
                                                                                        Parameter
                                                                                        
                                                                                         		
 
                                                                                        Type
                                                                                        
 
                                                                                        ID of the custom EIP, which can be seen on the EIP console
                                                                                        
 
                                                                                        The EIP must be bindable.
                                                                                        
 
                                                                                        v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, v1.30.1-r0, and later versions
                                                                                        
+
                                                                                        v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, v1.30.1-r0, or later
                                                                                        
                                                                                         		
 
                                                                                        
 
 
                                                                                        
 
                                                                                        
-
                                                                                        For details, see Configuring a Custom EIP for a LoadBalancer Service.
                                                                                        
+
                                                                                        For details about application scenarios and use cases, see Changing a Custom EIP for a LoadBalancer Service.
                                                                                        
 
                                                                                        
 
                                                                                        Parameters for Automatically Creating a Load Balancer
                                                                                        
 
                                                                                        
-
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -905,7 +915,7 @@ spec:
 
                                                                                        Table 15 elb.autocreate data structure
                                                                                        Parameter
                                                                                        
@@ -740,7 +744,7 @@ spec:
 
 
                                                                                        Bandwidth mode.
                                                                                        
 
                                                                                        • traffic: billed by traffic
                                                                                        
-
                                                                                        Default: traffic
                                                                                        
+
                                                                                        Default: traffic
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        bandwidth_size
                                                                                        
@@ -781,9 +785,39 @@ spec:
                                                                                         		
 
                                                                                        String
                                                                                        
 
                                                                                        Subnet where a load balancer is located. The subnet must belong to the VPC where the cluster resides.
                                                                                        
-
                                                                                        If this parameter is not specified, the ELB load balancer and the cluster are in the same subnet.
                                                                                        
+
                                                                                        The ID of the IPv4 subnet where the load balancer resides. This subnet is used to allocate IP addresses for the load balancer to provide external services. The IPv4 subnet must belong to the cluster's VPC.
                                                                                        
+
                                                                                        If this parameter is not specified, the load balancer and the cluster will be in the same subnet by default.
                                                                                        
 
                                                                                        This field can be specified only for clusters of v1.21 or later.
                                                                                        
+
                                                                                        How to Obtain
                                                                                        
+
                                                                                        Log in to the VPC console. In the navigation pane, choose Subnets. Filter the target subnet by the cluster's VPC name, click the subnet name, and copy the IPv4 Subnet ID on the Summary tab page.
                                                                                        
+
                                                                                        ipv6_vip_virsubnet_id
                                                                                        
+
                                                                                        No
                                                                                        
+
                                                                                        String
                                                                                        
+
                                                                                        The ID of the IPv6 subnet where the load balancer is deployed. IPv6 must be enabled for the subnet.
                                                                                        
+
                                                                                        This parameter is available only for dedicated load balancers.
                                                                                        
+
                                                                                        How to Obtain
                                                                                        
+
                                                                                        Log in to the VPC console. In the navigation pane, choose Subnets. Filter the target subnet by the cluster's VPC name, click the subnet name, and copy the Network ID on the Summary tab page.
                                                                                        
+
                                                                                        elb_virsubnet_ids
                                                                                        
+
                                                                                        No
                                                                                        
+
                                                                                        Array of strings
                                                                                        
+
                                                                                        The network ID of the subnet where the load balancer is located. This subnet is used to allocate IP addresses for accessing the backend server. If this parameter is not specified, the subnet specified by vip_subnet_cidr_id will be used by default. Load balancers occupy varying numbers of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters or nodes) as the load balancer's CIDR block.
                                                                                        
+
                                                                                        This parameter is available only for dedicated load balancers.
                                                                                        
+
                                                                                        Example:
                                                                                        
+
                                                                                        "elb_virsubnet_ids": [
+   "14567f27-8ae4-42b8-ae47-9f847a4690dd"
+ ]
                                                                                        
+
                                                                                        How to Obtain
                                                                                        
+
                                                                                        Log in to the VPC console. In the navigation pane, choose Subnets. Filter the target subnet by the cluster's VPC name, click the subnet name, and copy the Network ID on the Summary tab page.
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        vip_address
                                                                                        
@@ -810,48 +844,24 @@ spec:
 
                                                                                        
 
                                                                                        l4_flavor_name
                                                                                        
 
                                                                                        Yes
                                                                                        
+
                                                                                        No
                                                                                        
                                                                                         		
 
                                                                                        String
                                                                                        
 
                                                                                        Flavor name of the layer-4 load balancer.
                                                                                        
+
                                                                                        Flavor name of the layer-4 load balancer. This parameter is mandatory when TCP or UDP is used.
                                                                                        
 
                                                                                        You can obtain all supported types by getting the flavor list.
                                                                                        
 
                                                                                        This parameter is available only for dedicated load balancers.
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        l7_flavor_name
                                                                                        
 
                                                                                        No
                                                                                        
+
                                                                                        No
                                                                                        
                                                                                         		
 
                                                                                        String
                                                                                        
 
                                                                                        Flavor name of the layer-7 load balancer.
                                                                                        
+
                                                                                        Flavor name of the layer-7 load balancer. This parameter is mandatory when HTTP is used.
                                                                                        
 
                                                                                        You can obtain all supported types by getting the flavor list.
                                                                                        
-
                                                                                        This parameter is available only for dedicated load balancers. The value of this parameter must be the same as that of l4_flavor_name, that is, both are elastic specifications or fixed specifications.
                                                                                        
-
                                                                                        elb_virsubnet_ids
                                                                                        
-
                                                                                        No
                                                                                        
-
                                                                                        Array of strings
                                                                                        
-
                                                                                        Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                                        
-
                                                                                        This parameter is available only for dedicated load balancers.
                                                                                        
-
                                                                                        Example:
                                                                                        
-
                                                                                        "elb_virsubnet_ids": [
-   "14567f27-8ae4-42b8-ae47-9f847a4690dd"
- ]
                                                                                        
-
                                                                                        ipv6_vip_virsubnet_id
                                                                                        
-
                                                                                        No
                                                                                        
-
                                                                                        String
                                                                                        
-
                                                                                        ID of the IPv6 subnet where the load balancer resides. IPv6 must be enabled for the corresponding subnet. This parameter is mandatory only when the dual-stack clusters are used.
                                                                                        
-
                                                                                        This parameter is available only for dedicated load balancers.
                                                                                        
+
                                                                                        This parameter is available only for dedicated load balancers. Its value must match that of l4_flavor_name, meaning both must be either elastic specifications or fixed specifications.
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        String
                                                                                        
                                                                                         		
 
                                                                                        Health check protocol.
                                                                                        
-
                                                                                        Value options: TCP or HTTP
                                                                                        
+
                                                                                        Options: TCP, UDP, or HTTP
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        path
                                                                                        
@@ -923,84 +933,84 @@ spec:
 
                                                                                        
 
                                                                                        
 
-
                                                                                        Table 17 elb.health-check-options
                                                                                        Parameter
                                                                                        
+
                                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0386.html b/docs/cce/umn/cce_10_0386.html
index f915fc0ee..157ed459c 100644
--- a/docs/cce/umn/cce_10_0386.html
+++ b/docs/cce/umn/cce_10_0386.html
@@ -100,7 +100,7 @@ spec:
       ...
                                                                                        You can also add other labels to the pod for affinity and anti-affinity scheduling. In the following figure, three pod labels (release, env, and role) are defined for workload APP 1, APP 2, and APP 3. The values of these labels vary with workload.
                                                                                        • APP 1: [release:alpha;env:development;role:frontend]
                                                                                        • APP 2: [release:beta;env:testing;role:frontend]
                                                                                        • APP 3: [release:alpha;env:production;role:backend]
                                                                                        
-
                                                                                        Figure 1 Label example
                                                                                        
+
                                                                                        Figure 1 Label example
                                                                                        For example, if key/value is set to role/backend, APP 3 will be selected for affinity scheduling. For details, see Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity).
                                                                                        
diff --git a/docs/cce/umn/cce_10_0388.html b/docs/cce/umn/cce_10_0388.html
index 19879f56e..54023a28e 100644
--- a/docs/cce/umn/cce_10_0388.html
+++ b/docs/cce/umn/cce_10_0388.html
@@ -25,11 +25,12 @@ spec:
 
                                                                                        The data of default-secret is updated periodically, and the current data will expire after a certain period of time. You can run the describe command to view the expiration time in default-secret.
                                                                                         
                                                                                        Use default-secret directly instead of copying the secret content to create a new one. The credential in the copied secret will expire and the image cannot be pulled.
                                                                                        
 
                                                                                        
-
                                                                                        $ kubectl describe secret default-secret
-Name:         default-secret
+
                                                                                        kubectl describe secret default-secret
                                                                                        
+
                                                                                        Command output:
                                                                                        
+
                                                                                        Name:         default-secret
 Namespace:    default
 Labels:       secret-generated-by=cce
-Annotations:  temporary-ak-sk-expires-at: 2021-11-26 20:55:31.380909 +0000 UTC
+Annotations:  swr-auth-may-expires-at: 2021-11-26 20:55:31.380909 +0000 UTC
 
 Type:  kubernetes.io/dockerconfigjson
 
@@ -38,14 +39,18 @@ Data
 .dockerconfigjson:  347 bytes
                                                                                        
 
 
                                                                                        paas.elb
                                                                                        The paas.elb data stores a temporary AK/SK that is used when a node is created or a load balancer is automatically created. The paas.elb data is updated periodically and has a specific time limit before it expires.
                                                                                        
-
                                                                                        In practice, you will not directly use paas.elb. Do not delete it, as doing so will result in the failure of creating a node or load balancer. will fail.
                                                                                        
+
                                                                                        In practice, you will not directly use paas.elb. Do not delete it, as doing so will result in the failure of creating a node or load balancer.
                                                                                        
 
                                                                                        
 
                                                                                        default-token-xxxxx
                                                                                        By default, Kubernetes creates a service account named default for each namespace. default-token-xxxxx is the key of the service account, and xxxxx is a random number.
                                                                                        
-
                                                                                        $ kubectl get sa
-NAME     SECRETS   AGE
-default  1         30d
-$ kubectl describe sa default
-Name:                default
+
                                                                                         
                                                                                        In clusters v1.25 or later, a secret is not created automatically for each ServiceAccount. For details, see Service Account Token Security Improvement.
                                                                                        
+
                                                                                        
+
                                                                                        1. Check the service account in the cluster.
                                                                                          kubectl get sa
                                                                                          
+
                                                                                          Command output:
                                                                                          
+
                                                                                          NAME     SECRETS   AGE
+default  1         30d
                                                                                          
+
                                                                                        2. Run the following command to view the secret:
                                                                                          kubectl describe sa default
                                                                                          
+
                                                                                          Command output:
                                                                                          
+
                                                                                          Name:                default
 Namespace:           default
 Labels:              <none>
 Annotations:         <none>
@@ -53,6 +58,7 @@ Image pull secrets:  <none>
 Mountable secrets:   default-token-xxxxx
 Tokens:              default-token-xxxxx
 Events:              <none>
                                                                                          
+
                                                                                        
 
                                                                                        
 
 
                                                                                        
diff --git a/docs/cce/umn/cce_10_0390.html b/docs/cce/umn/cce_10_0390.html
index 0d9556d09..6e13077df 100644
--- a/docs/cce/umn/cce_10_0390.html
+++ b/docs/cce/umn/cce_10_0390.html
@@ -13,8 +13,8 @@
 
                                                                                      • Path: access path, for example, /healthz
                                                                                         
                                                                                        • The access path matching rule of Nginx Ingress is based on the path prefix separated by the slash (/) and is case-sensitive. If the subpath separated by a slash (/) matches the prefix, the access is normal. However, if the prefix is only a part of the character string in the subpath, the access is not matched. For example, if the URL is set to /healthz, /healthz/v1 is matched, but /healthzv1 is not matched.
                                                                                        • The access path added here must exist in the backend application. Otherwise, the forwarding fails.
                                                                                          For example, the default access URL of the Nginx application is /usr/share/nginx/html. When adding /test to the ingress forwarding policy, ensure the access URL of your Nginx application contains /usr/share/nginx/html/test. Otherwise, error 404 will be returned.
                                                                                          
 
                                                                                        
 
                                                                                        
-
                                                                                      • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                      • Destination Service Port: Select the access port of the destination Service.
                                                                                      • Operation: Click Delete to delete the configuration.
                                                                                        • 
-
                                                                                      • Annotation: The value is in the format of key:value. You can use annotations to query the configurations supported by nginx-ingress.
                                                                                        • 
+
                                                                                      • Destination Service: Select an existing Service. Only Services that meet the requirements are automatically displayed in the Service list. 
                                                                                      • Destination Service Port: Select the access port of the destination Service.
                                                                                      • Operation: Click Delete to delete the configuration.
                                                                                        • 
+
                                                                                      • Annotation: The value is in the format of key-value pairs. You can use annotations to obtain the configurations supported by Nginx ingresses.
                                                                                        • 
 
                                                                                      • Click OK.
                                                                                        After the ingress is created, it is displayed in the ingress list.
                                                                                        
 
                                                                                        • 
 
                                                                                        
diff --git a/docs/cce/umn/cce_10_0391.html b/docs/cce/umn/cce_10_0391.html
index 47d2f1e63..3c2a921f0 100644
--- a/docs/cce/umn/cce_10_0391.html
+++ b/docs/cce/umn/cce_10_0391.html
@@ -1,7 +1,8 @@
 
 
 
                                                                                        Local PVs
                                                                                        
-
                                                                                        
+
                                                                                        
+
                                                                                        
 
                                                                                        
 
                                                                                          
 
                                                                                        • Overview
                                                                                          
diff --git a/docs/cce/umn/cce_10_0399.html b/docs/cce/umn/cce_10_0399.html
index 1a1324eff..0bfd23a81 100644
--- a/docs/cce/umn/cce_10_0399.html
+++ b/docs/cce/umn/cce_10_0399.html
@@ -3,13 +3,13 @@
 
                                                                                          Configuring Intra-VPC Access
                                                                                          
 
                                                                                          This section describes how to access an intranet from a container (outside the cluster in a VPC), including intra-VPC access and cross-VPC access.
                                                                                          
 
                                                                                          Intra-VPC Access
                                                                                          The performance of accessing an intranet from a container varies depending on the container network models of a cluster.
                                                                                          
-
                                                                                          • Container tunnel network
                                                                                            The container tunnel network encapsulates network data packets through tunnels based on the node network. A container can access other resources in the same VPC as long as the node can access the resources. If the access fails, check whether the security group of the peer resource allows access from the node where the container is located.
                                                                                            
+
                                                                                            • Container tunnel network
                                                                                              The container tunnel network encapsulates network data packets through tunnels based on the node network. A container can access other resources in the same VPC as long as the node can access the resources. If the access fails, check whether the security group of peer resources allows the access from the node where the container is located.
                                                                                              
 
                                                                                            • Cloud Native Network 2.0
                                                                                              In the Cloud Native Network 2.0 model, a container is assigned an IP address from the CIDR block of a VPC. The container CIDR block is the subnet of the VPC where the node is located. The container can naturally communicate with other addresses in the VPC. If the access fails, check whether the security group of peer resources allows the access from the container CIDR block.
                                                                                              
 
                                                                                            • VPC network
                                                                                              The VPC network model uses VPC routes to forward container traffic. The container CIDR block and the node VPC are not in the same CIDR block. When a container accesses other resources in the same VPC, the security group of the peer resource must allow access of the container CIDR block.
                                                                                              
 
                                                                                              For example, the CIDR block where the cluster node resides is 192.168.10.0/24, and the container CIDR block is 172.16.0.0/16.
                                                                                              
 
                                                                                              There is an ECS whose IP address is 192.168.10.52 in the VPC (outside the cluster). The security group of the ECS allows access of only the CIDR block of the cluster node.
                                                                                              
 
                                                                                              
-
                                                                                              In this case, if you ping 192.168.10.52 from the container, the ping operation fails.
                                                                                              
+
                                                                                              In this case, 192.168.10.52 cannot be pinged from the container.
                                                                                              
 
                                                                                              kubectl exec test01-6cbbf97b78-krj6h  -it -- /bin/sh
 / # ping 192.168.10.25
 PING 192.168.10.25 (192.168.10.25): 56 data bytes
@@ -38,12 +38,12 @@ PING 192.168.10.25 (192.168.10.25): 56 data bytes
 
                                                                                              After this configuration, you can access the container CIDR block 10.0.0.0/16 in vpc-demo2. During the access, pay attention to the security group configuration and enable the port configuration.
                                                                                              
 
                                                                                            
 
                                                                                          
-
                                                                                          Accessing Other Cloud Services
                                                                                          Common services that communicate with CCE through an intranet include RDS, DCS, Kafka, RabbitMQ, and ModelArts.
                                                                                          
-
                                                                                          In addition to the network configurations described in Intra-VPC Access and Cross-VPC Access, you also need to check whether these cloud services allow external access. For example, the DCS Redis instance can be accessed only by the IP addresses in its whitelist. Generally, these cloud services can be accessed by IP addresses in the same VPC. However, the container CIDR block in the VPC network model is different from the CIDR block of the VPC. Therefore, you must add the container CIDR block to the whitelist.
                                                                                          
+
                                                                                          Accessing Other Cloud Services
                                                                                          Common services that communicate with CCE through an intranet include RDS, DCS, Kafka, and RabbitMQ.
                                                                                          
+
                                                                                          In addition to the network configurations described in Intra-VPC Access and Cross-VPC Access, you also need to check whether these cloud services allow external access. For example, the DCS Redis instance can be accessed only by the IP addresses in its trustlist. Generally, these cloud services can be accessed by IP addresses in the same VPC. However, the container CIDR block in the VPC network model is different from the CIDR block of the VPC. Therefore, you must add the container CIDR block to the trustlist.
                                                                                          
 
                                                                                          
 
                                                                                          What If a Container Fails to Access an Intranet?
                                                                                          If an intranet cannot be accessed from a container, perform the following operations:
                                                                                          
 
                                                                                          1. View the security group rule of the peer server to check whether the container is allowed to access the peer server.
                                                                                            • The container tunnel network model needs to allow the IP address of the node where the container is located.
                                                                                            • The VPC network model needs to allow the container CIDR block.
                                                                                            • The Cloud Native Network 2.0 model needs to allow the subnet where the container is located.
                                                                                            
-
                                                                                          2. Check whether a whitelist is configured for the peer server. For example, the DCS Redis instance can be accessed only by the IP addresses in its whitelist. Add the container and node CIDR blocks to the whitelist.
                                                                                          3. Check whether the container engine is installed on the peer server and whether it conflicts with the container CIDR block in CCE. If a network conflict occurs, the access fails.
                                                                                          
+
                                                                                        • Check whether a trustlist is configured for the peer server. For example, the DCS Redis instance can be accessed only by the IP addresses in its trustlist. Add the container and node CIDR blocks to the trustlist.
                                                                                        • Check whether the container engine is installed on the peer server and whether it conflicts with the container CIDR block in CCE. If a network conflict occurs, the access fails.
                                                                                          • 
 
                                                                                        
 
 
                                                                                        
diff --git a/docs/cce/umn/cce_10_0400.html b/docs/cce/umn/cce_10_0400.html
index a0cf43835..a17b0bfe3 100644
--- a/docs/cce/umn/cce_10_0400.html
+++ b/docs/cce/umn/cce_10_0400.html
@@ -4,18 +4,18 @@
 
                                                                                        Containers can access the Internet in either of the following ways:
                                                                                        
 
                                                                                        • Bind an EIP to the node where the container is located if the network model is VPC or tunnel.
                                                                                        • Bind an EIP to the pod. (This function applies only to Cloud Native 2.0 clusters. To do so, manually bind an EIP to the ENI or sub-ENI of the pod on the VPC console. This method is not recommended because the IP address of a pod changes after the pod is rescheduled. As a result, the new pod cannot access the Internet.)
                                                                                        • Configure SNAT rules through NAT Gateway.
                                                                                        
 
                                                                                        You can use NAT Gateway to enable container pods in a VPC to access the Internet. NAT Gateway provides source network address translation (SNAT), which translates private IP addresses to a public IP address by binding an elastic IP address (EIP) to the gateway, providing secure and efficient access to the Internet. Figure 1 shows the SNAT architecture. The SNAT function allows the container pods in a VPC to access the Internet without being bound to an EIP. SNAT supports a large number of concurrent connections, which makes it suitable for applications involving a large number of requests and connections.
                                                                                        
-
                                                                                        Figure 1 SNAT
                                                                                        
+
                                                                                        Figure 1 SNAT
                                                                                        
 
                                                                                        To enable a container to access the Internet, perform the following steps:
                                                                                        
-
                                                                                        1. Obtain an EIP. 
                                                                                          1. Log in to the management console.
                                                                                          2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                          3. Click  in the upper left corner and choose Networking > Elastic IP in the expanded list.
                                                                                          4. On the EIPs page, click Assign EIP.
                                                                                          5. Configure parameters as required.
                                                                                             
                                                                                            Set Region to the region where container pods are located.
                                                                                            
+
                                                                                            1. Obtain an EIP. 
                                                                                              1. Log in to the management console.
                                                                                              2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                              3. Click  in the upper left corner and choose Networking > Elastic IP in the expanded list.
                                                                                              4. On the EIPs page, click Assign EIP.
                                                                                              5. Configure parameters as required.
                                                                                                 
                                                                                                Set Region to the region where container pods are located.
                                                                                                
 
                                                                                                
 
                                                                                              
-
                                                                                            2. Create a NAT gateway. 
                                                                                              1. Click  in the upper left corner and choose Networking > NAT Gateway in the expanded list.
                                                                                              2. On the Public Network Gateways page, click Create Public NAT Gateway in the upper right corner.
                                                                                              3. Configure parameters as required.
                                                                                                 
                                                                                                Select the same VPC.
                                                                                                
+
                                                                                              4. Create a NAT gateway. 
                                                                                                1. Click  in the upper left corner and choose Networking > NAT Gateway in the expanded list.
                                                                                                2. On the Public Network Gateways page, click Create Public NAT Gateway in the upper right corner.
                                                                                                3. Configure parameters as required.
                                                                                                   
                                                                                                  Select the same VPC.
                                                                                                  
 
                                                                                                  
 
                                                                                                
-
                                                                                              5. Configure an SNAT rule and bind the EIP to the subnet. 
                                                                                                1. On the page displayed, click the name of the NAT gateway for which you want to add the SNAT rule.
                                                                                                2. On the SNAT Rules tab page, click Add SNAT Rule.
                                                                                                3. Set parameters as required.
                                                                                                
+
                                                                                              6. Configure an SNAT rule and bind the EIP to the subnet. 
                                                                                                1. On the page displayed, click the name of the NAT gateway for which you want to add the SNAT rule.
                                                                                                2. On the SNAT Rules tab page, click Add SNAT Rule.
                                                                                                3. Configure parameters as required.
                                                                                                
 
                                                                                                 
                                                                                                SNAT rules take effect by CIDR block. As different container network models use different communication modes, the subnet needs to be selected according to the following rules:
                                                                                                
 
                                                                                                • Tunnel network and VPC network: Select the subnet where the node is located, that is, the subnet selected during node creation.
                                                                                                • Cloud Native Network 2.0: Select the subnet where the container is located, that is, the container subnet selected during cluster creation.
                                                                                                
-
                                                                                                If there are multiple CIDR blocks, you can create multiple SNAT rules or customize a CIDR block as long as the CIDR block contains the container subnet (Cloud Native 2.0 network) or the node subnet.
                                                                                                
+
                                                                                                If there are multiple CIDR blocks, you can create multiple SNAT rules or customize a CIDR block as long as the CIDR block contains the container subnet (Cloud Native Network 2.0) or the node subnet.
                                                                                                
 
                                                                                                
 
                                                                                                After the SNAT rule is configured, workloads can access the Internet from the container. The Internet can be pinged from the container.
                                                                                                
 
                                                                                              
diff --git a/docs/cce/umn/cce_10_0402.html b/docs/cce/umn/cce_10_0402.html
index 1edfdfe5a..53651e1f5 100644
--- a/docs/cce/umn/cce_10_0402.html
+++ b/docs/cce/umn/cce_10_0402.html
@@ -31,7 +31,7 @@ nginx-6fdf99c8b-6wwft   1/1     Running   0          3m41s   10.1.0.55   10.1.0.
 
                                                                                            
 
                                                                                            Precautions
                                                                                            When a pod uses a host network, it uses a host port and its IP address is the same as the host's IP address. Before using a host network, verify that the pod port does not conflict with any service port on the host. Use a host network only if a workload pod must access a specific host port.
                                                                                            
 
                                                                                            When using the host network, you access a pod on a node through a node port. Therefore, allow access from the security group port of the node. Otherwise, the access fails.
                                                                                            
-
                                                                                            In addition, using the host network requires you to reserve host ports for the pods. When using a Deployment to deploy pods of the hostNetwork type, ensure that the number of pods does not exceed the number of nodes. Otherwise, multiple pods will be scheduled onto the node, and they will fail to start due to port conflicts. For example, in the preceding example nginx YAML, if two pods (setting replicas to 2) are deployed in a cluster with only one node, one pod cannot be created. The pod logs will show that the Nginx cannot be started because the port is occupied.
                                                                                            
+
                                                                                            In addition, using the host network requires you to reserve host ports for the pods. When using a Deployment to deploy hostNetwork pods, ensure that the number of pods does not exceed the number of nodes. Otherwise, multiple pods will be scheduled onto the node, and they will fail to start due to port conflicts. For example, in the preceding example nginx YAML, if two pods (setting replicas to 2) are deployed in a cluster with only one node, one pod cannot be created. The pod logs will show that the Nginx cannot be started because the port is occupied.
                                                                                            
 
                                                                                             
                                                                                            Do not schedule multiple pods that use the host network on the same node. Otherwise, when a ClusterIP Service is created to access a pod, the cluster IP address cannot be accessed.
                                                                                            
 
                                                                                            
 
                                                                                            $ kubectl get deploy
diff --git a/docs/cce/umn/cce_10_0403.html b/docs/cce/umn/cce_10_0403.html
index 688bd128b..744d7563c 100644
--- a/docs/cce/umn/cce_10_0403.html
+++ b/docs/cce/umn/cce_10_0403.html
@@ -1,15 +1,15 @@
 
 
-
                                                                                            Changing Cluster Scale
                                                                                            
-
                                                                                            Scenario
                                                                                            CCE allows you to change the number of nodes managed in a cluster.
                                                                                            
+
                                                                                            Changing a Cluster Scale
                                                                                            
+
                                                                                            Scenario
                                                                                            A cluster scale specifies the maximum number of nodes a cluster can manage. If the current cluster scale cannot meet your requirements, you can scale it out.
                                                                                            
 
                                                                                            
-
                                                                                            Notes and Constraints
                                                                                            • A cluster that has only one master node supports fewer than 1000 worker nodes.
                                                                                            • The number of master nodes cannot be changed when you modify cluster specifications.
                                                                                            • A cluster can only be scaled out to a larger specification, but cannot be scaled in.
                                                                                            • To ensure proper cluster functionality, perform any specifications changes during off-peak hours. This is because master nodes will need to be powered off and on, which can disrupt normal operations.
                                                                                            
+
                                                                                            Notes and Constraints
                                                                                            • A cluster that has only one master node supports fewer than 1000 worker nodes.
                                                                                            • The number of master nodes cannot be changed when you modify cluster specifications.
                                                                                            • A cluster can only be scaled out to a larger specification, but cannot be scaled in.
                                                                                            • To ensure proper cluster functionality, perform any specifications changes during off-peak hours. This is because master nodes will need to be powered off and on, which can interrupt normal operations.
                                                                                            
 
                                                                                            
-
                                                                                            Procedure
                                                                                            1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                            2. Locate the cluster whose specifications need to be modified, click ... to view more operations on the cluster, and choose Modify Specifications.
                                                                                            3. On the page displayed, select a new cluster scale.
                                                                                            4. Click Next to confirm the specifications and click OK.
                                                                                              You can click Operation Records in the upper right corner to view the cluster change history. The status changes from Executing to Successful, indicating that the cluster specifications are successfully changed.
                                                                                              
-
                                                                                               
                                                                                              After the cluster scale is changed to 1000 nodes or more, some parameter values of the cluster will be automatically adjusted to ensure the cluster performance. For details, see Modifying Cluster Configurations.
                                                                                              
-
                                                                                              
+
                                                                                              Procedure
                                                                                              1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                              2. In the cluster list on the right, locate the target cluster. Click  and choose Modify Specifications from the drop-down list.
                                                                                              3. On the page displayed, select a new cluster scale.
                                                                                              4. Click Next to confirm the specifications and click OK.
                                                                                                You can click Operation Records in the upper right corner to view the cluster change history. The status changes from Executing to Successful, indicating that the cluster specifications are successfully changed.
                                                                                                
 
                                                                                              
 
                                                                                              
+
                                                                                              Documentation
                                                                                              When a cluster is scaled to 1000 nodes or more, some parameter values of the cluster are automatically adjusted to ensure optimal performance. For details, see Modifying Cluster Configurations.
                                                                                              
+
                                                                                              
 
                                                                                            
 
                                                                                            
 
                                                                                            
diff --git a/docs/cce/umn/cce_10_0405.html b/docs/cce/umn/cce_10_0405.html
index 8209815f2..dce4dd3ff 100644
--- a/docs/cce/umn/cce_10_0405.html
+++ b/docs/cce/umn/cce_10_0405.html
@@ -1,51 +1,102 @@
 
 
 
                                                                                            Patch Version Release Notes
                                                                                            
-
                                                                                            Version 1.30
                                                                                            
-
                                                                                        Table 17 elb.health-check-options
                                                                                        Parameter
                                                                                        
 
                                                                                        Mandatory
                                                                                        
+
                                                                                        Mandatory
                                                                                        
 
                                                                                        Type
                                                                                        
+
                                                                                        Type
                                                                                        
 
                                                                                        Description
                                                                                        
+
                                                                                        Description
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        target_service_port
                                                                                        
+
                                                                                        target_service_port
                                                                                        
 
                                                                                        Yes
                                                                                        
+
                                                                                        Yes
                                                                                        
 
                                                                                        String
                                                                                        
+
                                                                                        String
                                                                                        
 
                                                                                        Port for health check specified by spec.ports. The value consists of the protocol and port number, for example, TCP:80.
                                                                                        
+
                                                                                        Port for health check specified by spec.ports. The value consists of the protocol and port number, for example, TCP:80.
                                                                                        
                                                                                         		
 
                                                                                        monitor_port
                                                                                        
+
                                                                                        monitor_port
                                                                                        
 
                                                                                        No
                                                                                        
+
                                                                                        No
                                                                                        
 
                                                                                        String
                                                                                        
+
                                                                                        String
                                                                                        
 
                                                                                        Re-specified port for health check. If this parameter is not specified, the service port is used by default.
                                                                                        
+
                                                                                        Re-specified port for health check. If this parameter is not specified, the service port is used by default.
                                                                                        
 
                                                                                         NOTE: 
                                                                                        Ensure that the port is in the listening state on the node where the pod is located. Otherwise, the health check result will be affected.
                                                                                        
 
                                                                                        
                                                                                         		
 
                                                                                        delay
                                                                                        
+
                                                                                        delay
                                                                                        
 
                                                                                        No
                                                                                        
+
                                                                                        No
                                                                                        
 
                                                                                        String
                                                                                        
+
                                                                                        String
                                                                                        
 
                                                                                        Health check interval (s)
                                                                                        
+
                                                                                        Health check interval (s)
                                                                                        
 
                                                                                        Value range: 1 to 50. Default value: 5
                                                                                        
                                                                                         		
 
                                                                                        timeout
                                                                                        
+
                                                                                        timeout
                                                                                        
 
                                                                                        No
                                                                                        
+
                                                                                        No
                                                                                        
 
                                                                                        String
                                                                                        
+
                                                                                        String
                                                                                        
 
                                                                                        Health check timeout, in seconds.
                                                                                        
+
                                                                                        Health check timeout, in seconds.
                                                                                        
 
                                                                                        Value range: 1 to 50. Default value: 10
                                                                                        
                                                                                         		
 
                                                                                        max_retries
                                                                                        
+
                                                                                        max_retries
                                                                                        
 
                                                                                        No
                                                                                        
+
                                                                                        No
                                                                                        
 
                                                                                        String
                                                                                        
+
                                                                                        String
                                                                                        
 
                                                                                        Maximum number of health check retries.
                                                                                        
+
                                                                                        Maximum number of health check retries.
                                                                                        
 
                                                                                        Value range: 1 to 10. Default value: 3
                                                                                        
                                                                                         		
 
                                                                                        protocol
                                                                                        
+
                                                                                        protocol
                                                                                        
 
                                                                                        No
                                                                                        
+
                                                                                        No
                                                                                        
 
                                                                                        String
                                                                                        
+
                                                                                        String
                                                                                        
 
                                                                                        Health check protocol.
                                                                                        
+
                                                                                        Health check protocol.
                                                                                        
 
                                                                                        Default value: protocol of the associated Service
                                                                                        
-
                                                                                        Value options: TCP, UDP, or HTTP
                                                                                        
+
                                                                                        Options: TCP, UDP, and HTTP
                                                                                        
                                                                                         		
 
                                                                                        path
                                                                                        
+
                                                                                        path
                                                                                        
 
                                                                                        No
                                                                                        
+
                                                                                        No
                                                                                        
 
                                                                                        String
                                                                                        
+
                                                                                        String
                                                                                        
 
                                                                                        Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                        
+
                                                                                        Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                        
 
                                                                                        Default value: /
                                                                                        
 
                                                                                        Value range: 1-80 characters
                                                                                        
                                                                                         		
 
 
 
 
 
 
                                                                                        Table 1 Release notes for the v1.30 patch
                                                                                        CCE Cluster Patch Version
                                                                                        
+
                                                                                        Version 1.31
                                                                                        
+
                                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
                                                                                        Table 1 Release notes for the v1.31 patch
                                                                                        CCE Cluster Patch Version
                                                                                        
 
                                                                                        Kubernetes Version
                                                                                        
+
                                                                                        Kubernetes Version
                                                                                        
 
                                                                                        Feature Updates
                                                                                        
+
                                                                                        Feature Updates
                                                                                        
 
                                                                                        Optimization
                                                                                        
+
                                                                                        Optimization
                                                                                        
 
                                                                                        Vulnerability Fixing
                                                                                        
+
                                                                                        Vulnerability Fixing
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        v1.30.4-r0
                                                                                        
+
                                                                                        v1.31.4-r0
                                                                                        
 
                                                                                        v1.30.4
                                                                                        
+
                                                                                        v1.31.4
                                                                                        
 
                                                                                        • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
                                                                                        
+
                                                                                        • Nodes added during a node pool scale-out can be automatically bound with EIPs.
                                                                                        • ELB ingresses allow you to specify backend server groups for forwarding.
                                                                                        
 
                                                                                        • You can change a node password when updating its node pool.
                                                                                        • A node can be attached with no data disks.
                                                                                        • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
                                                                                        • The default image address can be customized for Docker node pools.
                                                                                        
+
                                                                                        -
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.30.1-r2
                                                                                        
+
                                                                                        v1.31.1-r0
                                                                                        
 
                                                                                        v1.30.2
                                                                                        
+
                                                                                        v1.31.1
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        CCE clusters of v1.31 are released for the first time. For more information, see Kubernetes 1.31 Release Notes.
                                                                                        
+
                                                                                        • LoadBalancer ingresses support more advanced forwarding actions and return fixed responses.
                                                                                        • DataPlane V2 is available for newly created CCE standard and Turbo clusters that use VPC networks. After DataPlane V2 is enabled, you can configure network policies for these clusters.
                                                                                        
 
                                                                                        Enhanced system stability.
                                                                                        
+
                                                                                        • During a cluster upgrade, you can scale out the nodes in the cluster.
                                                                                        • You can choose multiple blocklists or trustlists to manage access to a LoadBalancer ingress.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        None
                                                                                        
                                                                                         		
 
                                                                                        v1.30.1-r0
                                                                                        
+
                                                                                        
+
                                                                                        
+
                                                                                        
+
                                                                                        Version 1.30
                                                                                        
+
                                                                                        
+
+
+
+
+
+
+
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -53,49 +104,60 @@
 
                                                                                        Version 1.29
                                                                                        
-
                                                                                        Table 2 Release notes for the v1.30 patch
                                                                                        CCE Cluster Patch Version
                                                                                        
+
                                                                                        Kubernetes Version
                                                                                        
+
                                                                                        Feature Updates
                                                                                        
+
                                                                                        Optimization
                                                                                        
+
                                                                                        Vulnerability Fixing
                                                                                        
+
                                                                                        v1.30.6-r10
                                                                                        
 
                                                                                        v1.30.2
                                                                                        
+
                                                                                        v1.30.6
                                                                                        
 
                                                                                        CCE clusters of v1.30 are released for the first time. For more information, see Kubernetes 1.30 Release Notes.
                                                                                        
-
                                                                                        • When deleting a cluster, CCE enables you to select which log groups to delete.
                                                                                        • When a node is created using a private image, the image password can be retained.
                                                                                        • CCE supports GPU rendering.
                                                                                        
+
                                                                                        • Nodes added during a node pool scale-out can be automatically bound with EIPs.
                                                                                        • ELB ingresses allow you to specify backend server groups for forwarding.
                                                                                        
 
                                                                                        CCE can handle ELB listeners on all ports.
                                                                                        
+
                                                                                        -
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        v1.30.4-r0
                                                                                        
+
                                                                                        v1.30.4
                                                                                        
+
                                                                                        • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
                                                                                        • LoadBalancer ingresses support cross-origin access.
                                                                                        
+
                                                                                        • You can change a node password when updating its node pool.
                                                                                        • A node can be attached with no data disks.
                                                                                        • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
                                                                                        • The default image address can be customized for Docker node pools.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        v1.30.1-r2
                                                                                        
+
                                                                                        v1.30.2
                                                                                        
+
                                                                                        None
                                                                                        
+
                                                                                        Enhanced system stability.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        v1.30.1-r0
                                                                                        
+
                                                                                        v1.30.2
                                                                                        
+
                                                                                        CCE clusters of v1.30 are released for the first time. For more information, see Kubernetes 1.30 Release Notes.
                                                                                        
+
                                                                                        • When deleting a cluster, CCE enables you to select which log groups to delete.
                                                                                        • When a node is created using a private image, the image password can be retained.
                                                                                        • CCE supports GPU rendering.
                                                                                        
+
                                                                                        CCE can handle ELB listeners on all ports.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        
                                                                                         
 
 
                                                                                        Table 2 Release notes for the v1.29 patch
                                                                                        CCE Cluster Patch Version
                                                                                        
+
                                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
@@ -103,313 +165,343 @@
 
                                                                                        Version 1.28
                                                                                        
-
                                                                                        Table 3 Release notes for the v1.29 patch
                                                                                        CCE Cluster Patch Version
                                                                                        
 
                                                                                        Kubernetes Version
                                                                                        
+
                                                                                        Kubernetes Version
                                                                                        
 
                                                                                        Feature Updates
                                                                                        
+
                                                                                        Feature Updates
                                                                                        
 
                                                                                        Optimization
                                                                                        
+
                                                                                        Optimization
                                                                                        
 
                                                                                        Vulnerability Fixing
                                                                                        
+
                                                                                        Vulnerability Fixing
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        v1.29.8-r0
                                                                                        
+
                                                                                        v1.29.10-r10
                                                                                        
 
                                                                                        v1.29.8
                                                                                        
+
                                                                                        v1.29.10
                                                                                        
 
                                                                                        • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
                                                                                        
+
                                                                                        • Nodes added during a node pool scale-out can be automatically bound with EIPs.
                                                                                        • ELB ingresses allow you to specify backend server groups for forwarding.
                                                                                        
 
                                                                                        • You can change a node password when updating its node pool.
                                                                                        • A node can be attached with no data disks.
                                                                                        • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
                                                                                        • The default image address can be customized for Docker node pools.
                                                                                        
+
                                                                                        -
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.29.2-r0
                                                                                        
+
                                                                                        v1.29.8-r0
                                                                                        
 
                                                                                        v1.29.3
                                                                                        
+
                                                                                        v1.29.8
                                                                                        
 
                                                                                        • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                        • Scaling priority policies can be configured for third-party workloads.
                                                                                        • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                        • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                        
+
                                                                                        • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
                                                                                        
 
                                                                                        • An in-progress node drainage can be canceled.
                                                                                        • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                        • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                        • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                        
+
                                                                                        • You can change a node password when updating its node pool.
                                                                                        • A node can be attached with no data disks.
                                                                                        • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
                                                                                        • The default image address can be customized for Docker node pools.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.29.1-r0
                                                                                        
+
                                                                                        v1.29.2-r0
                                                                                        
 
                                                                                        v1.29.1
                                                                                        
+
                                                                                        v1.29.3
                                                                                        
 
                                                                                        CCE clusters of v1.29 are released for the first time. For more information, see Kubernetes 1.29 Release Notes.
                                                                                        
+
                                                                                        • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                        • Scaling priority policies can be configured for third-party workloads.
                                                                                        • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                        • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        • An in-progress node drainage can be canceled.
                                                                                        • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                        • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                        • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        v1.29.1-r0
                                                                                        
+
                                                                                        v1.29.1
                                                                                        
+
                                                                                        CCE clusters of v1.29 are released for the first time. For more information, see Kubernetes 1.29 Release Notes.
                                                                                        
+
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
                                                                                         		
 
                                                                                        
                                                                                         
 
 
                                                                                        Table 3 Release notes for the v1.28 patch
                                                                                        CCE Cluster Patch Version
                                                                                        
+
                                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                        Table 4 Release notes for the v1.28 patch
                                                                                        CCE Cluster Patch Version
                                                                                        
 
                                                                                        Kubernetes Version
                                                                                        
+
                                                                                        Kubernetes Version
                                                                                        
 
                                                                                        Feature Updates
                                                                                        
+
                                                                                        Feature Updates
                                                                                        
 
                                                                                        Optimization
                                                                                        
+
                                                                                        Optimization
                                                                                        
 
                                                                                        Vulnerability Fixing
                                                                                        
+
                                                                                        Vulnerability Fixing
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        v1.28.13-r0
                                                                                        
+
                                                                                        v1.28.15-r10
                                                                                        
 
                                                                                        v1.28.13
                                                                                        
+
                                                                                        v1.28.15
                                                                                        
 
                                                                                        • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
                                                                                        
+
                                                                                        • Nodes added during a node pool scale-out can be automatically bound with EIPs.
                                                                                        • ELB ingresses allow you to specify backend server groups for forwarding.
                                                                                        
 
                                                                                        • You can change a node password when updating its node pool.
                                                                                        • A node can be attached with no data disks.
                                                                                        • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
                                                                                        • The default image address can be customized for Docker node pools.
                                                                                        
+
                                                                                        -
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.28.6-r0
                                                                                        
+
                                                                                        v1.28.13-r0
                                                                                        
 
                                                                                        v1.28.8
                                                                                        
+
                                                                                        v1.28.13
                                                                                        
 
                                                                                        • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                        • Scaling priority policies can be configured for third-party workloads.
                                                                                        • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                        • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                        
+
                                                                                        • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
                                                                                        
 
                                                                                        • An in-progress node drainage can be canceled.
                                                                                        • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                        • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                        • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                        
+
                                                                                        • You can change a node password when updating its node pool.
                                                                                        • A node can be attached with no data disks.
                                                                                        • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
                                                                                        • The default image address can be customized for Docker node pools.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.28.3-r0
                                                                                        
+
                                                                                        v1.28.6-r0
                                                                                        
 
                                                                                        v1.28.3
                                                                                        
+
                                                                                        v1.28.8
                                                                                        
 
                                                                                        LoadBalancer Services and ingresses allow you to:
                                                                                        • Configure SNI.
                                                                                        • Enable HTTP/2.
                                                                                        • Configure idle timeout, request timeout, and response timeout.
                                                                                        
+
                                                                                        • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                        • Scaling priority policies can be configured for third-party workloads.
                                                                                        • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                        • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                        
+
                                                                                        • An in-progress node drainage can be canceled.
                                                                                        • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                        • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                        • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        v1.28.3-r0
                                                                                        
+
                                                                                        v1.28.3
                                                                                        
+
                                                                                        LoadBalancer Services and ingresses allow you to:
                                                                                        • Configure SNI.
                                                                                        • Enable HTTP/2.
                                                                                        • Configure idle timeout, request timeout, and response timeout.
                                                                                        
 
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.28.2-r0
                                                                                        
+
                                                                                        v1.28.2-r0
                                                                                        
 
                                                                                        v1.28.3
                                                                                        
+
                                                                                        v1.28.3
                                                                                        
 
                                                                                        • You can configure an ELB blocklist/trustlist for access control when creating a Service or ingress.
                                                                                        
+
                                                                                        • You can configure an ELB blocklist/trustlist for access control when creating a Service or ingress.
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.28.1-r4
                                                                                        
+
                                                                                        v1.28.1-r4
                                                                                        
 
                                                                                        v1.28.3
                                                                                        
+
                                                                                        v1.28.3
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed CVE-2024-21626 issues.
                                                                                        
+
                                                                                        Fixed CVE-2024-21626 issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.28.1-r0
                                                                                        
+
                                                                                        v1.28.1-r0
                                                                                        
 
                                                                                        v1.28.3
                                                                                        
+
                                                                                        v1.28.3
                                                                                        
 
                                                                                        CCE clusters of v1.28 are released for the first time. For more information, see Kubernetes 1.28 Release Notes.
                                                                                        
+
                                                                                        CCE clusters of v1.28 are released for the first time. For more information, see Kubernetes 1.28 Release Notes.
                                                                                        
 
                                                                                        • The prefix and suffix of a node name can be customized in node pools.
                                                                                        • In CCE Turbo clusters, you can create container networks for workloads and specify pod subnets.
                                                                                        • LoadBalancer ingresses support gRPC.
                                                                                        • LoadBalancer Services allow you to specify a private IP address for a load balancer during Service creation using YAML.
                                                                                        
 
                                                                                        • Accelerated the startup speed for creating a large number of Kata containers in a CCE Turbo cluster.
                                                                                        • Improved the stability when Kata containers are repeatedly created or deleted in a CCE Turbo cluster.
                                                                                        
+
                                                                                        • Accelerated the startup speed for creating a large number of secure containers in a CCE Turbo cluster.
                                                                                        • Improved the stability when secure containers are repeatedly created or deleted in a CCE Turbo cluster.
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
                                                                                         		
 
                                                                                        
                                                                                         
 
                                                                                        
 
                                                                                        
-
                                                                                        
 
-
                                                                                        Version 1.27
                                                                                         
                                                                                        dockershim has been removed since Kubernetes v1.24, and Docker is not supported in v1.24 and later versions by default. Use containerd. 
                                                                                        
-
                                                                                        
-
-
                                                                                        Table 4 Release notes for the v1.27 patch
                                                                                        CCE Cluster Patch Version
                                                                                        
+
                                                                                        Version 1.27
                                                                                        
+
                                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                        Table 5 Release notes for the v1.27 patch
                                                                                        CCE Cluster Patch Version
                                                                                        
 
                                                                                        Kubernetes Version
                                                                                        
+
                                                                                        Kubernetes Version
                                                                                        
 
                                                                                        Feature Updates
                                                                                        
+
                                                                                        Feature Updates
                                                                                        
 
                                                                                        Optimization
                                                                                        
+
                                                                                        Optimization
                                                                                        
 
                                                                                        Vulnerability Fixing
                                                                                        
+
                                                                                        Vulnerability Fixing
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        v1.27.16-r0
                                                                                        
+
                                                                                        v1.27.16-r20
                                                                                        
 
                                                                                        v1.27.16
                                                                                        
+
                                                                                        v1.27.16
                                                                                        
 
                                                                                        • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
                                                                                        
+
                                                                                        • Nodes added during a node pool scale-out can be automatically bound with EIPs.
                                                                                        • ELB ingresses allow you to specify backend server groups for forwarding.
                                                                                        
 
                                                                                        • You can change a node password when updating its node pool.
                                                                                        • A node can be attached with no data disks.
                                                                                        • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
                                                                                        • The default image address can be customized for Docker node pools.
                                                                                        
+
                                                                                        -
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.27.8-r0
                                                                                        
+
                                                                                        v1.27.16-r0
                                                                                        
 
                                                                                        v1.27.12
                                                                                        
+
                                                                                        v1.27.16
                                                                                        
 
                                                                                        • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                        • Scaling priority policies can be configured for third-party workloads.
                                                                                        • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                        • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                        
+
                                                                                        • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
                                                                                        
 
                                                                                        • An in-progress node drainage can be canceled.
                                                                                        • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                        • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                        • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                        
+
                                                                                        • You can change a node password when updating its node pool.
                                                                                        • A node can be attached with no data disks.
                                                                                        • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
                                                                                        • The default image address can be customized for Docker node pools.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.27.5-r0
                                                                                        
+
                                                                                        v1.27.8-r0
                                                                                        
 
                                                                                        v1.27.4
                                                                                        
+
                                                                                        v1.27.12
                                                                                        
 
                                                                                        LoadBalancer Services and ingresses allow you to:
                                                                                        • Configure SNI.
                                                                                        • Enable HTTP/2.
                                                                                        • Configure idle timeout, request timeout, and response timeout.
                                                                                        
+
                                                                                        • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                        • Scaling priority policies can be configured for third-party workloads.
                                                                                        • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                        • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                        
+
                                                                                        • An in-progress node drainage can be canceled.
                                                                                        • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                        • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                        • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        v1.27.5-r0
                                                                                        
+
                                                                                        v1.27.4
                                                                                        
+
                                                                                        LoadBalancer Services and ingresses allow you to:
                                                                                        • Configure SNI.
                                                                                        • Enable HTTP/2.
                                                                                        • Configure idle timeout, request timeout, and response timeout.
                                                                                        
 
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.27.3-r4
                                                                                        
+
                                                                                        v1.27.3-r4
                                                                                        
 
                                                                                        v1.27.4
                                                                                        
+
                                                                                        v1.27.4
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed CVE-2024-21626 issues.
                                                                                        
+
                                                                                        Fixed CVE-2024-21626 issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.27.2-r0
                                                                                        
+
                                                                                        v1.27.2-r0
                                                                                        
 
                                                                                        v1.27.2
                                                                                        
+
                                                                                        v1.27.2
                                                                                        
 
                                                                                        • Volcano supports node pool affinity scheduling. 
                                                                                        • Volcano supports workload rescheduling. 
                                                                                        
+
                                                                                        • Volcano supports node pool affinity scheduling. 
                                                                                        • Volcano supports workload rescheduling. 
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.27.1-r10
                                                                                        
+
                                                                                        v1.27.1-r10
                                                                                        
 
                                                                                        v1.27.2
                                                                                        
+
                                                                                        v1.27.2
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Optimized the events generated during node pool scaling.
                                                                                        
+
                                                                                        Optimized the events generated during node pool scaling.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.27.1-r0
                                                                                        
+
                                                                                        v1.27.1-r0
                                                                                        
 
                                                                                        v1.27.2
                                                                                        
+
                                                                                        v1.27.2
                                                                                        
 
                                                                                        CCE clusters of v1.27 are released for the first time. For more information, see Kubernetes 1.27 Release Notes.
                                                                                        
+
                                                                                        CCE clusters of v1.27 are released for the first time. For more information, see Kubernetes 1.27 Release Notes.
                                                                                        
 
                                                                                        • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
                                                                                         		
 
                                                                                        
                                                                                         
 
                                                                                        
 
                                                                                        
 
                                                                                        
-
                                                                                        Version 1.25
                                                                                         
                                                                                        All nodes in the CCE clusters of version 1.25, except the ones running EulerOS 2.5, use containerd by default.
                                                                                        
+
                                                                                        Version 1.25
                                                                                         
                                                                                        In CCE clusters of v1.25, containerd is the default runtime for nodes, except for nodes running EulerOS 2.5. In addition, clusters of v1.25 or later no longer support EulerOS 2.5.
                                                                                        
 
                                                                                        
 
-
                                                                                        Table 5 Release notes for the v1.25 patch
                                                                                        CCE Cluster Patch Version
                                                                                        
+
                                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -417,139 +509,150 @@
 
                                                                                        Version 1.23
                                                                                        
-
                                                                                        Table 6 Release notes for the v1.25 patch
                                                                                        CCE Cluster Patch Version
                                                                                        
 
                                                                                        Kubernetes Version
                                                                                        
+
                                                                                        Kubernetes Version
                                                                                        
 
                                                                                        Feature Updates
                                                                                        
+
                                                                                        Feature Updates
                                                                                        
 
                                                                                        Optimization
                                                                                        
+
                                                                                        Optimization
                                                                                        
 
                                                                                        Vulnerability Fixing
                                                                                        
+
                                                                                        Vulnerability Fixing
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        v1.25.16-r0
                                                                                        
+
                                                                                        v1.25.16-r20
                                                                                        
 
                                                                                        v1.25.16
                                                                                        
+
                                                                                        v1.25.16
                                                                                        
 
                                                                                        • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
                                                                                        
+
                                                                                        • Nodes added during a node pool scale-out can be automatically bound with EIPs.
                                                                                        • ELB ingresses allow you to specify backend server groups for forwarding.
                                                                                        
 
                                                                                        • You can change a node password when updating its node pool.
                                                                                        • A node can be attached with no data disks.
                                                                                        • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
                                                                                        • The default image address can be customized for Docker node pools.
                                                                                        
+
                                                                                        -
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.25.11-r0
                                                                                        
+
                                                                                        v1.25.16-r0
                                                                                        
 
                                                                                        v1.25.16
                                                                                        
+
                                                                                        v1.25.16
                                                                                        
 
                                                                                        • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                        • Scaling priority policies can be configured for third-party workloads.
                                                                                        • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                        • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                        
+
                                                                                        • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
                                                                                        
 
                                                                                        • An in-progress node drainage can be canceled.
                                                                                        • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                        • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                        • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                        
+
                                                                                        • You can change a node password when updating its node pool.
                                                                                        • A node can be attached with no data disks.
                                                                                        • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
                                                                                        • The default image address can be customized for Docker node pools.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.25.8-r0
                                                                                        
+
                                                                                        v1.25.11-r0
                                                                                        
 
                                                                                        v1.25.10
                                                                                        
+
                                                                                        v1.25.16
                                                                                        
 
                                                                                        LoadBalancer Services and ingresses allow you to:
                                                                                        • Configure SNI.
                                                                                        • Enable HTTP/2.
                                                                                        • Configure idle timeout, request timeout, and response timeout.
                                                                                        
+
                                                                                        • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                        • Scaling priority policies can be configured for third-party workloads.
                                                                                        • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                        • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                        
+
                                                                                        • An in-progress node drainage can be canceled.
                                                                                        • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                        • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                        • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        v1.25.8-r0
                                                                                        
+
                                                                                        v1.25.10
                                                                                        
+
                                                                                        LoadBalancer Services and ingresses allow you to:
                                                                                        • Configure SNI.
                                                                                        • Enable HTTP/2.
                                                                                        • Configure idle timeout, request timeout, and response timeout.
                                                                                        
 
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.25.6-r4
                                                                                        
+
                                                                                        v1.25.6-r4
                                                                                        
 
                                                                                        v1.25.10
                                                                                        
+
                                                                                        v1.25.10
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed CVE-2024-21626 issues.
                                                                                        
+
                                                                                        Fixed CVE-2024-21626 issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.25.5-r0
                                                                                        
+
                                                                                        v1.25.5-r0
                                                                                        
 
                                                                                        v1.25.5
                                                                                        
+
                                                                                        v1.25.5
                                                                                        
 
                                                                                        • Volcano supports node pool affinity scheduling. 
                                                                                        • Volcano supports workload rescheduling. 
                                                                                        
+
                                                                                        • Volcano supports node pool affinity scheduling. 
                                                                                        • Volcano supports workload rescheduling. 
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.25.4-r10
                                                                                        
+
                                                                                        v1.25.4-r10
                                                                                        
 
                                                                                        v1.25.5
                                                                                        
+
                                                                                        v1.25.5
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Optimized the events generated during node pool scaling.
                                                                                        
+
                                                                                        Optimized the events generated during node pool scaling.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.25.4-r0
                                                                                        
+
                                                                                        v1.25.4-r0
                                                                                        
 
                                                                                        v1.25.5
                                                                                        
+
                                                                                        v1.25.5
                                                                                        
 
                                                                                        • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                        • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                        
+
                                                                                        • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.25.3-r10
                                                                                        
+
                                                                                        v1.25.3-r10
                                                                                        
 
                                                                                        v1.25.5
                                                                                        
+
                                                                                        v1.25.5
                                                                                        
 
                                                                                        The timeout interval can be configured for a load balancer. 
                                                                                        
+
                                                                                        The timeout interval can be configured for a load balancer. 
                                                                                        
 
                                                                                        High-frequency parameters of kube-apiserver are configurable.
                                                                                        
+
                                                                                        High-frequency parameters of kube-apiserver are configurable.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.25.3-r0
                                                                                        
+
                                                                                        v1.25.3-r0
                                                                                        
 
                                                                                        v1.25.5
                                                                                        
+
                                                                                        v1.25.5
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Enhanced network stability of CCE Turbo clusters when their specifications are modified.
                                                                                        
+
                                                                                        Enhanced network stability of CCE Turbo clusters when their specifications are modified.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.25.1-r0
                                                                                        
+
                                                                                        v1.25.1-r0
                                                                                        
 
                                                                                        v1.25.5
                                                                                        
+
                                                                                        v1.25.5
                                                                                        
 
                                                                                        CCE clusters of v1.25 are released for the first time. For more information, see Kubernetes 1.25 Release Notes.
                                                                                        
+
                                                                                        CCE clusters of v1.25 are released for the first time. For more information, see Kubernetes 1.25 Release Notes.
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
                                                                                         		
 
                                                                                        
                                                                                         
 
 
                                                                                        Table 6 Release notes for the v1.23 patch
                                                                                        CCE Cluster Patch Version
                                                                                        
+
                                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -557,116 +660,116 @@
 
                                                                                        Version 1.21
                                                                                        
-
                                                                                        Table 7 Release notes for the v1.23 patch
                                                                                        CCE Cluster Patch Version
                                                                                        
 
                                                                                        Kubernetes Version
                                                                                        
+
                                                                                        Kubernetes Version
                                                                                        
 
                                                                                        Feature Updates
                                                                                        
+
                                                                                        Feature Updates
                                                                                        
 
                                                                                        Optimization
                                                                                        
+
                                                                                        Optimization
                                                                                        
 
                                                                                        Vulnerability Fixing
                                                                                        
+
                                                                                        Vulnerability Fixing
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        v1.23.18-r10
                                                                                        
+
                                                                                        v1.23.18-r16
                                                                                        
 
                                                                                        v1.23.18
                                                                                        
+
                                                                                        v1.23.18
                                                                                        
 
                                                                                        • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        • You can change a node password when updating its node pool.
                                                                                        • A node can be attached with no data disks.
                                                                                        • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
                                                                                        • The default image address can be customized for Docker node pools.
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.23.16-r0
                                                                                        
+
                                                                                        v1.23.18-r10
                                                                                        
 
                                                                                        v1.23.17
                                                                                        
+
                                                                                        v1.23.18
                                                                                        
 
                                                                                        • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                        • Scaling priority policies can be configured for third-party workloads.
                                                                                        • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                        • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                        
+
                                                                                        • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
                                                                                        
 
                                                                                        • An in-progress node drainage can be canceled.
                                                                                        • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                        • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                        • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                        
+
                                                                                        • You can change a node password when updating its node pool.
                                                                                        • A node can be attached with no data disks.
                                                                                        • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
                                                                                        • The default image address can be customized for Docker node pools.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.23.13-r0
                                                                                        
+
                                                                                        v1.23.16-r0
                                                                                        
 
                                                                                        v1.23.17
                                                                                        
+
                                                                                        v1.23.17
                                                                                        
 
                                                                                        LoadBalancer Services and ingresses allow you to:
                                                                                        • Configure SNI.
                                                                                        • Enable HTTP/2.
                                                                                        • Configure idle timeout, request timeout, and response timeout.
                                                                                        
+
                                                                                        • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                        • Scaling priority policies can be configured for third-party workloads.
                                                                                        • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                        • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                        
+
                                                                                        • An in-progress node drainage can be canceled.
                                                                                        • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                        • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                        • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        v1.23.13-r0
                                                                                        
+
                                                                                        v1.23.17
                                                                                        
+
                                                                                        LoadBalancer Services and ingresses allow you to:
                                                                                        • Configure SNI.
                                                                                        • Enable HTTP/2.
                                                                                        • Configure idle timeout, request timeout, and response timeout.
                                                                                        
 
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.23.11-r4
                                                                                        
+
                                                                                        v1.23.11-r4
                                                                                        
 
                                                                                        v1.23.17
                                                                                        
+
                                                                                        v1.23.17
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed CVE-2024-21626 issues.
                                                                                        
+
                                                                                        Fixed CVE-2024-21626 issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.23.10-r0
                                                                                        
+
                                                                                        v1.23.10-r0
                                                                                        
 
                                                                                        v1.23.11
                                                                                        
+
                                                                                        v1.23.11
                                                                                        
 
                                                                                        • Volcano supports node pool affinity scheduling. 
                                                                                        • Volcano supports workload rescheduling. 
                                                                                        
+
                                                                                        • Volcano supports node pool affinity scheduling. 
                                                                                        • Volcano supports workload rescheduling. 
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.23.9-r10
                                                                                        
+
                                                                                        v1.23.9-r10
                                                                                        
 
                                                                                        v1.23.11
                                                                                        
+
                                                                                        v1.23.11
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Optimized the events generated during node pool scaling.
                                                                                        
+
                                                                                        Optimized the events generated during node pool scaling.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.23.9-r0
                                                                                        
+
                                                                                        v1.23.9-r0
                                                                                        
 
                                                                                        v1.23.11
                                                                                        
+
                                                                                        v1.23.11
                                                                                        
 
                                                                                        • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                        • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                        
+
                                                                                        • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                        • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.23.8-r10
                                                                                        
+
                                                                                        v1.23.8-r10
                                                                                        
 
                                                                                        v1.23.11
                                                                                        
+
                                                                                        v1.23.11
                                                                                        
 
                                                                                        The timeout interval can be configured for a load balancer. 
                                                                                        
+
                                                                                        The timeout interval can be configured for a load balancer. 
                                                                                        
 
                                                                                        High-frequency parameters of kube-apiserver are configurable.
                                                                                        
+
                                                                                        High-frequency parameters of kube-apiserver are configurable.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.23.8-r0
                                                                                        
+
                                                                                        v1.23.8-r0
                                                                                        
 
                                                                                        v1.23.11
                                                                                        
+
                                                                                        v1.23.11
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        • Enhanced Docker reliability during upgrades.
                                                                                        • Optimized node time synchronization.
                                                                                        
+
                                                                                        • Enhanced Docker reliability during upgrades.
                                                                                        • Optimized node time synchronization.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.23.5-r0
                                                                                        
+
                                                                                        v1.23.5-r0
                                                                                        
 
                                                                                        v1.23.11
                                                                                        
+
                                                                                        v1.23.11
                                                                                        
 
                                                                                        • Fault detection and isolation are supported on GPU nodes.
                                                                                        • Security groups can be customized by cluster.
                                                                                        • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                        • containerd is supported.
                                                                                        
+
                                                                                        • Fault detection and isolation are supported on GPU nodes.
                                                                                        • Security groups can be customized by cluster.
                                                                                        • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                        • containerd is supported.
                                                                                        
 
                                                                                        • Upgraded the etcd version of the master node to the Kubernetes version 3.5.6.
                                                                                        • Optimized scheduling so that pods are evenly distributed across AZs after pods are scaled in.
                                                                                        • Optimized the memory usage of kube-apiserver when CRDs are frequently updated.
                                                                                        
+
                                                                                        • Upgraded the etcd version of the master node to the Kubernetes version 3.5.6.
                                                                                        • Optimized scheduling so that pods are evenly distributed across AZs after pods are scaled in.
                                                                                        • Optimized the memory usage of kube-apiserver when CRDs are frequently updated.
                                                                                        
 
                                                                                        Fixed some security issues and the following CVE vulnerabilities:
                                                                                        
+
                                                                                        Fixed some security issues and the following CVE vulnerabilities:
                                                                                        
 
                                                                                         		
 
                                                                                        v1.23.1-r0
                                                                                        
+
                                                                                        v1.23.1-r0
                                                                                        
 
                                                                                        v1.23.4
                                                                                        
+
                                                                                        v1.23.4
                                                                                        
 
                                                                                        CCE clusters of v1.23 are released for the first time. For more information, see Kubernetes 1.23 Release Notes.
                                                                                        
+
                                                                                        CCE clusters of v1.23 are released for the first time. For more information, see Kubernetes 1.23 Release Notes.
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
                                                                                         		
 
                                                                                        
                                                                                         
 
 
                                                                                        Table 7 Release notes for the v1.21 patch
                                                                                        CCE Cluster Patch Version
                                                                                        
+
                                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -674,117 +777,117 @@
 
                                                                                        Version 1.19
                                                                                        
-
                                                                                        Table 8 Release notes for the v1.21 patch
                                                                                        CCE Cluster Patch Version
                                                                                        
 
                                                                                        Kubernetes Version
                                                                                        
+
                                                                                        Kubernetes Version
                                                                                        
 
                                                                                        Feature Updates
                                                                                        
+
                                                                                        Feature Updates
                                                                                        
 
                                                                                        Optimization
                                                                                        
+
                                                                                        Optimization
                                                                                        
 
                                                                                        Vulnerability Fixing
                                                                                        
+
                                                                                        Vulnerability Fixing
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        v1.21.14-r0
                                                                                        
+
                                                                                        v1.21.14-r0
                                                                                        
 
                                                                                        v1.21.14
                                                                                        
+
                                                                                        v1.21.14
                                                                                        
 
                                                                                        A PVC can be used to dynamically create and mount an SFS Turbo subdirectory.
                                                                                        
+
                                                                                        A PVC can be used to dynamically create and mount an SFS Turbo subdirectory.
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.21.12-r4
                                                                                        
+
                                                                                        v1.21.12-r4
                                                                                        
 
                                                                                        v1.21.14
                                                                                        
+
                                                                                        v1.21.14
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed CVE-2024-21626 issues.
                                                                                        
+
                                                                                        Fixed CVE-2024-21626 issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.21.11-r20
                                                                                        
+
                                                                                        v1.21.11-r20
                                                                                        
 
                                                                                        v1.21.14
                                                                                        
+
                                                                                        v1.21.14
                                                                                        
 
                                                                                        • Volcano supports node pool affinity scheduling. 
                                                                                        • Volcano supports workload rescheduling. 
                                                                                        
+
                                                                                        • Volcano supports node pool affinity scheduling. 
                                                                                        • Volcano supports workload rescheduling. 
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.21.11-r10
                                                                                        
+
                                                                                        v1.21.11-r10
                                                                                        
 
                                                                                        v1.21.14
                                                                                        
+
                                                                                        v1.21.14
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Optimized the events generated during node pool scaling.
                                                                                        
+
                                                                                        Optimized the events generated during node pool scaling.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.21.11-r0
                                                                                        
+
                                                                                        v1.21.11-r0
                                                                                        
 
                                                                                        v1.21.14
                                                                                        
+
                                                                                        v1.21.14
                                                                                        
 
                                                                                        • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                        • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                        
+
                                                                                        • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.21.10-r10
                                                                                        
+
                                                                                        v1.21.10-r10
                                                                                        
 
                                                                                        v1.21.14
                                                                                        
+
                                                                                        v1.21.14
                                                                                        
 
                                                                                        The timeout interval can be configured for a load balancer. 
                                                                                        
+
                                                                                        The timeout interval can be configured for a load balancer. 
                                                                                        
 
                                                                                        High-frequency parameters of kube-apiserver are configurable.
                                                                                        
+
                                                                                        High-frequency parameters of kube-apiserver are configurable.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.21.10-r0
                                                                                        
+
                                                                                        v1.21.10-r0
                                                                                        
 
                                                                                        v1.21.14
                                                                                        
+
                                                                                        v1.21.14
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        • Enhanced Docker reliability during upgrades.
                                                                                        • Optimized node time synchronization.
                                                                                        • Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.
                                                                                        
+
                                                                                        • Enhanced Docker reliability during upgrades.
                                                                                        • Optimized node time synchronization.
                                                                                        • Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.21.7-r0
                                                                                        
+
                                                                                        v1.21.7-r0
                                                                                        
 
                                                                                        v1.21.14
                                                                                        
+
                                                                                        v1.21.14
                                                                                        
 
                                                                                        • Fault detection and isolation are supported on GPU nodes.
                                                                                        • Security groups can be customized by cluster.
                                                                                        • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                        
+
                                                                                        • Fault detection and isolation are supported on GPU nodes.
                                                                                        • Security groups can be customized by cluster.
                                                                                        • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                        
 
                                                                                        Improved the stability of LoadBalancer Services/ingresses with a large number of connections.
                                                                                        
+
                                                                                        Improved the stability of LoadBalancer Services/ingresses with a large number of connections.
                                                                                        
 
                                                                                        Fixed some security issues and the following CVE vulnerabilities:
                                                                                        
+
                                                                                        Fixed some security issues and the following CVE vulnerabilities:
                                                                                        
 
                                                                                         		
 
                                                                                        v1.21.1-r0
                                                                                        
+
                                                                                        v1.21.1-r0
                                                                                        
 
                                                                                        v1.21.7
                                                                                        
+
                                                                                        v1.21.7
                                                                                        
 
                                                                                        CCE clusters of v1.21 are released for the first time. For more information, see Kubernetes 1.21 Release Notes.
                                                                                        
+
                                                                                        CCE clusters of v1.21 are released for the first time. For more information, see Kubernetes 1.21 Release Notes.
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
                                                                                         		
 
                                                                                        
                                                                                         
 
 
                                                                                        
-
+
+
+
+
+
-
diff --git a/docs/cce/umn/cce_10_0415.html b/docs/cce/umn/cce_10_0415.html
index a28e82bc8..21a69eead 100644
--- a/docs/cce/umn/cce_10_0415.html
+++ b/docs/cce/umn/cce_10_0415.html
@@ -2,17 +2,17 @@
 
 
                                                                                        Creating a Scheduled CronHPA Policy
                                                                                        There are predictable and unpredictable traffic peaks for some services. For such services, CCE CronHPA allows you to scale resources in fixed periods. It can work with HPA policies to periodically adjust the HPA scaling scope, implementing workload scaling.
                                                                                        
-
                                                                                        
+
                                                                                        
 
                                                                                        CronHPA can periodically adjust the maximum and minimum numbers of pods in the HPA policy or directly adjust the number of pods of a Deployment.
                                                                                        
-
                                                                                        Prerequisites
                                                                                        The add-on CCE Advanced HPA of v1.2.13 or later has been installed.
                                                                                        
+
                                                                                        Prerequisites
                                                                                        CCE Advanced HPA of v1.2.13 or later has been installed in the cluster.
                                                                                        
 
                                                                                        
 
                                                                                        Using CronHPA to Adjust the HPA Scaling Scope
                                                                                        CronHPA can periodically scale out/in pods in HPA policies to satisfy complex services.
                                                                                        
 
                                                                                        HPA and CronHPA associate scaling objects using the scaleTargetRef field. If a Deployment is the scaling object for both CronHPA and HPA, the two scaling policies are independent of each other. The operation performed later overwrites the operation performed earlier. As a result, the scaling effect does not meet the expectation.
                                                                                        
-
                                                                                        
+
                                                                                        
 
                                                                                        When CronHPA and HPA are used together, CronHPA rules take effect based on the HPA policy. CronHPA uses HPA to perform operations on the Deployment. Understanding the following parameters can better understand the working rules of the CronHPA.
                                                                                        
-
                                                                                        • targetReplicas: Number of pods set for CronHPA. When CronHPA takes effect, this parameter adjusts the maximum or minimum number of pods in HPA policies to adjust the number of Deployment pods.
                                                                                        • minReplicas: Minimum number of Deployment pods.
                                                                                        • maxReplicas: Maximum number of Deployment pods.
                                                                                        • replicas: Number of pods in a Deployment before the CronHPA policy takes effect.
                                                                                        
-
                                                                                        When the CronHPA rule takes effect, the maximum or minimum number of pods are adjusted by comparing the number of targetReplicas with the actual number of pods and combining the minimum or maximum number of pods in the HPA policy.
                                                                                        
-
                                                                                        Figure 1 CronHPA scaling scenarios
                                                                                        
+
                                                                                        • targetReplicas: number of pods set for CronHPA. When CronHPA takes effect, this parameter adjusts the maximum or minimum number of pods in HPA policies to adjust the number of Deployment pods.
                                                                                        • minReplicas: minimum number of Deployment pods.
                                                                                        • maxReplicas: maximum number of Deployment pods.
                                                                                        • replicas: number of pods in a Deployment before the CronHPA policy takes effect.
                                                                                        
+
                                                                                        When a CronHPA rule is triggered, the maximum or minimum number of pods is adjusted by comparing the targetReplicas value with the actual pod count, while also considering the HPA policy's minimum or maximum pod limits.
                                                                                        
+
                                                                                        Figure 1 CronHPA scaling scenarios
                                                                                        
 
                                                                                        Figure 1 shows possible scaling scenarios. The following examples detail how CronHPA modifies the number of pods in HPAs.
                                                                                        
 
 
                                                                                        Table 8 Release notes for the v1.19 patch
                                                                                        CCE Cluster Patch Version
                                                                                        
+
                                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -794,7 +897,7 @@
 
                                                                                        
 
                                                                                        
-
                                                                                        Parent topic: Cluster Overview
                                                                                        
+
                                                                                        Parent topic: Cluster Version Release Notes
                                                                                        
 
                                                                                        
 
                                                                                        
 
diff --git a/docs/cce/umn/cce_10_0406.html b/docs/cce/umn/cce_10_0406.html
index 980daf48d..bf676d4ea 100644
--- a/docs/cce/umn/cce_10_0406.html
+++ b/docs/cce/umn/cce_10_0406.html
@@ -1,8 +1,8 @@
 
                                                                                        Cloud Native Cluster Monitoring
                                                                                        
-
                                                                                        Introduction
                                                                                        Cloud Native Cluster Monitoring (kube-prometheus-stack) uses Prometheus-operator and Prometheus to provide easy-to-use, end-to-end Kubernetes cluster monitoring.
                                                                                        
-
                                                                                        Open source community: https://github.com/prometheus/prometheus
                                                                                        
+
                                                                                        Introduction
                                                                                        The Cloud Native Cluster Monitoring add-on (formerly kube-prometheus-stack) uses Prometheus-operator and Prometheus and provides easy-to-use, end-to-end Kubernetes cluster monitoring.
                                                                                        
+
                                                                                        Open-source community: https://github.com/prometheus/prometheus
                                                                                        
 
                                                                                        
 
                                                                                        Notes and Constraints
                                                                                        • By default, the kube-state-metrics component of the add-on does not collect labels and annotations of Kubernetes resources. To collect these labels and annotations, manually enable the collection function in the startup parameters and check whether the corresponding metrics are added to the collection trustlist of ServiceMonitor named kube-state-metrics. For details, see Collecting All Labels and Annotations of a Pod.
                                                                                        • In 3.8.0 and later versions, component metrics in the kube-system and monitoring namespaces are not collected by default. If you have workloads in the two namespaces, use Pod Monitor or Service Monitor to collect these metrics.
                                                                                        • In 3.8.0 and later versions, etcd-server, kube-controller, kube-scheduler, autoscaler, fluent-bit, volcano-agent, volcano-scheduler and otel-collector metrics are not collected by default. Enable the collection as required.
                                                                                          To enable this function, on the ConfigMaps and Secrets page, expand the dropdown list of Namespace, and select monitoring. Locate the row that contains the configuration item named persistent-user-config, and click Edit YAML in the operation column. Remove the serviceMonitorDisable or podMonitorDisable configuration in the customSettings field as required or set the configuration to an empty array.
                                                                                          
 
                                                                                          ...
@@ -16,19 +16,19 @@
 
                                                                                          • cap_dac_override: reads the Docker info data.
                                                                                          
 
                                                                                        
 
                                                                                        Installing the Add-on
                                                                                         
                                                                                        The Cloud Native Cluster Monitoring add-on automatically selects a deployment mode based on Data Storage Configuration. This is supported by Cloud Native Cluster Monitoring 3.7.1 or later.
                                                                                        
-
                                                                                        • Original agent mode: Disable Local data storage and enable at least one of Report Monitoring Data to AOM and Report Monitoring Data to a Third-Party Platform.
                                                                                        
-
                                                                                        • Original server mode: Enable Local data storage and Report Monitoring Data to AOM or Report Monitoring Data to a Third-Party Platform.
                                                                                        
+
                                                                                        • Original agent mode: Disable Local data storage and enable at least one of Report Monitoring Data to AOM and Report Monitoring Data to a Third-Party Platform.
                                                                                        
+
                                                                                        • Original server mode: Enable Local data storage and Report Monitoring Data to AOM or Report Monitoring Data to a Third-Party Platform.
                                                                                        
 
                                                                                        
-
                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate Cloud Native Cluster Monitoring on the right, and click Install.
                                                                                        2. On the Install Add-on page, enable at least one item in the Data Storage Configuration area.
                                                                                          • Reporting Monitoring Data to AOM: Report Prometheus data to AOM. After this function is enabled, you can select the corresponding AOM instance. The collected basic metrics are free of charge. Custom metrics are charged by AOM. To interconnect with AOM, you must have certain permissions. Only users in the admin user group can perform this operation.
                                                                                          • Reporting Monitoring Data to a Third-Party Platform: To report Prometheus data to a third-party monitoring system, you need to enter the address and token of the third-party monitoring system and determine whether to skip certificate authentication.
                                                                                          • Local data storage: Select the type and size of a disk for storing monitoring data to store Prometheus data in PVCs in the cluster. Storage volumes are not deleted along with the add-on. If local data storage is enabled, all components will be deployed. For details, see Components.
                                                                                             
                                                                                            An available PVC named pvc-prometheus-server exists in namespace monitoring and will be used as the storage source.
                                                                                            
+
                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate Cloud Native Cluster Monitoring on the right, and click Install.
                                                                                            2. On the Install Add-on page, enable at least one item in the Data Storage Configuration area.
                                                                                              • Reporting Monitoring Data to AOM: Report Prometheus data to AOM. After this function is enabled, you can select the corresponding AOM instance. The collected basic metrics are free of charge. Custom metrics are charged by AOM. To interconnect with AOM, you must have certain permissions. Only users in the admin user group can perform this operation.
                                                                                              • Reporting Monitoring Data to a Third-Party Monitoring Platform: To report Prometheus data to a third-party monitoring system, you need to enter the address and token of the third-party monitoring system and determine whether to skip certificate authentication.
                                                                                              • Local data storage: Select the type and size of a disk for storing monitoring data to store Prometheus data in PVCs in the cluster. Storage volumes are not deleted along with the add-on. If local data storage is enabled, all components will be deployed. For details, see Components.
                                                                                                 
                                                                                                An available PVC named pvc-prometheus-server-0 exists in namespace monitoring and will be used as the storage source.
                                                                                                
 
                                                                                                
 
                                                                                              
-
                                                                                            3. Configure the add-on specifications as needed.
                                                                                              • Add-on Specifications:
                                                                                                • If you selected Preset, the system will configure the number of pods and resource quotas for the add-on based on the preset specifications. You can see the configurations on the console.
                                                                                                • If you selected Custom, you can adjust the number of pods and resource quotas as needed. High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.
                                                                                                
-
                                                                                              • Prometheus HA: The Prometheus-server, Prometheus-operator, thanos-query, custom-metrics-apiserver, alertmanager, and kube-state-metrics components are deployed in multi-instance mode in the cluster.
                                                                                              • Number of collected shards (available after Local data storage is disabled): When there is a lot of Prometheus data, you can configure this parameter to spread the data across a specific number of Prometheus instances. This will help with storage and querying. Increasing the number of shards reduces the data volume carried by each shard. This can increase the upper limit of the metric collection throughput and cause more resources to be consumed. You are advised to increase shards when the cluster scale is large to improve the collection performance. In addition, you need to consider the impact of resource usage and optimize it based on specific scenarios.
                                                                                              
-
                                                                                            4. Configure the add-on parameters.
                                                                                              • Custom Metric Collection: Application metrics are automatically collected in the form of service discovery. After this function is enabled, you need to add related configurations to the target application. For details, see Monitoring Custom Metrics Using Cloud Native Cluster Monitoring.
                                                                                              • Collection Interval: Configure the collection interval.
                                                                                              • Data Retention (available only after Local data storage is enabled): Configure how long the monitoring data can be kept.
                                                                                              • node-exporter Listening Port: This port uses the host network to listen to and expose metrics on the node for Prometheus collection. The default port number is 9100, but it can be modified if there is a conflict with an existing port.
                                                                                              • Scheduling Policies: Support node affinity, taint, and tolerations. Multiple scheduling policies can be configured. If no affinity node label key or toleration node taint key is configured, this function is disabled by default.
                                                                                                • Range: You can select the add-on pods for which the scheduling policy takes effect. By default, the scheduling policy takes effect for all pods. If a pod is specified, the scheduling policies configured for all pods are overwritten.
                                                                                                • Affinity Node Label Key: Enter a node label key to set node affinity for the add-on pods.
                                                                                                • Affinity Node Label Value: Enter a node label value to set node affinity for the add-on pods.
                                                                                                • Toleration Node Taint Key: A component can be scheduled to a node that has the taint key you specified.
                                                                                                
+
                                                                                              • Configure the add-on specifications as needed.
                                                                                                • Add-on Specifications:
                                                                                                  • If you selected Preset, the system will configure the number of pods and resource quotas for the add-on based on the preset specifications. You can see the configurations on the console.
                                                                                                  • If you selected Custom, you can adjust the number of pods and resource quotas as needed. High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.
                                                                                                  
+
                                                                                                • Prometheus HA: The Prometheus-server, Prometheus-operator, thanos-query, custom-metrics-apiserver, alertmanager, and kube-state-metrics components are deployed in multi-instance mode in the cluster.
                                                                                                • Number of collected shards (available after Local data storage is disabled): When there is a lot of Prometheus data, you can configure this parameter to spread the data across a specific number of Prometheus instances. This will help with storage and querying. Increasing the number of shards reduces the data volume carried by each shard. This can increase the upper limit of the metric collection throughput and cause more resources to be consumed. By default, CCE automatically determines the number of shards based on the cluster scale. It is advised to allocate one shard for every 50 nodes. If you want to enhance collection performance by increasing the number of shards, carefully assess resource utilization and optimize based on your monitoring needs. To ensure system stability, keep the master node's memory usage below 50%.
                                                                                                
+
                                                                                              • Configure the add-on parameters.
                                                                                                • Custom Metric Collection: Application metrics are automatically collected in the form of service discovery. After this function is enabled, you need to add related configurations to the target application. For details, see Monitoring Custom Metrics Using Cloud Native Cluster Monitoring.
                                                                                                • Collection Interval: Configure the collection interval.
                                                                                                • Data Retention (available only after Local data storage is enabled): Configure how long the monitoring data can be kept.
                                                                                                • node-exporter Listening Port: This port uses the host network to listen to and expose metrics on the node for Prometheus collection. The default port number is 9100, but it can be modified if there is a conflict with an existing port.
                                                                                                • Scheduling Policies: Support node affinity, taint, and tolerations. Multiple scheduling policies can be configured. If no affinity node label key or toleration node taint key is configured, this function is disabled by default.
                                                                                                  • Range: You can select the add-on pods for which the scheduling policy takes effect. By default, the scheduling policy takes effect for all pods. If a pod is specified, the scheduling policies configured for all pods are overwritten.
                                                                                                  • Affinity Node Label Key: Enter a node label key to set node affinity for the add-on pods.
                                                                                                  • Affinity Node Label Value: Enter a node label value to set node affinity for the add-on pods.
                                                                                                  • Toleration Node Taint Key: A component can be scheduled to a node that has the taint key you specified.
                                                                                                  
 
                                                                                                
 
                                                                                              • Click Install.
                                                                                                After the add-on is installed, you may need to perform the following operations:
                                                                                                
 
                                                                                                • To use custom metrics to create an auto scaling policy, ensure that local data storage is enabled for the add-on and then take the following steps:
                                                                                                  1. Collect custom metrics reported by applications to Prometheus. For details, see Monitoring Custom Metrics Using Cloud Native Cluster Monitoring.
                                                                                                  2. Aggregate these custom metrics collected by Prometheus to the API server for the HPA policy to use. For details, see Creating an HPA Policy Using Custom Metrics.
                                                                                                  
-
                                                                                                • To provide system resource metrics (such as CPU and memory usage) for workload auto scaling using this add-on, ensure that local data storage is enabled for the add-on and then enable the Metrics API. For details, see Providing Resource Metrics Through the Metrics API. After the configuration, you can use Prometheus to collect system resource metrics. (This operation is not recommended because it may conflict with the Kubernetes Metric Server add-on.)
                                                                                                
+
                                                                                              • To provide system resource metrics (such as CPU and memory usage) for workload auto scaling using this add-on, ensure that local data storage is enabled for the add-on and then enable the Metrics API. For details, see Providing Basic Resource Metrics Through the Metrics API. After the configuration, you can use Prometheus to collect system resource metrics. (This operation is not recommended because it may conflict with the Kubernetes Metric Server add-on.)
                                                                                              
 
                                                                                            
 
                                                                                            
 
                                                                                            Components
                                                                                            All Kubernetes resources created during Cloud Native Cluster Monitoring add-on installation are created in the namespace named monitoring.
                                                                                            
@@ -137,7 +137,7 @@
 
                                                                                        Table 9 Release notes for the v1.19 patch
                                                                                        CCE Cluster Patch Version
                                                                                        
 
                                                                                        Kubernetes Version
                                                                                        
+
                                                                                        Kubernetes Version
                                                                                        
 
                                                                                        Feature Updates
                                                                                        
+
                                                                                        Feature Updates
                                                                                        
 
                                                                                        Optimization
                                                                                        
+
                                                                                        Optimization
                                                                                        
 
                                                                                        Vulnerability Fixing
                                                                                        
+
                                                                                        Vulnerability Fixing
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        1.19.16-r84
                                                                                        
+
                                                                                        1.19.16-r84
                                                                                        
 
                                                                                        v1.19.16
                                                                                        
+
                                                                                        v1.19.16
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed CVE-2024-21626 issues.
                                                                                        
+
                                                                                        Fixed CVE-2024-21626 issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.19.16-r60
                                                                                        
+
                                                                                        v1.19.16-r60
                                                                                        
 
                                                                                        v1.19.16
                                                                                        
+
                                                                                        v1.19.16
                                                                                        
 
                                                                                        • Volcano supports node pool affinity scheduling. 
                                                                                        • Volcano supports workload rescheduling. 
                                                                                        
+
                                                                                        • Volcano supports node pool affinity scheduling. 
                                                                                        • Volcano supports workload rescheduling. 
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.19.16-r50
                                                                                        
+
                                                                                        v1.19.16-r50
                                                                                        
 
                                                                                        v1.19.16
                                                                                        
+
                                                                                        v1.19.16
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Optimized the events generated during node pool scaling.
                                                                                        
+
                                                                                        Optimized the events generated during node pool scaling.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.19.16-r40
                                                                                        
+
                                                                                        v1.19.16-r40
                                                                                        
 
                                                                                        v1.19.16
                                                                                        
+
                                                                                        v1.19.16
                                                                                        
 
                                                                                        • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                        • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                        
+
                                                                                        • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.19.16-r30
                                                                                        
+
                                                                                        v1.19.16-r30
                                                                                        
 
                                                                                        v1.19.16
                                                                                        
+
                                                                                        v1.19.16
                                                                                        
 
                                                                                        The timeout interval can be configured for a load balancer. 
                                                                                        
+
                                                                                        The timeout interval can be configured for a load balancer. 
                                                                                        
 
                                                                                        High-frequency parameters of kube-apiserver are configurable.
                                                                                        
+
                                                                                        High-frequency parameters of kube-apiserver are configurable.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.19.16-r20
                                                                                        
+
                                                                                        v1.19.16-r20
                                                                                        
 
                                                                                        v1.19.16
                                                                                        
+
                                                                                        v1.19.16
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        • Cloud Native 2.0 Networks allow you to specify subnets for a namespace.
                                                                                        • Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.
                                                                                        • Optimized the performance of CCE Turbo clusters in allocating ENIs if not all ENIs are pre-bound.
                                                                                        
+
                                                                                        • Cloud Native Network 2.0 allows you to specify subnets for a namespace.
                                                                                        • Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.
                                                                                        • Optimized the performance of CCE Turbo clusters in allocating ENIs if not all ENIs are pre-bound.
                                                                                        
 
                                                                                        Fixed some security issues.
                                                                                        
+
                                                                                        Fixed some security issues.
                                                                                        
                                                                                         		
 
                                                                                        v1.19.16-r4
                                                                                        
+
                                                                                        v1.19.16-r4
                                                                                        
 
                                                                                        v1.19.16
                                                                                        
+
                                                                                        v1.19.16
                                                                                        
 
                                                                                        • Fault detection and isolation are supported on GPU nodes.
                                                                                        • Security groups can be customized by cluster.
                                                                                        • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                        
+
                                                                                        • Fault detection and isolation are supported on GPU nodes.
                                                                                        • Security groups can be customized by cluster.
                                                                                        • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                        
 
                                                                                        • Scheduling is optimized on taint nodes.
                                                                                        • Enhanced the long-term running stability of containerd when cores are bound.
                                                                                        • Improved the stability of LoadBalancer Services/ingresses with a large number of connections.
                                                                                        • Optimized the memory usage of kube-apiserver when CRDs are frequently updated.
                                                                                        
+
                                                                                        • Scheduling is optimized on taint nodes.
                                                                                        • Enhanced the long-term running stability of containerd when cores are bound.
                                                                                        • Improved the stability of LoadBalancer Services/ingresses with a large number of connections.
                                                                                        • Optimized the memory usage of kube-apiserver when CRDs are frequently updated.
                                                                                        
 
                                                                                        Fixed some security issues and the following CVE vulnerabilities:
                                                                                        
+
                                                                                        Fixed some security issues and the following CVE vulnerabilities:
                                                                                        
 
                                                                                         		
 
                                                                                        v1.19.16-r0
                                                                                        
+
                                                                                        v1.19.16-r0
                                                                                        
 
                                                                                        v1.19.16
                                                                                        
+
                                                                                        v1.19.16
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        Enhanced the stability in updating LoadBalancer Services when workloads are upgraded and nodes are scaled in or out.
                                                                                        
+
                                                                                        Enhanced the stability in updating LoadBalancer Services when workloads are upgraded and nodes are scaled in or out.
                                                                                        
 
                                                                                        Fixed some security issues and the following CVE vulnerabilities:
                                                                                        
+
                                                                                        Fixed some security issues and the following CVE vulnerabilities:
                                                                                        
 
                                                                                         		
 
                                                                                        v1.19.10-r0
                                                                                        
+
                                                                                        v1.19.10-r0
                                                                                        
 
                                                                                        v1.19.10
                                                                                        
+
                                                                                        v1.19.10
                                                                                        
 
                                                                                        CCE clusters of v1.19 are released for the first time. For more information, see Kubernetes 1.19 Release Notes.
                                                                                        
+
                                                                                        CCE clusters of v1.19 are released for the first time. For more information, see Kubernetes 1.19 Release Notes.
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
 
                                                                                        None
                                                                                        
+
                                                                                        None
                                                                                        
                                                                                         		
 
                                                                                        
                                                                                         
 
 
 
                                                                                        
 
                                                                                        
 
-
                                                                                        Providing Resource Metrics Through the Metrics API
                                                                                         
                                                                                        Resource metrics can only be provided through Metrics API if local data storage is enabled for the Cloud Native Cluster Monitoring add-on.
                                                                                        
+
                                                                                        Providing Basic Resource Metrics Through the Metrics API
                                                                                         
                                                                                        If local data storage is enabled for the Cloud Native Cluster Monitoring add-on, basic resource metrics can only be provided through Metrics API.
                                                                                        
 
                                                                                        
 
                                                                                        Resource metrics of containers and nodes, such as CPU and memory usage, can be obtained through the Kubernetes Metrics API. Resource metrics can be directly accessed, for example, by using the kubectl top command, or used by HPA or CustomedHPA policies for auto scaling.
                                                                                        
 
                                                                                        The add-on can provide the Kubernetes Metrics API that is disabled by default. To enable the Metrics API, create the following APIService object:
                                                                                        
@@ -161,8 +161,7 @@ spec:
 
                                                                                        You can save the object as a file, name it metrics-apiservice.yaml, and run the following command:
                                                                                        
 
                                                                                        kubectl create -f metrics-apiservice.yaml
                                                                                        
 
                                                                                        Run the kubectl top pod -n monitoring command. If information similar to the following is displayed, the Metrics API can be accessed:
                                                                                        
-
                                                                                        # kubectl top pod -n monitoring
-NAME                                                      CPU(cores)   MEMORY(bytes)
+
                                                                                        NAME                                                      CPU(cores)   MEMORY(bytes)
 ......
 custom-metrics-apiserver-d4f556ff9-l2j2m                  38m          44Mi
 ......
                                                                                        
@@ -174,7 +173,8 @@ custom-metrics-apiserver-d4f556ff9-l2j2m                  38m          44Mi
 
                                                                                         
                                                                                        To use Prometheus to monitor custom metrics, the application needs to provide a metric monitoring API. For details, see Prometheus Monitoring Data Collection.
                                                                                        
 
                                                                                        
 
                                                                                        In this section, the nginx metric (nginx_connections_accepted) in Monitoring Custom Metrics Using Cloud Native Cluster Monitoring is used as an example.
                                                                                        
-
                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose ConfigMaps and Secrets.
                                                                                        2. Click the ConfigMaps tab, select the monitoring namespace, locate the row containing user-adapter-config (or adapter-config), and click Update.
                                                                                        3. In Data, click Edit for the config.yaml file to add a custom metric collection rule under the rules field. Click OK.
                                                                                          You can add multiple collection rules by adding multiple configurations under the rules field. For details, see Metrics Discovery and Presentation Configuration.
                                                                                          
+
                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose ConfigMaps and Secrets.
                                                                                          2. Click the ConfigMaps tab, select the monitoring namespace, locate the row containing user-adapter-config (or adapter-config), and click Update.
                                                                                            
+
                                                                                          3. In Data, click Edit for the config.yaml file to add a custom metric collection rule under the rules field. Click OK.
                                                                                            You can add multiple collection rules by adding multiple configurations under the rules field. For details, see Metrics Discovery and Presentation Configuration.
                                                                                            
 
                                                                                            Example custom metric rule:
                                                                                            rules:
 # Match the metric whose name is nginx_connections_accepted. The metric name must be confirmed. Otherwise, the HPA controller cannot get the metric.
 - seriesQuery: '{__name__=~"nginx_connections_accepted",container!="POD",namespace!="",pod!=""}'
@@ -193,6 +193,7 @@ custom-metrics-apiserver-d4f556ff9-l2j2m                  38m          44Mi
     # Calculate rate(nginx_connections_accepted[2m]) to specify the number of requests received per second.
   metricsQuery: 'rate(<<.Series>>{<<.LabelMatchers>>,container!="POD"}[2m])'
                                                                                            
 
                                                                                            
+
                                                                                            
 
                                                                                          4. Redeploy the custom-metrics-apiserver workload in the monitoring namespace.
                                                                                          5. In the navigation pane, choose Workloads. Locate the workload for which you want to create an HPA policy and choose More > Auto Scaling. In the Custom Policy area, you can select the preceding parameters to create an auto scaling policy.
                                                                                          
 
                                                                                        
 
                                                                                        Collecting All Labels and Annotations of a Pod
                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Workloads.
                                                                                        2. Switch to the monitoring namespace, click the Deployments tab, and click the name of the kube-state-metrics workload. On the page displayed, click the Containers tab and click Edit on the right.
                                                                                        3. In the Lifecycle area of the container settings, edit the startup command.
                                                                                          To collect labels, add the following information to the end of the original kube-state-metrics startup parameter:
                                                                                          --metric-labels-allowlist=pods=[*],nodes=[node,failure-domain.beta.kubernetes.io/zone,topology.kubernetes.io/zone]
                                                                                          
@@ -201,7 +202,7 @@ custom-metrics-apiserver-d4f556ff9-l2j2m                  38m          44Mi
 
                                                                                          
 
                                                                                           
                                                                                          When editing the startup command, do not modify other original startup parameters. Otherwise, the component may be abnormal.
                                                                                          
 
                                                                                          
-
                                                                                        4. kube-state-metrics starts to collect the labels/annotations of pods and nodes and checks whether kube_pod_labels/kube_pod_annotations is in the collection task of CloudScope.
                                                                                          kubectl get servicemonitor kube-state-metrics -nmonitoring -oyaml | grep kube_pod_labels
                                                                                          
+
                                                                                        5. kube-state-metrics starts to collect the labels/annotations of pods and nodes and checks whether kube_pod_labels/kube_pod_annotations is in the collection task of Prometheus.
                                                                                          kubectl get servicemonitor kube-state-metrics -nmonitoring -oyaml | grep kube_pod_labels
                                                                                          
 
                                                                                        
 
                                                                                        For more kube-state-metrics startup parameters, see kube-state-metrics/cli-arguments.
                                                                                        
 
                                                                                        
@@ -216,7 +217,23 @@ custom-metrics-apiserver-d4f556ff9-l2j2m                  38m          44Mi
 
                                                                                        		
 
                                                                                        
 
                                                                                        3.11.0
                                                                                        
+
                                                                                        3.12.0
                                                                                        
+
                                                                                        v1.21
                                                                                        
+
                                                                                        v1.23
                                                                                        
+
                                                                                        v1.25
                                                                                        
+
                                                                                        v1.27
                                                                                        
+
                                                                                        v1.28
                                                                                        
+
                                                                                        v1.29
                                                                                        
+
                                                                                        v1.30
                                                                                        
+
                                                                                        v1.31
                                                                                        
+
                                                                                        • CCE clusters v1.31 are supported.
                                                                                        • Upgraded Prometheus.
                                                                                        
+
                                                                                        2.53.2
                                                                                        
+
                                                                                        3.11.0
                                                                                        
                                                                                         		
 
                                                                                        v1.21
                                                                                        
 
                                                                                        v1.23
                                                                                        
@@ -226,7 +243,7 @@ custom-metrics-apiserver-d4f556ff9-l2j2m                  38m          44Mi
 
                                                                                        v1.29
                                                                                        
 
                                                                                        v1.30
                                                                                        
 
                                                                                        CCE clusters 1.30 are supported.
                                                                                        
+
                                                                                        CCE clusters v1.30 are supported.
                                                                                        
                                                                                         		
 
                                                                                        2.37.8
                                                                                        
                                                                                         		
 
                                                                                        
-
@@ -90,7 +90,7 @@
 
-
@@ -124,7 +124,7 @@
 
-
@@ -212,7 +212,7 @@
 
                                                                                        Table 1 CronHPA scaling parameters
                                                                                        Scenario
                                                                                        
@@ -73,7 +73,7 @@
 
                                                                                        
 
                                                                                        3
                                                                                        
 
                                                                                        minReplicas < targetReplicas < replicas ≤ maxReplicas
                                                                                        
+
                                                                                        minReplicas < targetReplicas < replicas ≤ maxReplicas
                                                                                        
                                                                                         		
 
                                                                                        4
                                                                                        
 
                                                                                        
 
                                                                                        4
                                                                                        
 
                                                                                        minReplicas < targetReplicas = replicas < maxReplicas
                                                                                        
+
                                                                                        minReplicas < targetReplicas = replicas < maxReplicas
                                                                                        
                                                                                         		
 
                                                                                        5
                                                                                        
 
                                                                                        
 
                                                                                        6
                                                                                        
 
                                                                                        minReplicas ≤ replicas < targetReplicas = maxReplicas
                                                                                        
+
                                                                                        minReplicas ≤ replicas < targetReplicas = maxReplicas
                                                                                        
                                                                                         		
 
                                                                                        10
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        
-
                                                                                      • Click  in the CronHPA policy rule. In the dialog box displayed, configure scaling policy parameters.
                                                                                        
+
                                                                                      • Click  in the CronHPA policy rule. In the dialog box displayed, configure scaling policy parameters.
                                                                                        
 
                                                                                        Table 3 CronHPA policy parameters
                                                                                        Parameter
                                                                                        
                                                                                         		
 
                                                                                        Description
                                                                                        
@@ -239,7 +239,7 @@
 
 
                                                                                        
 
                                                                                        
-
                                                                                      • After configuring the preceding parameters, click OK. Then, the added policy rule is displayed in the rule list. Repeat the preceding steps to add multiple policy rules, but the triggering time of the policies must be different.
                                                                                      • Click Create.
                                                                                        • 
+
                                                                                      • After configuring the preceding parameters, click OK. Then, the added policy rule is displayed in the rule list. Repeat the preceding steps to add a maximum of 10 policy rules, but the triggering time of these policies must be different.
                                                                                      • Click Create.
                                                                                        • 
 
                                                                                        Using kubectl
                                                                                        
 
                                                                                        When the CronHPA is compatible with the HPA policy, the scaleTargetRef field in CronHPA must be set to the HPA policy, and the scaleTargetRef field in the HPA policy must be set to Deployment. In this way, CronHPA adjusts the maximum and minimum numbers of pods in the HPA policy at a fixed time and the scheduled scaling is compatible with the auto scaling.
                                                                                        
 
                                                                                        1. Create an HPA policy for the Deployment.
                                                                                          apiVersion: autoscaling/v1
@@ -324,7 +324,7 @@ spec:
 
                                                                                          Using CronHPA to Directly Adjust the Number of Deployment Pods
                                                                                          CronHPA adjusts associated Deployments separately to periodically adjust the number of Deployment pods. The method is as follows:
                                                                                          
 
                                                                                          Using the CCE console
                                                                                          
 
                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                          2. Choose Workloads in the navigation pane. Locate the target workload and choose More > Auto Scaling in the Operation column.
                                                                                          3. Set Policy Type to HPA+CronHPA, disable HPA, and enable CronHPA.
                                                                                            CronHPA periodically adjusts the number of workload pods.
                                                                                            
-
                                                                                          4. Click  in the CronHPA policy rule. In the dialog box displayed, configure scaling policy parameters.
                                                                                            
+
                                                                                          5. Click  in the CronHPA policy rule. In the dialog box displayed, configure scaling policy parameters.
                                                                                            
 
                                                                                            
@@ -135,7 +135,7 @@
 
                                                                                            Figure 1 shows the scheduling of a pod after a topology policy is configured.
                                                                                            • When 9 CPU cores are requested by a pod and the best-effort topology policy is used, Volcano selects node 1 whose topology policy is also best-effort, and this policy allows the pod to be scheduled to multiple NUMA nodes. Therefore, the requested 9 CPU cores will be allocated to two NUMA nodes, and the pod can be scheduled to node 1.
                                                                                            • When 11 CPU cores are requested by a pod and the restricted topology policy is used, Volcano selects nodes 2 and 3 whose topology policy is also restricted, and each node provides at least 11 CPU cores. However, the remaining CPU cores on node 2 or 3 are less than the requested. Therefore, the pod cannot be scheduled.
                                                                                            • When 17 CPU cores are requested by a pod and the restricted topology policy is used, Volcano selects nodes 2 and 3 whose topology policy is also restricted, this policy allows the pod to be scheduled to multiple NUMA nodes, and the upper CPU limit of both the nodes is less than 17. Then, the pod can be scheduled to node 3.
                                                                                            • When 17 CPU cores are requested by a pod and the single-numa-node topology policy is used, Volcano selects nodes whose topology policy is also single-numa-node. However, no node can provide a total of 17 CPU cores. Therefore, the pod cannot be scheduled.
                                                                                            
-
                                                                                            Figure 1 Comparison of NUMA scheduling policies
                                                                                            
+
                                                                                            Figure 1 Comparison of NUMA scheduling policies
                                                                                            Scheduling Priority
                                                                                            A topology policy aims to schedule pods to the optimal node. In this example, each node is scored to sort out the optimal node.
                                                                                            
 
                                                                                            Principle: Schedule pods to the worker nodes that require the fewest NUMA nodes.
                                                                                            
@@ -156,7 +156,7 @@
 
 
                                                                                          6. Enable the numa-aware add-on and the resource_exporter function.
                                                                                            Volcano 1.7.1 or later
                                                                                            
 
                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate Volcano Scheduler on the right, and click Edit.
                                                                                            2. In the Extended Functions area, enable NUMA Topology Scheduling and click OK.
                                                                                            
-
                                                                                            Volcano earlier than 1.7.1
                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Settings and click the Scheduling tab. In the Select Cluster Scheduler area, select Volcano scheduler, find the expert mode, and click Try Now.
                                                                                              
+
                                                                                              Volcano earlier than 1.7.1
                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Settings and click the Scheduling tab. Select Volcano scheduler, find the expert mode, and click Try Now.
                                                                                                
 
                                                                                              2. Enable resource_exporter_enable to collect node NUMA information. The following is an example in JSON format:
                                                                                                {
    "plugins": {
       "eas_service": {
diff --git a/docs/cce/umn/cce_10_0426.html b/docs/cce/umn/cce_10_0426.html
index 7de6cd49a..d151a9b13 100644
--- a/docs/cce/umn/cce_10_0426.html
+++ b/docs/cce/umn/cce_10_0426.html
@@ -5,7 +5,7 @@
 
                                                                                              
 
                                                                                              Notes and Constraints
                                                                                              • Do not add more than 1000 pods to the same security group. Otherwise, the security group performance may be impacted. 
                                                                                              • Exercise caution when modifying the security group rules of a master node. 
                                                                                              
 
                                                                                              
-
                                                                                              Procedure
                                                                                              1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                              2. Click the cluster name to access the Overview page.
                                                                                              3. In the Networking Configuration area, click Edit next to the Default Node Security Group.
                                                                                              4. Select an existing security group, confirm that the security group rules meet the cluster requirements, and click OK.
                                                                                                 
                                                                                                • Ensure that correct port rules are configured for the selected security group. Otherwise, the node cannot be created. The port rules that a security group must comply with vary with the cluster type.
                                                                                                • The new security group takes effect only for newly created or managed nodes. For existing nodes, modify the security group rules and reset the nodes in real time. The original security group is still used. 
                                                                                                
+
                                                                                                Procedure
                                                                                                1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                2. Click the cluster name to access the Overview page.
                                                                                                3. In the Networking Configuration area, click Edit next to the Default Node Security Group.
                                                                                                4. Select an existing security group, confirm that the security group rules meet the cluster requirements, and click OK.
                                                                                                   
                                                                                                  • Ensure that correct port rules are configured for the selected security group. Otherwise, the node cannot be created. The port rules that a security group must comply with vary with the cluster type. 
                                                                                                  • The new security group takes effect only for newly created or managed nodes. For existing nodes, modify the security group rules and reset the nodes in real time. The original security group is still used. 
                                                                                                  
 
                                                                                                  
 
                                                                                                
 
                                                                                                
diff --git a/docs/cce/umn/cce_10_0430.html b/docs/cce/umn/cce_10_0430.html
index 91051ac3d..e877f7b26 100644
--- a/docs/cce/umn/cce_10_0430.html
+++ b/docs/cce/umn/cce_10_0430.html
@@ -1,61 +1,61 @@
 
 
-
                                                                                                Basic Cluster Information
                                                                                                
-
                                                                                                Kubernetes is an open source container orchestration engine for automating deployment, scaling, and management of containerized applications.
                                                                                                
-
                                                                                                For developers, Kubernetes is a cluster operating system. Kubernetes provides service discovery, scaling, load balancing, self-healing, and even leader election, freeing developers from infrastructure-related configurations.
                                                                                                
+
                                                                                                Cluster Overview
                                                                                                
+
                                                                                                Cloud Container Engine (CCE) is a Kubernetes cluster hosting service for enterprises. It manages the entire lifecycle of containerized applications and delivers scalable, high-performance solutions for deploying and managing cloud native applications.
                                                                                                
 
                                                                                                Cluster Network
                                                                                                A cluster network can be divided into three network types:
                                                                                                
 
                                                                                                • Node network: IP addresses are assigned to nodes in a cluster.
                                                                                                • Container network: IP addresses are assigned to containers in a cluster for communication. Currently, multiple container network models are supported, and each model has its own working mechanism.
                                                                                                • Service network: A Service is a Kubernetes object used to access containers. Each Service has a static IP address.
                                                                                                
 
                                                                                                When you create a cluster, select a proper CIDR block for each network. Ensure that the CIDR blocks do not conflict with each other and have sufficient available IP addresses. You cannot change the container network model after the cluster is created. Plan the container network model properly in advance.
                                                                                                
 
                                                                                                You are advised to learn about the cluster network and container network models before creating a cluster. For details, see Container Network.
                                                                                                
 
                                                                                                
-
                                                                                                Master Nodes and Cluster Scale
                                                                                                When you create a cluster on CCE, you can have one or three master nodes. Three master nodes will be deployed in a cluster for HA.
                                                                                                
-
                                                                                                The master node specifications decide the number of nodes that can be managed by a cluster. You can select the cluster management scale, for example, 50 or 200 nodes.
                                                                                                
+
                                                                                                Number of Master Nodes in a Cluster and Cluster Scale
                                                                                                In a CCE cluster, the number of master nodes does not determine the cluster scale. These are two different aspects of the cluster.
                                                                                                
+
                                                                                                • Master nodes: When creating a cluster on CCE, you have the option to choose one or three master nodes. If you choose three master nodes, the cluster will have high availability.
                                                                                                • Cluster scale: refers to the maximum number of worker nodes that can be managed by a cluster. For example, you can choose a cluster management scale of 50 or 200 nodes when creating the cluster. The flavors of the master nodes are influenced by the cluster scale. Higher cluster scales require higher flavors of the master nodes.
                                                                                                  It is possible to change the cluster scale after creating the cluster. However, you can only increase the scale and cannot decrease it. For details, see Changing a Cluster Scale.
                                                                                                  
+
                                                                                                
 
                                                                                                
 
                                                                                                Cluster Lifecycle
                                                                                                
-
                                                                                            7. Table 5 CronHPA policy parameters
                                                                                            Parameter
                                                                                            
                                                                                             		
 
                                                                                            Description
                                                                                            
diff --git a/docs/cce/umn/cce_10_0416.html b/docs/cce/umn/cce_10_0416.html
new file mode 100644
index 000000000..dd56fc9a6
--- /dev/null
+++ b/docs/cce/umn/cce_10_0416.html
@@ -0,0 +1,246 @@
+
+
+
                                                                                            Cloud Native Log Collection
                                                                                            
+
                                                                                            Introduction
                                                                                            The Cloud Native Log Collection add-on (formerly log-agent) is developed based on Fluent Bit and OpenTelemetry for collecting logs and Kubernetes events. This add-on supports CRD-based log collection policies. It collects and forwards standard output logs, container file logs, node logs, and Kubernetes event logs in a cluster based on configured policies. It also reports Kubernetes events to AOM for configuring event alarms. By default, all abnormal events and some normal events are reported.
                                                                                            
+
                                                                                             
                                                                                            In 1.3.2 and later versions, Cloud Native Log Collection reports all warning events and some normal events to AOM by default. The reported events can be used to configure alarms. If the cluster version is 1.19.16, 1.21.11, 1.23.9, 1.25.4, or later, after Cloud Native Log Collection is installed, events are reported to AOM by this add-on instead of the control plane component. After Cloud Native Log Collection is uninstalled, events will not be reported to AOM.
                                                                                            
+
                                                                                            
+
                                                                                            
+
                                                                                            Log Collection Reliability
                                                                                            The log system's main purpose is to record all stages of data for service components, including startup, initialization, exit, runtime details, and exceptions. It is primarily employed in O&M scenarios for tasks like checking component status and analyzing fault causes.
                                                                                            
+
                                                                                            Standard streams (stdout and stderr) and local log files use non-persistent storage. However, data integrity may be compromised due to the following risks:
                                                                                            
+
                                                                                            • Log rotation and compression potentially deleting old files
                                                                                            • Temporary storage volumes being cleared when Kubernetes pods end
                                                                                            • Automatic OS cleanup triggered by limited node storage space
                                                                                            
+
                                                                                            While the Cloud Native Log Collection add-on employs techniques like multi-level buffering, priority queues, and resumable uploads to enhance log collection reliability, logs could still be lost in the following situations:
                                                                                            
+
                                                                                            • The service log throughput surpasses the collector's processing capacity.
                                                                                            • The service pod is abruptly terminated and reclaimed by CCE.
                                                                                            • The log collector pod experiences exceptions.
                                                                                            
+
                                                                                            The following lists some recommended best practices for cloud native log management. You can review and implement them thoughtfully.
                                                                                            
+
                                                                                            • Use dedicated, high-reliable streams to record critical service data (for example, financial transactions) and store the data in persistent storage.
                                                                                            • Avoid storing sensitive information like customer details, payment credentials, and session tokens in logs.
                                                                                            
+
                                                                                            
+
                                                                                            Notes and Constraints
                                                                                            This add-on is available only in clusters v1.17 or later.
                                                                                            
+
                                                                                            
+
                                                                                            Add-on Performance
                                                                                            
+
                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                            Item
                                                                                            
+
                                                                                            Description
                                                                                            
+
                                                                                            Remarks
                                                                                            
+
                                                                                            Size of a log
                                                                                            
+
                                                                                            Each individual log must not exceed 512 KB in size. In the case of multi-line logs, the length of each line will be calculated separately.
                                                                                            
+
                                                                                            None
                                                                                            
+
                                                                                            Maximum number of collected files
                                                                                            
+
                                                                                            On a single node, the total number of files that can be listened by all log collection rules is limited to 4,095.
                                                                                            
+
                                                                                            None
                                                                                            
+
                                                                                            Log collection rate
                                                                                            
+
                                                                                            • If the add-on version is earlier than 1.5.0, in each cluster, no more than 10,000 single-line logs can be collected per second, and no more than 2000 multi-line logs can be collected per second.
                                                                                            • If the add-on version is 1.5.0 or later, on each node, no more than 20,000 logs or 10 MB of logs can be collected per second.
                                                                                            
+
                                                                                            Service quality cannot be ensured if any of these limits is exceeded.
                                                                                            
+
                                                                                            Configuration update
                                                                                            
+
                                                                                            Configuration updates take effect in 1 to 3 minutes.
                                                                                            
+
                                                                                            None
                                                                                            
+
                                                                                            
+
                                                                                            
+
                                                                                            
+
                                                                                            Permissions
                                                                                            The fluent-bit component of the add-on reads and collects the stdout logs on each node, file logs in pods, and node logs based on the collection configuration.
                                                                                            
+
                                                                                            The following permissions are required for running the fluent-bit component:
                                                                                            
+
                                                                                            • CAP_DAC_OVERRIDE: ignores the discretionary access control (DAC) restrictions on files.
                                                                                            • CAP_FOWNER: ignores the restrictions that the file owner ID must match the process user ID.
                                                                                            • DAC_READ_SEARCH: ignores the DAC restrictions on file reading and catalog research.
                                                                                            • SYS_PTRACE: allows all processes to be traced.
                                                                                            
+
                                                                                            
+
                                                                                            Installing the Add-on
                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate Cloud Native Log Collection on the right, and click Install.
                                                                                            2. On the Install Add-on page, configure the specifications as needed.
                                                                                              • If you selected Preset, you can choose between Small or Large depending on the number of logs on nodes. The system will automatically set the number of add-on pods and resource quotas according to the preset specifications. You can see the configurations on the console.
                                                                                                You can select the Small option for clusters where the logs of a single node are less than 5000/s or 5 MB/s, and select the Large option for clusters where the logs on a single node are less than 10000/s or 10 MB/s.
                                                                                                
+
                                                                                              • If you selected Custom, you can adjust the number of pods and resource quotas as needed. High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.
                                                                                              
+
                                                                                            3. Configure add-on parameters, which is supported by the add-on of v1.6.1 or later. For details, see Tail.
                                                                                              
+
                                                                                              
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                              Parameter
                                                                                              
+
                                                                                              Description
                                                                                              
+
                                                                                              Default Value
                                                                                              
+
                                                                                              Large Specification
                                                                                              
+
                                                                                              Other Specification
                                                                                              
+
                                                                                              Initial Buffer Size (Buffer_Chunk_Size)
                                                                                              
+
                                                                                              The size of the initial buffer used to read files.
                                                                                              
+
                                                                                              256k
                                                                                              
+
                                                                                              128k
                                                                                              
+
                                                                                              Maximum Buffer Size (Buffer_Max_Size)
                                                                                              
+
                                                                                              Limit on the buffer size for each monitored file. When a buffer is added, the number of memory buffers that can be added is restricted by this value. If the limit is exceeded, the file will be removed from the monitored file list.
                                                                                              
+
                                                                                              1024k
                                                                                              
+
                                                                                              512k
                                                                                              
+
                                                                                              Memory Buffer Limit (Mem_Buf_Limit)
                                                                                              
+
                                                                                              Memory limit when data is appended to the engine. When the limit is reached, the add-on will temporarily stop reading log file data. The reading will resume after the data is refreshed.
                                                                                              
+
                                                                                              300mb
                                                                                              
+
                                                                                              40mb
                                                                                              
+
                                                                                              
+
                                                                                              
+
                                                                                               
                                                                                              The unit can be case-insensitive k, kb, m, mb, g or gb. If no unit is specified, the default unit of byte will be used.
                                                                                              
+
                                                                                              
+
                                                                                            4. Configure deployment policies for the add-on pods.
                                                                                               
                                                                                              Scheduling policies do not take effect on add-on pods of the DaemonSet type.
                                                                                              
+
                                                                                              
+
+
                                                                                              
+
+
+
+
+
+
+
+
                                                                                              Table 1 Configurations for add-on scheduling
                                                                                              Parameter
                                                                                              
+
                                                                                              Description
                                                                                              
+
                                                                                              Multi-AZ Deployment
                                                                                              
+
                                                                                              • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                                                                              • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                                                                                              
+
                                                                                              
+
                                                                                              
+
                                                                                            5. Click Install.
                                                                                            
+
                                                                                            
+
                                                                                            Components
                                                                                            
+
                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                            Table 2 Add-on components
                                                                                            Component
                                                                                            
+
                                                                                            Description
                                                                                            
+
                                                                                            Resource Type
                                                                                            
+
                                                                                            fluent-bit
                                                                                            
+
                                                                                            Lightweight log collector and forwarder deployed on each node to collect logs In 1.5.0 and later versions, logs are directly reported to LTS. In versions earlier than 1.5.0, logs are reported to otel-collector.
                                                                                            
+
                                                                                            DaemonSet
                                                                                            
+
                                                                                            cop-logs
                                                                                            
+
                                                                                            Used to generate soft links for collected files and run in the same pod as fluent-bit
                                                                                            
+
                                                                                            DaemonSet
                                                                                            
+
                                                                                            log-operator
                                                                                            
+
                                                                                            Used to generate internal configuration files
                                                                                            
+
                                                                                            Deployment
                                                                                            
+
                                                                                            otel-collector
                                                                                            
+
                                                                                            Used to collect Kubernetes events and report them to LTS and AOM, and receive and report logs to LTS.
                                                                                            
+
                                                                                            The extent of log data reporting varies with the add-on version. In versions earlier than 1.5.1, this component reports logs of different applications and services. In 1.5.1 and later versions, this component reports only logs of workloads that are scaled to CCI.
                                                                                            
+
                                                                                            Deployment
                                                                                            
+
                                                                                            
+
                                                                                            
+
                                                                                            
+
                                                                                            Add-on Usage
                                                                                            This add-on can collect container standard output logs, container file logs, node logs, and Kubernetes events. You can use LTS or AOM to store the collected logs. These services support different types of logs. For details, see Table 3.
                                                                                            
+
+
                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                            Table 3 Log storage description
                                                                                            Log Storage Location
                                                                                            
+
                                                                                            Supported Log Types
                                                                                            
+
                                                                                            How to Use
                                                                                            
+
                                                                                            LTS
                                                                                            
+
                                                                                            • Container standard output logs
                                                                                            • Container file logs
                                                                                            • Node logs
                                                                                            • Kubernetes events
                                                                                            
+
                                                                                            Go to Logging to create a policy. For details, see Collecting Container Logs Using the Cloud Native Log Collection Add-on.
                                                                                            
+
                                                                                            AOM
                                                                                            
+
                                                                                            Kubernetes events
                                                                                            
+
                                                                                            If the cluster version is 1.19.16, 1.21.11, 1.23.9, 1.25.4, or later, all abnormal events and some normal events will be reported by default. For details, see Reporting Kubernetes Events to AOM.
                                                                                            
+
                                                                                            
+
                                                                                            
+
                                                                                            
+
                                                                                            Change History
                                                                                            
+
                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                            Table 4 Release history
                                                                                            Add-on Version
                                                                                            
+
                                                                                            Supported Cluster Version
                                                                                            
+
                                                                                            New Feature
                                                                                            
+
                                                                                            1.7.2
                                                                                            
+
                                                                                            v1.21
                                                                                            
+
                                                                                            v1.23
                                                                                            
+
                                                                                            v1.25
                                                                                            
+
                                                                                            v1.27
                                                                                            
+
                                                                                            v1.28
                                                                                            
+
                                                                                            v1.29
                                                                                            
+
                                                                                            v1.30
                                                                                            
+
                                                                                            v1.31
                                                                                            
+
                                                                                            Logs can be compressed in gzip format and sent to LTS.
                                                                                            
+
                                                                                            1.6.0
                                                                                            
+
                                                                                            v1.21
                                                                                            
+
                                                                                            v1.23
                                                                                            
+
                                                                                            v1.25
                                                                                            
+
                                                                                            v1.27
                                                                                            
+
                                                                                            v1.28
                                                                                            
+
                                                                                            v1.29
                                                                                            
+
                                                                                            v1.30
                                                                                            
+
                                                                                            • Clusters v1.30 are supported.
                                                                                            • Security hardening: The permissions of the add-on for accessing secrets are limited to the monitoring namespace.
                                                                                            
+
                                                                                            
+
                                                                                            
+
                                                                                            
+
                                                                                            
+
+
diff --git a/docs/cce/umn/cce_10_0420.html b/docs/cce/umn/cce_10_0420.html
index 3089798e1..8edcd603b 100644
--- a/docs/cce/umn/cce_10_0420.html
+++ b/docs/cce/umn/cce_10_0420.html
@@ -1,14 +1,15 @@
 
 
 
                                                                                            Deploying an Application Through the Helm v2 Client
                                                                                            
-
                                                                                            Prerequisites
                                                                                            The Kubernetes cluster created on CCE has been connected to kubectl. For details, see Using kubectl.
                                                                                            
+
                                                                                            Prerequisites
                                                                                            The Kubernetes cluster created on CCE has been connected to kubectl. For details, see Procedure.
                                                                                            
 
                                                                                            
 
                                                                                            Installing Helm v2
                                                                                            This section uses Helm v2.17.0 as an example.
                                                                                            
 
                                                                                            For other versions, visit https://github.com/helm/helm/releases.
                                                                                            
 
                                                                                            1. Download the Helm client from the VM connected to the cluster.
                                                                                              wget https://get.helm.sh/helm-v2.17.0-linux-amd64.tar.gz
                                                                                              
 
                                                                                            2. Decompress the Helm package.
                                                                                              tar -xzvf helm-v2.17.0-linux-amd64.tar.gz
                                                                                              
 
                                                                                            3. Copy Helm to the system path, for example, /usr/local/bin/helm.
                                                                                              mv linux-amd64/helm /usr/local/bin/helm
                                                                                              
-
                                                                                            4. RBAC is enabled on the Kubernetes API server. Create the service account name tiller for the tiller and assign cluster-admin, a system ClusterRole, to the tiller. Create a tiller resource account as follows:
                                                                                              vim tiller-rbac.yaml
                                                                                              apiVersion: v1
+
                                                                                            5. RBAC is enabled on the Kubernetes API server. Create the service account name tiller for the tiller and assign cluster-admin, a system ClusterRole, to the tiller. Create a tiller resource account as follows:
                                                                                              vim tiller-rbac.yaml
                                                                                              
+
                                                                                              File content:
                                                                                              apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: tiller
@@ -33,18 +34,19 @@ subjects:
 
                                                                                              Command output:
                                                                                              
 
                                                                                              NAME                             READY   STATUS    RESTARTS   AGE
 tiller-deploy-7b56c8dfb7-fxk5g   1/1     Running   1          23h
                                                                                              
-
                                                                                            6. Query the Helm version.
                                                                                              # helm version
-Client: &version.Version{SemVer:"v2.17.0", GitCommit:"a690bad98af45b015bd3da1a41f6218b1a451dbe", GitTreeState:"clean"}
+
                                                                                            7. Query the Helm version.
                                                                                              helm version
                                                                                              
+
                                                                                              Command output:
                                                                                              
+
                                                                                              Client: &version.Version{SemVer:"v2.17.0", GitCommit:"a690bad98af45b015bd3da1a41f6218b1a451dbe", GitTreeState:"clean"}
 Server: &version.Version{SemVer:"v2.17.0", GitCommit:"a690bad98af45b015bd3da1a41f6218b1a451dbe", GitTreeState:"clean"}
                                                                                              
 
                                                                                            
 
                                                                                            
 
                                                                                            Installing the Helm Chart
                                                                                            If the charts provided by CCE do not meet requirements, download a chart and install it.
                                                                                            
-
                                                                                            You can obtain the required chart in the stable directory on this website, download the chart, and upload it to the node.
                                                                                            1. Download and decompress the obtained chart. Generally, the chart is in ZIP format.
                                                                                              unzip chart.zip
                                                                                              
+
                                                                                              You can obtain the required chart in the stable directory at https://github.com/helm/charts, download the chart, and upload it to the node.
                                                                                              1. Download and decompress the obtained chart. Generally, the chart is in ZIP format.
                                                                                                unzip chart.zip
                                                                                                
 
                                                                                              2. Install the Helm chart.
                                                                                                helm install aerospike/
                                                                                                
 
                                                                                              3. After the installation is complete, run the helm list command to check the status of the chart releases.
                                                                                              
 
                                                                                              
 
                                                                                            
-
                                                                                            Common Issues
                                                                                            • The following error message is displayed after the Helm version command is run:
                                                                                              Client:
+
                                                                                              Common Issues
                                                                                              • The following error message is displayed after the Helm version command is executed:
                                                                                                Client:
 &version.Version{SemVer:"v2.17.0",
 GitCommit:"a690bad98af45b015bd3da1a41f6218b1a451dbe", GitTreeState:"clean"}
 E0718 11:46:10.132102    7023 portforward.go:332] an error occurred
@@ -58,15 +60,18 @@ Error: cannot connect to Tiller
                                                                                                
 
                                                                                                Error: Unable to find a match: socat
                                                                                                
 
                                                                                                The image does not contain socat. In this case, manually download the RPM chart and run the following command to install it (replace the RPM chart name with the actual one):
                                                                                                
 
                                                                                                rpm -i socat-1.7.3.2-8.oe1.x86_64.rpm
                                                                                                
-
                                                                                              • When the socat has been installed and the following error message is displayed after the helm version command is run:
                                                                                                test@local:~/k8s/helm/test$ helm version
-Client: &version.Version{SemVer:"v3.3.0", GitCommit:"021cb0ac1a1b2f888144ef5a67b8dab6c2d45be6", GitTreeState:"clean"}
+
                                                                                              • Socat has been installed. When you check the Helm version, the error message "Error: cannot connect to Tiller" is displayed.
                                                                                                helm version
                                                                                                
+
                                                                                                Error information:
                                                                                                
+
                                                                                                Client: &version.Version{SemVer:"v3.3.0", GitCommit:"021cb0ac1a1b2f888144ef5a67b8dab6c2d45be6", GitTreeState:"clean"}
 Error: cannot connect to Tiller
                                                                                                
-
                                                                                                The Helm chart reads the configuration certificate from the .Kube/config file to communicate with Kubernetes. The preceding error indicates that the kubectl configuration is incorrect. In this case, reconnect the cluster to kubectl. For details, see Using kubectl.
                                                                                                
+
                                                                                                The Helm chart reads the configuration certificate in .Kube/config and communicates with Kubernetes. The preceding error indicates that the kubectl configuration is incorrect. In this case, reconnect the cluster to kubectl. For details, see Procedure.
                                                                                                
 
                                                                                              • Storage fails to be created after you have connected to cloud storage services.
                                                                                                This issue may be caused by the annotation field in the created PVC. Change the chart name and install the chart again.
                                                                                                
-
                                                                                              • If kubectl is not properly configured, the following error message is displayed after the helm install command is run:
                                                                                                [root@prometheus-57046 ~]# helm install prometheus/ --generate-name
-WARNING: This chart is deprecated
+
                                                                                              • If kubectl is not properly configured, the error message "Error: Kubernetes cluster unreachable..." will be displayed when you install Helm.
                                                                                                Example:
                                                                                                
+
                                                                                                helm install prometheus/ --generate-name
                                                                                                
+
                                                                                                Error information:
                                                                                                WARNING: This chart is deprecated
 Error: Kubernetes cluster unreachable: Get "http://localhost:8080/version?timeout=32s": dial tcp [::1]:8080: connect: connection refused
                                                                                                
-
                                                                                                Solution: Configure kubeconfig for the node. For details, see Using kubectl.
                                                                                                
+
                                                                                                
+
                                                                                                Solution: Configure kubeconfig for the node. For details, see Procedure.
                                                                                                
 
                                                                                              
 
                                                                                              
 
                                                                                            
diff --git a/docs/cce/umn/cce_10_0425.html b/docs/cce/umn/cce_10_0425.html
index cc4a44190..408e47306 100644
--- a/docs/cce/umn/cce_10_0425.html
+++ b/docs/cce/umn/cce_10_0425.html
@@ -23,7 +23,7 @@
 
                                                                                            none
                                                                                            
                                                                                             		
 
                                                                                            Nodes with the following topology policies will not be filtered during scheduling:
                                                                                            
-
                                                                                            • none: schedulable
                                                                                            • best-effort: schedulable
                                                                                            • restricted: schedulable
                                                                                            • single-numa-node: schedulable
                                                                                            
+
                                                                                            • none: unschedulable
                                                                                            • best-effort: schedulable
                                                                                            • restricted: schedulable
                                                                                            • single-numa-node: schedulable
                                                                                            
                                                                                             		
 
                                                                                            None
                                                                                            
                                                                                             		
 
 
 
 
                                                                                            Table 1 Cluster status
                                                                                            Status
                                                                                            
+
                                                                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -65,7 +65,7 @@
 
                                                                                            
 
                                                                                            
-
                                                                                            Parent topic: Cluster Overview
                                                                                            
+
                                                                                            Parent topic: Clusters
                                                                                            
 
                                                                                            
 
                                                                                            
 
diff --git a/docs/cce/umn/cce_10_0431.html b/docs/cce/umn/cce_10_0431.html
index 32b029138..acd927ec3 100644
--- a/docs/cce/umn/cce_10_0431.html
+++ b/docs/cce/umn/cce_10_0431.html
@@ -27,7 +27,7 @@
 
-
diff --git a/docs/cce/umn/cce_10_0432.html b/docs/cce/umn/cce_10_0432.html
index 9146119a6..ac9c7d228 100644
--- a/docs/cce/umn/cce_10_0432.html
+++ b/docs/cce/umn/cce_10_0432.html
@@ -4,7 +4,7 @@
 
                                                                                            Check Items
                                                                                            Check whether the target cluster is under upgrade management.
                                                                                            
 
                                                                                            
 
                                                                                            Solution
                                                                                            CCE may temporarily restrict the cluster upgrade due to the following reasons:
                                                                                            
-
                                                                                            • The cluster is identified as the core production cluster.
                                                                                            • Other O&M tasks are being or will be performed, for example, 3-AZ reconstruction on master nodes.
                                                                                            
+
                                                                                            • The cluster is identified as the core production cluster.
                                                                                            • Other O&M tasks are either in progress or planned, such as the 3-AZ reconstruction on master nodes.
                                                                                            • If the cluster contains Docker nodes but their OSs are different from that of the node pool, reset these nodes and run the pre-upgrade check again.
                                                                                            
 
                                                                                            To resolve this issue, contact technical support based on logs displayed on the console.
                                                                                            
 
                                                                                            
 
                                                                                            
diff --git a/docs/cce/umn/cce_10_0437.html b/docs/cce/umn/cce_10_0437.html
index 9c2fcf473..23e8f9471 100644
--- a/docs/cce/umn/cce_10_0437.html
+++ b/docs/cce/umn/cce_10_0437.html
@@ -1,7 +1,7 @@
 
                                                                                            Security Groups
                                                                                            
-
                                                                                            Check Items
                                                                                            Check whether the Protocol & Port of the worker node security groups is set to ICMP: All and whether the security group with the source IP address set to the master node security group is deleted.
                                                                                            
+
                                                                                            Check Items
                                                                                            Check whether the Protocol & Port of the worker node security groups is set to ICMP: All and whether the security group rule with the source IP address set to the master node security group has been deleted.
                                                                                            
 
                                                                                             
                                                                                            This check item is performed only for clusters using VPC networking. For clusters using other networking, skip this check item.
                                                                                            
 
                                                                                            
 
                                                                                            
@@ -10,7 +10,7 @@
 
                                                                                            
 
                                                                                            Click the node security group and ensure that the following rules are configured to allow the master node to access the node using ICMP.
                                                                                            
 
                                                                                            
-
                                                                                            If the preceding security group rule is unavailable, add the rule with the following configurations to the node security group: Set Protocol & Port to Protocols/ICMP and All, and Source to Security group and the master security group. 
                                                                                            
+
                                                                                            If the preceding security group rule is unavailable, add the rule with the following configurations to the node security group: Set Protocol & Port to ICMP: All, and Source to Security group and then the master node's security group. 
                                                                                            
 
                                                                                            
 
                                                                                            
 
                                                                                            
diff --git a/docs/cce/umn/cce_10_0441.html b/docs/cce/umn/cce_10_0441.html
index d54bad881..23fcc6299 100644
--- a/docs/cce/umn/cce_10_0441.html
+++ b/docs/cce/umn/cce_10_0441.html
@@ -58,7 +58,7 @@
 
 
                                                                                            
-
@@ -83,16 +83,16 @@
 
-
-
-
-
@@ -101,7 +101,7 @@
 
-
@@ -112,7 +112,7 @@
 
-
diff --git a/docs/cce/umn/cce_10_0442.html b/docs/cce/umn/cce_10_0442.html
index 6f88cee0a..b5680cced 100644
--- a/docs/cce/umn/cce_10_0442.html
+++ b/docs/cce/umn/cce_10_0442.html
@@ -3,14 +3,14 @@
 
                                                                                            CCE Agent Versions
                                                                                            Check Items
                                                                                            Check whether cce-agent on the current node is of the latest version.
                                                                                            
 
                                                                                            
-
                                                                                            Solution
                                                                                            • Scenario 1: The error message "you cce-agent no update, please restart it" is displayed.
                                                                                              cce-agent does not need to be updated but is not restarted. In this case, log in to the node and manually restart cce-agent.
                                                                                              
+
                                                                                              Solution
                                                                                              • Scenario 1: The error message "you cce-agent no update, please restart it" is displayed.
                                                                                                This issue occurs if cce-agent is not restarted. To resolve it, log in to the node and manually restart cce-agent.
                                                                                                
 
                                                                                                Solution: Log in to the node and run the following command:
                                                                                                
 
                                                                                                systemctl restart cce-agent
                                                                                                
 
                                                                                                Perform the pre-upgrade check again.
                                                                                                
-
                                                                                              • Scenario 2: The error message "your cce-agent is not the latest version" is displayed.
                                                                                                cce-agent is not of the latest version, and the automatic update failed. This issue is typically caused by an invalid OBS path or the component version is outdated.
                                                                                                
+
                                                                                              • Scenario 2: The error message "your cce-agent is not the latest version" is displayed.
                                                                                                This issue occurs if cce-agent is not of the latest version and the automatic update failed. This issue is typically caused by an invalid OBS path or the component version is outdated.
                                                                                                
 
                                                                                                Solution
                                                                                                
 
                                                                                                1. Log in to the affected node and run the following command to obtain a valid OBS address:
                                                                                                  cat /home/paas/upgrade/agentConfig | python -m json.tool
                                                                                                  
-
                                                                                                  
+
                                                                                                  
 
                                                                                                2. Log in to a where the check failed, obtain the OBS address again by referring to the previous step, and check whether the OBS addresses are the same. If they are different, change the OBS address of the abnormal node to the correct address.
                                                                                                3. Run the following commands to download the latest binary file:
                                                                                                  • x86
                                                                                                    curl -k "https://{OBS address you have obtained}/cluster-versions/base/cce-agent" > /tmp/cce-agent
                                                                                                    
 
                                                                                                  • Arm
                                                                                                    curl -k "https://{OBS address you have obtained}/cluster-versions/base/cce-agent-arm" > /tmp/cce-agent-arm
                                                                                                    
 
                                                                                                  
diff --git a/docs/cce/umn/cce_10_0448.html b/docs/cce/umn/cce_10_0448.html
index fb512cc90..67f5997d2 100644
--- a/docs/cce/umn/cce_10_0448.html
+++ b/docs/cce/umn/cce_10_0448.html
@@ -3,7 +3,7 @@
 
                                                                                                  kubelet
                                                                                                  
 
                                                                                                  Check Items
                                                                                                  Check whether the kubelet on the node is running properly.
                                                                                                  
 
                                                                                                  
-
                                                                                                  Solution
                                                                                                  • Scenario 1: The kubelet status is abnormal.
                                                                                                    If the kubelet malfunctions, the node is unavailable. Restore the node and check again. For details, see What Should I Do If a Cluster Is Available But Some Nodes Are Unavailable?
                                                                                                    
+
                                                                                                    Solution
                                                                                                    • Scenario 1: The kubelet status is abnormal.
                                                                                                      If the kubelet malfunctions, the node will be unavailable. Restore the node and check again. For details, see What Should I Do If a Cluster Is Available But Some Nodes Are Unavailable?
                                                                                                      
 
                                                                                                    • Scenario 2: The cce-pause version is incorrect.
                                                                                                      The version of the pause container image on which kubelet depends is not cce-pause:3.1. If you continue the upgrade, pods will restart in batches. Currently, the upgrade is not supported. Contact technical support.
                                                                                                      
 
                                                                                                    
 
                                                                                                    
diff --git a/docs/cce/umn/cce_10_0450.html b/docs/cce/umn/cce_10_0450.html
index d862f2bae..4a7117b28 100644
--- a/docs/cce/umn/cce_10_0450.html
+++ b/docs/cce/umn/cce_10_0450.html
@@ -5,11 +5,11 @@
 
                                                                                                  
 
                                                                                                  Solution
                                                                                                  • Scenario 1: ntpd is running abnormally.
                                                                                                    Log in to the node and run the systemctl status ntpd command to obtain the running status of ntpd. If the command output is abnormal, run the systemctl restart ntpd command and obtain the status again.
                                                                                                    
 
                                                                                                    The normal command output is as follows:
                                                                                                    
-
                                                                                                    Figure 1 Running status of ntpd
                                                                                                    
+
                                                                                                    Figure 1 Running status of ntpd
                                                                                                    
 
                                                                                                    If the problem persists after ntpd is restarted, contact technical support.
                                                                                                    
 
                                                                                                  • Scenario 2: chronyd is running abnormally.
                                                                                                    Log in to the node and run the systemctl status chronyd command to obtain the running status of chronyd. If the command output is abnormal, run the systemctl restart chronyd command and obtain the status again.
                                                                                                    
 
                                                                                                    The normal command output is as follows:
                                                                                                    
-
                                                                                                    Figure 2 Running status of chronyd
                                                                                                    
+
                                                                                                    Figure 2 Running status of chronyd
                                                                                                    
 
                                                                                                    If the problem persists after chronyd is restarted, contact technical support.
                                                                                                    
 
                                                                                                  
 
                                                                                                  
diff --git a/docs/cce/umn/cce_10_0452.html b/docs/cce/umn/cce_10_0452.html
index 7403267a1..59ea5cb5e 100644
--- a/docs/cce/umn/cce_10_0452.html
+++ b/docs/cce/umn/cce_10_0452.html
@@ -1,9 +1,9 @@
 
 
 
                                                                                                  Node CPU Cores
                                                                                                  
-
                                                                                                  Check Items
                                                                                                  Check and make sure that the master nodes in your cluster have more than 2 CPU cores.
                                                                                                  
+
                                                                                                  Check Items
                                                                                                  Verify that the master nodes in your cluster have more than 2 CPU cores.
                                                                                                  
 
                                                                                                  
-
                                                                                                  Solution
                                                                                                  The number of CPU cores on the master nodes is 2, which may lead to a cluster upgrade failure.
                                                                                                  
+
                                                                                                  Solution
                                                                                                  The master nodes have only 2 CPU cores, which may lead to a cluster upgrade failure.
                                                                                                  
 
                                                                                                  Contact technical support to expand the number of CPU cores to four or more.
                                                                                                  
 
                                                                                                  
 
                                                                                                  
diff --git a/docs/cce/umn/cce_10_0456.html b/docs/cce/umn/cce_10_0456.html
index 7e204abc8..7e765cc33 100644
--- a/docs/cce/umn/cce_10_0456.html
+++ b/docs/cce/umn/cce_10_0456.html
@@ -5,7 +5,7 @@
 
                                                                                                  
 
                                                                                                  Solution
                                                                                                  Log in to the node and run the systemctl is-active systemd-journald command to obtain the running status of journald. If the command output is abnormal, run the systemctl restart systemd-journald command and obtain the status again.
                                                                                                  
 
                                                                                                  The normal command output is as follows:
                                                                                                  
-
                                                                                                  Figure 1 Running status of journald
                                                                                                  
+
                                                                                                  Figure 1 Running status of journald
                                                                                                  
 
                                                                                                  If the problem persists after journald is restarted, contact technical support.
                                                                                                  
 
                                                                                                  
 
                                                                                                  
diff --git a/docs/cce/umn/cce_10_0459.html b/docs/cce/umn/cce_10_0459.html
index 88dde4e2d..bf6534bdf 100644
--- a/docs/cce/umn/cce_10_0459.html
+++ b/docs/cce/umn/cce_10_0459.html
@@ -12,13 +12,13 @@ do
         echo "$mount_path hang mount"
     fi
 done
-
                                                                                                4. Run the saved script and check the output.
                                                                                                  
+
                                                                                                5. Run the saved script and check the output.
                                                                                                  
 
                                                                                                  The mount points of the /root/foo and /root/bar folders are incorrect.
                                                                                                  
 
                                                                                                6. Run the following command to check the suspended mount points:
                                                                                                  mount -n | grep /root/foo
                                                                                                  
-
                                                                                                  
+
                                                                                                  
 
                                                                                                  When a mount point is suspended, it typically indicates that services are not using it anymore. After confirming that the mount point is no longer required, run the following command to unmount it and then re-execute the previously mentioned script:
                                                                                                  
 
                                                                                                  umount -l -f localhost:/tmp/nfs
                                                                                                  
-
                                                                                                  
+
                                                                                                  
 
                                                                                                  After the execution, perform the check again on the pre-upgrade check page.
                                                                                                  
 
                                                                                                
 
                                                                                              
diff --git a/docs/cce/umn/cce_10_0460.html b/docs/cce/umn/cce_10_0460.html
index 5075f2907..542e14942 100644
--- a/docs/cce/umn/cce_10_0460.html
+++ b/docs/cce/umn/cce_10_0460.html
@@ -19,7 +19,7 @@
 
                                                                                            
 
                                                                                            Solution
                                                                                            Scenario 1: The node is skipped during the cluster upgrade.
                                                                                            
-
                                                                                            1. Configure the kubectl command. For details, see Connecting to a Cluster Using kubectl.
                                                                                            2. Check the kubelet version of the corresponding node. The following information is expected:
                                                                                              Figure 1 kubelet version
                                                                                              
+
                                                                                              1. Configure the kubectl command. For details, see Connecting to a Cluster Using kubectl.
                                                                                              2. Check the kubelet version of the corresponding node. The following information is expected:
                                                                                                Figure 1 kubelet version
                                                                                                
 
                                                                                                If the version of the node is different from that of other nodes, the node is skipped during the upgrade. Reset the node and upgrade the cluster again. For details about how to reset a node, see Resetting a Node.
                                                                                                
 
                                                                                                 
                                                                                                Resetting a node will reset all node labels, which may affect workload scheduling. Before resetting a node, check and retain the labels that you have manually added to the node.
                                                                                                
 
                                                                                                
diff --git a/docs/cce/umn/cce_10_0462.html b/docs/cce/umn/cce_10_0462.html
index 1590f27ce..9a3ca0a79 100644
--- a/docs/cce/umn/cce_10_0462.html
+++ b/docs/cce/umn/cce_10_0462.html
@@ -100,7 +100,7 @@
 
                                                                                            
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
@@ -432,7 +452,7 @@
 
                                                                                            Although Docker has added functions such as swarm cluster, docker build, and Docker APIs, it also introduces bugs. Compared with containerd, Docker has one more layer of calling. Therefore, containerd is more resource-saving and secure.
                                                                                            Container Engine Versions
                                                                                            • Docker
                                                                                              • EulerOS/CentOS: docker-engine 18.9.0, a Docker version customized for CCE. Security vulnerabilities will be fixed promptly.
                                                                                              
-
                                                                                            • containerd: 1.6.14
                                                                                               
                                                                                              If the cluster version is v1.28.8-r0, v1.29.4-r0, v1.30.1-r0, or later, upgrade containerd to 1.7.16.
                                                                                              
+
                                                                                            • containerd: 1.6.14
                                                                                               
                                                                                              If the cluster version is v1.28.8-r0, v1.29.4-r0, v1.30.1-r0, or later, the containerd version of new nodes is 1.7.16.
                                                                                              
 
                                                                                              
 
                                                                                            
 
                                                                                            
diff --git a/docs/cce/umn/cce_10_0463.html b/docs/cce/umn/cce_10_0463.html
index 19425fb73..db1c6e2ce 100644
--- a/docs/cce/umn/cce_10_0463.html
+++ b/docs/cce/umn/cce_10_0463.html
@@ -1,7 +1,7 @@
 
                                                                                            Secure Runtime and Common Runtime
                                                                                            
-
                                                                                            The most significant difference is that each Kata container (pod) runs on an independent micro-VM, has an independent OS kernel, and is securely isolated at the virtualization layer. With a secure runtime, kernels, compute resources, and networks are isolated between containers to protect pod resources and data from being preempted and stolen by other pods.
                                                                                            
+
                                                                                            Compared with a common runtime, a secure runtime allows each container (pod) to run on its own micro-VM with a separate OS kernel. This ensures secure isolation at the virtualization layer. With a secure runtime, kernels, compute resources, and networks are isolated between containers to protect pod resources and data from being preempted and stolen by other pods.
                                                                                            
 
                                                                                            CCE Turbo clusters allow you to create workloads using a common runtime or secure runtime as required. The differences between them are as follows.
                                                                                            
 
 
                                                                                            Table 1 Cluster status
                                                                                            Status
                                                                                            
 
                                                                                            Description
                                                                                            
+
                                                                                            Description
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            Creating
                                                                                            
+
                                                                                            Creating
                                                                                            
 
                                                                                            A cluster is being created and is requesting for cloud resources.
                                                                                            
+
                                                                                            A cluster is being created and is requesting for cloud resources.
                                                                                            
                                                                                             		
 
                                                                                            Running
                                                                                            
+
                                                                                            Running
                                                                                            
 
                                                                                            A cluster is running properly.
                                                                                            
+
                                                                                            A cluster is running properly.
                                                                                            
                                                                                             		
 
                                                                                            Hibernating
                                                                                            
+
                                                                                            Hibernating
                                                                                            
 
                                                                                            A cluster is hibernating.
                                                                                            
+
                                                                                            A cluster is hibernating.
                                                                                            
                                                                                             		
 
                                                                                            Awaking
                                                                                            
+
                                                                                            Awaking
                                                                                            
 
                                                                                            A cluster is being woken up.
                                                                                            
+
                                                                                            A cluster is being woken up.
                                                                                            
                                                                                             		
 
                                                                                            Upgrading
                                                                                            
+
                                                                                            Upgrading
                                                                                            
 
                                                                                            A cluster is being upgraded.
                                                                                            
+
                                                                                            A cluster is being upgraded.
                                                                                            
                                                                                             		
 
                                                                                            Resizing
                                                                                            
+
                                                                                            Resizing
                                                                                            
 
                                                                                            The cluster flavor is being changed.
                                                                                            
+
                                                                                            The cluster flavor is being changed.
                                                                                            
                                                                                             		
 
                                                                                            Unavailable
                                                                                            
+
                                                                                            Unavailable
                                                                                            
 
                                                                                            A cluster is unavailable.
                                                                                            
+
                                                                                            A cluster is unavailable.
                                                                                            
                                                                                             		
 
                                                                                            Deleting
                                                                                            
+
                                                                                            Deleting
                                                                                            
 
                                                                                            A cluster is being deleted.
                                                                                            
+
                                                                                            A cluster is being deleted.
                                                                                            
                                                                                             		
 
                                                                                            
                                                                                             
 
 
                                                                                            HCE OS 2.0
                                                                                            
 
                                                                                            Unlimited
                                                                                            
+
                                                                                            None
                                                                                            
                                                                                             		
 
                                                                                            
                                                                                             
 
 
                                                                                            Guaranteed
                                                                                            
 
                                                                                            Besteffort
                                                                                            
+
                                                                                            BestEffort
                                                                                            
                                                                                             		
 
                                                                                            Burstable
                                                                                            
 
                                                                                            No
                                                                                            
                                                                                             		
 
                                                                                            Besteffort
                                                                                            
+
                                                                                            BestEffort
                                                                                            
 
                                                                                            Besteffort
                                                                                            
+
                                                                                            BestEffort
                                                                                            
 
                                                                                            Besteffort
                                                                                            
+
                                                                                            BestEffort
                                                                                            
                                                                                             		
 
                                                                                            No
                                                                                            
                                                                                             		
 
                                                                                            Besteffort
                                                                                            
+
                                                                                            BestEffort
                                                                                            
                                                                                             		
 
                                                                                            Burstable
                                                                                            
 
                                                                                            No
                                                                                            
                                                                                             		
 
                                                                                            Besteffort
                                                                                            
+
                                                                                            BestEffort
                                                                                            
                                                                                             		
 
                                                                                            Guaranteed
                                                                                            
 
                                                                                            
 
                                                                                            Burstable
                                                                                            
 
                                                                                            Besteffort
                                                                                            
+
                                                                                            BestEffort
                                                                                            
                                                                                             		
 
                                                                                            Burstable
                                                                                            
                                                                                             		
 
 
                                                                                            
 
                                                                                            Ubuntu 22.04
                                                                                            
 
                                                                                            4.x
                                                                                            
+
                                                                                            5.x
                                                                                            
                                                                                             		
 
                                                                                            Docker
                                                                                            
 
                                                                                            Clusters of v1.23 and later support containerd.
                                                                                            
@@ -140,26 +140,46 @@
 
 
                                                                                            
 
                                                                                            ECS (VM)
                                                                                            
-
                                                                                            
+
                                                                                            ECS (VM)
                                                                                            
                                                                                             		
 
                                                                                            EulerOS 2.9
                                                                                            
                                                                                             		
 
                                                                                            4.x
                                                                                            
 
                                                                                            Docker
                                                                                            
+
                                                                                            Docker
                                                                                            
 
                                                                                            containerd
                                                                                            
 
                                                                                            OverlayFS
                                                                                            
-
                                                                                            
+
                                                                                            OverlayFS
                                                                                            
 
                                                                                            runC
                                                                                            
-
                                                                                            
+
                                                                                            runC
                                                                                            
                                                                                             		
 
                                                                                            HCE OS 2.0
                                                                                            
+
                                                                                            ECS (VM)
                                                                                            
 
                                                                                            5.x
                                                                                            
+
                                                                                            Ubuntu 22.04
                                                                                            
+
                                                                                            5.x
                                                                                            
+
                                                                                            Docker
                                                                                            
+
                                                                                            containerd
                                                                                            
+
                                                                                            OverlayFS
                                                                                            
+
                                                                                            runC
                                                                                            
+
                                                                                            ECS (VM)
                                                                                            
+
                                                                                            HCE OS 2.0
                                                                                            
+
                                                                                            5.x
                                                                                            
+
                                                                                            Docker
                                                                                            
+
                                                                                            containerd
                                                                                            
+
                                                                                            OverlayFS
                                                                                            
+
                                                                                            runC
                                                                                            
                                                                                             		
 
                                                                                            
                                                                                             
 
 
 
 
                                                                                            
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/docs/cce/umn/cce_10_0477.html b/docs/cce/umn/cce_10_0477.html
index 552c2e332..6c62e780b 100644
--- a/docs/cce/umn/cce_10_0477.html
+++ b/docs/cce/umn/cce_10_0477.html
@@ -11,7 +11,7 @@
 
                                                                                            Diagnosis
                                                                                            Perform the following steps to check your CCE clusters of v1.21 or later:
                                                                                            
 
                                                                                            1. Use kubectl to access the cluster and run the kubectl get --raw "/metrics" | grep stale command to obtain the metrics. Check the metric named serviceaccount_stale_tokens_total.
                                                                                              If the value is greater than 0, some workloads in the cluster may be using an earlier client-go version. In this case, check whether this problem occurs in your deployed applications. If yes, upgrade client-go to the version specified by the community as soon as possible. The version must be at least two major versions of the CCE cluster. For example, if your cluster version is 1.23, the Kubernetes dependency library version must be at least 1.19.
                                                                                              
-
                                                                                              
+
                                                                                              
 
                                                                                            
 
                                                                                            
diff --git a/docs/cce/umn/cce_10_0493.html b/docs/cce/umn/cce_10_0493.html
index 18d240d6d..68155b6d6 100644
--- a/docs/cce/umn/cce_10_0493.html
+++ b/docs/cce/umn/cce_10_0493.html
@@ -22,7 +22,7 @@ exit(1);
 " > corefile_record.txt
 cat corefile_record.txt
                                                                                          7. Compare the output differences between 2 and 3.
                                                                                            diff corefile_now.txt corefile_record.txt -y;
                                                                                            
-
                                                                                            Figure 1 Viewing output differences
                                                                                            
+
                                                                                            Figure 1 Viewing output differences
                                                                                            
 
                                                                                          8. Return to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, select CoreDNS, and click Upgrade.
                                                                                            To retain custom configurations, use either of the following methods:
                                                                                            • (Recommended) Set parameterSyncStrategy to inherit. In this case, custom settings are automatically inherited. The system automatically parses, identifies, and inherits custom parameters.
                                                                                            • Set parameterSyncStrategy to force. Manually enter the differential configuration. For details, see CoreDNS.
                                                                                            
 
                                                                                            
 
                                                                                          9. Click OK. After the add-on upgrade is complete, check whether all CoreDNS instances are available and whether Corefile meets the expectation.
                                                                                            kubectl get cm -nkube-system coredns -o jsonpath='{.data.Corefile}'
                                                                                            
diff --git a/docs/cce/umn/cce_10_0495.html b/docs/cce/umn/cce_10_0495.html
index 06f095c20..ec7a87f29 100644
--- a/docs/cce/umn/cce_10_0495.html
+++ b/docs/cce/umn/cce_10_0495.html
@@ -10,8 +10,8 @@
 
                                                                                            • Scenario 2: The systemctl status command fails to be executed.
                                                                                              If the systemctl status command on a node is unavailable, many check items will be affected. Log in to the node and check the availability of the following commands:
                                                                                              
 
                                                                                              systemctl status kubelet
                                                                                              
-
                                                                                              If the fault persists, reset the node. For details, see Resetting a Node.
                                                                                              
 
                                                                                            
+
                                                                                            If the fault persists, reset the node. For details, see Resetting a Node.
                                                                                            
diff --git a/docs/cce/umn/cce_10_0498.html b/docs/cce/umn/cce_10_0498.html
index de1a967d9..edb5b00b5 100644
--- a/docs/cce/umn/cce_10_0498.html
+++ b/docs/cce/umn/cce_10_0498.html
@@ -7,7 +7,7 @@
 
 
                                                                                            Solution
                                                                                            How Do I Check Whether a Disk Is Shared?
                                                                                            
-
                                                                                            1. Log in to the target node based on the check information.
                                                                                            2. Run the lsblk command to check whether vgpaas-share is mounted to /mnt/paas. If yes, a shared disk is used.
                                                                                              Figure 1 Checking whether a shared disk is used
                                                                                              
+
                                                                                              1. Log in to the target node based on the check information.
                                                                                              2. Run the lsblk command to check whether vgpaas-share is mounted to /mnt/paas. If yes, a shared disk is used.
                                                                                                Figure 1 Checking whether a shared disk is used
                                                                                                
 
                                                                                              
 
                                                                                              What Can I Do If an Error Occurred in a Node Mounting Check?
                                                                                              
 
                                                                                              1. Cancel the manually modified mount point.
                                                                                              2. Cancel the modification on the default soft links.
                                                                                              
diff --git a/docs/cce/umn/cce_10_0503.html b/docs/cce/umn/cce_10_0503.html
index 02bb1035a..4b8061d04 100644
--- a/docs/cce/umn/cce_10_0503.html
+++ b/docs/cce/umn/cce_10_0503.html
@@ -1,11 +1,11 @@
 
 
-
                                                                                              GPU Add-on
                                                                                              
-
                                                                                              Check Items
                                                                                              The GPU add-on is involved in the upgrade, which may affect the GPU driver installation during the creation of a GPU node.
                                                                                              
+
                                                                                              CCE AI Suite (NVIDIA GPU)
                                                                                              
+
                                                                                              Check Items
                                                                                              CCE AI Suite (NVIDIA GPU) is involved in the upgrade, which may affect the GPU driver installation during the creation of a GPU node.
                                                                                              
 
                                                                                              
-
                                                                                              Solution
                                                                                              The GPU add-on driver needs to be configured by yourself. Check the compatibility between the GPU add-on and the GPU driver. It is a good practice to verify the upgrade of the GPU driver to the target version in the test environment, configure the current GPU driver, and check whether the created GPU node can run properly.
                                                                                              
-
                                                                                              Perform the following operations to check the upgrade of the GPU driver to the target version and current driver configuration of GPU add-on:
                                                                                              
-
                                                                                              1. Log in to the CCE console. In the navigation pane, choose Add-ons. Then, check the CCE AI Suite (NVIDIA GPU) add-on.
                                                                                              2. Click Upgrade of the add-on and check the target version and driver version of the add-on.
                                                                                              3. Verify the upgrade of the GPU driver to the target version in the test environment, configure the current GPU driver, and check whether the created GPU node can run properly.
                                                                                                If the GPU add-on and the GPU driver are incompatible, install the driver of a later version. If necessary, contact technical support.
                                                                                                
+
                                                                                                Solution
                                                                                                The driver of CCE AI Suite (NVIDIA GPU) needs to be configured by yourself. Check the compatibility between this add-on and the GPU driver. It is a good practice to verify the upgrade of the GPU driver to the target version in the test environment, configure the current GPU driver, and check whether the created GPU node can run properly.
                                                                                                
+
                                                                                                Perform the following operations to check the target GPU driver version and the current driver configuration of CCE AI Suite (NVIDIA GPU):
                                                                                                
+
                                                                                                1. Log in to the CCE console. In the navigation pane, choose Add-ons. Then, check the CCE AI Suite (NVIDIA GPU) add-on.
                                                                                                2. Click Upgrade of the add-on and check the target version and driver version of the add-on.
                                                                                                3. Verify the upgraded GPU driver version in the test environment, configure the current GPU driver, and check whether the created GPU node can run properly.
                                                                                                  If the GPU add-on and the GPU driver are incompatible, install the driver of a later version. If necessary, contact technical support.
                                                                                                  
 
                                                                                                
 
                                                                                                
 
                                                                                              
diff --git a/docs/cce/umn/cce_10_0508.html b/docs/cce/umn/cce_10_0508.html
index 9b4002691..d77bfb056 100644
--- a/docs/cce/umn/cce_10_0508.html
+++ b/docs/cce/umn/cce_10_0508.html
@@ -1,18 +1,18 @@
 
 
-
                                                                                              nginx-ingress Upgrade
                                                                                              
+
                                                                                              NGINX Ingress Controller
                                                                                              
 
                                                                                              Check Items
                                                                                              • Check item 1: Check whether there is an Nginx Ingress route whose ingress type is not specified (kubernetes.io/ingress.class: nginx is not added to annotations) in the cluster.
                                                                                              • Check item 2: Check whether the DefaultBackend Service specified by the NGINX Ingress Controller backend is available.
                                                                                              
 
                                                                                              
 
                                                                                              Fault Locating
                                                                                              For Check Item 1
                                                                                              
 
                                                                                              For Nginx Ingress, check the YAML. If the ingress type is not specified in the YAML file and the ingress is managed by the NGINX Ingress Controller, the ingress is at risk. 
                                                                                              
-
                                                                                              1. Check the ingress type.
                                                                                                Run the following command:
                                                                                                kubectl get ingress <ingress-name> -oyaml | grep -E ' kubernetes.io/ingress.class: | ingressClassName:'
                                                                                                
-
                                                                                                • Fault scenario: If the command output is empty, the ingress type is not specified.
                                                                                                • Normal scenario: The command output is not empty, indicating that the ingress type has been specified by annotations or ingressClassName.
                                                                                                  
+
                                                                                                  1. Check the ingress type.
                                                                                                    Run the following command:
                                                                                                    kubectl get ingress <ingress-name> -oyaml | grep -E ' kubernetes.io/ingress.class: | ingressClassName:' -B 1
                                                                                                    
+
                                                                                                    • Fault scenario: If the command output is empty, the ingress type is not specified.
                                                                                                    • Normal scenario: The command output is not empty, indicating that the ingress type has been specified by annotations or ingressClassName.
                                                                                                      
 
                                                                                                    
 
                                                                                                    
 
                                                                                                  2. Ensure that the ingress is managed by the Nginx ingress Controller. The LoadBalancer Ingresses are not affected by this issue.
                                                                                                    • For clusters of v1.19, confirm this issue using managedFields.
                                                                                                      kubectl get ingress <ingress-name> -oyaml | grep 'manager: nginx-ingress-controller'
                                                                                                      
-
                                                                                                      
+
                                                                                                      
 
                                                                                                    • For clusters of other versions, check the logs of the NGINX Ingress Controller pod.
                                                                                                       kubectl logs -nkube-system cceaddon-nginx-ingress-controller-545db6b4f7-bv74t | grep 'updating Ingress status'
                                                                                                      
-
                                                                                                      
+
                                                                                                      
 
                                                                                                    
 
                                                                                                    If the fault persists, contact technical support.
                                                                                                    
 
                                                                                                  
diff --git a/docs/cce/umn/cce_10_0511.html b/docs/cce/umn/cce_10_0511.html
index 0278b9bb3..c3ac20530 100644
--- a/docs/cce/umn/cce_10_0511.html
+++ b/docs/cce/umn/cce_10_0511.html
@@ -1,7 +1,7 @@
 
 
-
                                                                                                  Key GPU Add-on Parameters
                                                                                                  
-
                                                                                                  Check Items
                                                                                                  Check whether the configuration of the CCE AI Suite add-on in a cluster has been intrusively modified. If so, upgrading the cluster may fail.
                                                                                                  
+
                                                                                                  Key CCE AI Suite (NVIDIA GPU) Parameters
                                                                                                  
+
                                                                                                  Check Items
                                                                                                  Check whether the configuration of CCE AI Suite (NVIDIA GPU) in a cluster has been intrusively modified. If so, upgrading the cluster may fail.
                                                                                                  
 
                                                                                                  
 
                                                                                                  Solution
                                                                                                  1. Use kubectl to access the cluster.
                                                                                                  2. Run the following command to obtain the add-on instance details:
                                                                                                    kubectl get ds nvidia-driver-installer -nkube-system -oyaml
                                                                                                    
 
                                                                                                  3. Check whether the UpdateStrategy value is changed to OnDelete. If so, change it back to RollingUpdate.
                                                                                                  4. Check whether the NVIDIA_DRIVER_DOWNLOAD_URL value is the same as the GPU driver version on the add-on page. If not, correct the version on the add-on page.
                                                                                                  
diff --git a/docs/cce/umn/cce_10_0513.html b/docs/cce/umn/cce_10_0513.html
index 6f32f53e1..269831446 100644
--- a/docs/cce/umn/cce_10_0513.html
+++ b/docs/cce/umn/cce_10_0513.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                  ELB Listener Access Control
                                                                                                  
-
                                                                                                  Check Items
                                                                                                  Check whether ELB listener access control has been configured for the Services in the current cluster using annotations.
                                                                                                  
+
                                                                                                  Check Items
                                                                                                  Check whether ELB listener access control has been configured using annotations for the Services in the current cluster.
                                                                                                  
 
                                                                                                  If so, check whether their configurations are correct.
                                                                                                  
 
                                                                                                  
-
                                                                                                  Solution
                                                                                                  In case of an incorrect configuration, correct it by following the instructions provided in Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Service.
                                                                                                  
+
                                                                                                  Solution
                                                                                                  If the configurations are incorrect, reconfigure them by following the operations provided in Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Service.
                                                                                                  
 
                                                                                                  
 
                                                                                                  
 
                                                                                                  
diff --git a/docs/cce/umn/cce_10_0521.html b/docs/cce/umn/cce_10_0521.html
index bde60f755..4889c06f8 100644
--- a/docs/cce/umn/cce_10_0521.html
+++ b/docs/cce/umn/cce_10_0521.html
@@ -1,9 +1,9 @@
 
 
 
                                                                                                  Compatibility Between the Ubuntu Kernel and GPU Driver
                                                                                                  
-
                                                                                                  Check Items
                                                                                                  Make sure that the GPU add-on and Ubuntu nodes are compatible before using them in a cluster. If the Ubuntu kernel is 5.15.0-113-generic, the driver of the GPU add-on must be 535.161.08 or later.
                                                                                                  
+
                                                                                                  Check Items
                                                                                                  Make sure that CCE AI Suite (NVIDIA GPU) and Ubuntu nodes are compatible before using them in a cluster. If the Ubuntu kernel is 5.15.0-113-generic, the driver of the GPU add-on must be 535.161.08 or later.
                                                                                                  
 
                                                                                                  
-
                                                                                                  Solution
                                                                                                  This issue may occur when you create or reset an Ubuntu node after an upgrade. In this case, upgrade the GPU add-on driver to version 535.161.08 or later, and restart the node.
                                                                                                  
+
                                                                                                  Solution
                                                                                                  This issue may occur when you create or reset an Ubuntu node after an upgrade. In this case, upgrade the CCE AI Suite (NVIDIA GPU) driver to version 535.161.08 or later, and restart the node.
                                                                                                  
 
                                                                                                  
 
                                                                                                  
 
                                                                                                  
diff --git a/docs/cce/umn/cce_10_0522.html b/docs/cce/umn/cce_10_0522.html
index f973ac200..c2778315c 100644
--- a/docs/cce/umn/cce_10_0522.html
+++ b/docs/cce/umn/cce_10_0522.html
@@ -4,7 +4,7 @@
 
                                                                                                  Check Items
                                                                                                  An unfinished drainage task is detected in the cluster, which may resume after the upgrade. If this happens, running pods will be evicted, which could impact your services.
                                                                                                  
 
                                                                                                  
 
                                                                                                  Solution
                                                                                                  1. Configure the kubectl command. For details, see Connecting to a Cluster Using kubectl.
                                                                                                  2. Check if there are any drainage tasks in progress.
                                                                                                    kubectl get drainage
                                                                                                    
-
                                                                                                    Figure 1 An in-progress drainage task
                                                                                                    
+
                                                                                                    Figure 1 An in-progress drainage task
                                                                                                    
 
                                                                                                    Delete the drainage resources and perform the pre-upgrade check again.
                                                                                                    
 
                                                                                                  3. Run the following command to delete a drainage task:
                                                                                                    kubectl delete drainage {Name of the drainage task}
                                                                                                    
 
                                                                                                  
diff --git a/docs/cce/umn/cce_10_0525.html b/docs/cce/umn/cce_10_0525.html
index 23b33db72..68932181c 100644
--- a/docs/cce/umn/cce_10_0525.html
+++ b/docs/cce/umn/cce_10_0525.html
@@ -5,11 +5,11 @@
 
                                                                                                  
 
                                                                                                  Solution
                                                                                                  Solution 1 (preferred): Reset the node. For details, see Resetting a Node.
                                                                                                  
 
                                                                                                  Solution 2: Fix the certificate rotation issue on the node.
                                                                                                  
-
                                                                                                  1. Go to the /opt/cloud/cce/kubernetes/kubelet/pki/ directory on the node.
                                                                                                  2. Back up certificate files kubelet-server-current.pem and kubelet-client-current.pem on the node.
                                                                                                  3. Delete the residual kubelet-server-* certificate files from the node.
                                                                                                    link_target="$(basename $(readlink kubelet-server-current.pem))" && find -maxdepth 1 -type f -name 'kubelet-server-*.pem' ! -name "$link_target" -delete
                                                                                                    
-
                                                                                                  4. Delete soft links for the certificates.
                                                                                                    find -maxdepth 1 -type f -name 'kubelet-server-current.pem'  -delete
                                                                                                    
+
                                                                                                    1. Log in to the node and go to the node certificate directory.
                                                                                                      cd /opt/cloud/cce/kubernetes/kubelet/pki/
                                                                                                      
+
                                                                                                    2. Delete the residual kubelet-server-* certificate file and certificate soft link file from the node.
                                                                                                      find -maxdepth 1 -type f -name 'kubelet-server-*.pem' -delete
+rm -f ./kubelet-server-current.pem
                                                                                                      
 
                                                                                                    
 
                                                                                                  
-
                                                                                                  
 
                                                                                                  
 
                                                                                                  
 
                                                                                                  
diff --git a/docs/cce/umn/cce_10_0527.html b/docs/cce/umn/cce_10_0527.html
new file mode 100644
index 000000000..2cf9fb77d
--- /dev/null
+++ b/docs/cce/umn/cce_10_0527.html
@@ -0,0 +1,15 @@
+
+
+
                                                                                                  Network Policies of Cluster Network Components
                                                                                                  
+
                                                                                                  Check Items
                                                                                                  Check the network policy settings on the master nodes in your cluster. If any manual modifications have been made, they will be reset during the upgrade.
                                                                                                  
+
                                                                                                  
+
                                                                                                  Solution
                                                                                                  Check whether network policies need to be disabled on the network component canal-controller based on the diagnostic analysis logs. For example, if a cluster uses a Direct Connect connection to access an external address, the external switch does not support ip-option. Enabling network policies in this scenario could result in network access failure. In such cases, manually disable the network policies.
                                                                                                  
+
                                                                                                  If you need to modify the network policy setting, skip this check. After the upgrade, you can modify the network policy setting on the Network tab in Settings.
                                                                                                  
+
                                                                                                  
+
                                                                                                  
+
+
diff --git a/docs/cce/umn/cce_10_0528.html b/docs/cce/umn/cce_10_0528.html
new file mode 100644
index 000000000..bb1bac589
--- /dev/null
+++ b/docs/cce/umn/cce_10_0528.html
@@ -0,0 +1,27 @@
+
+
+
                                                                                                  Cluster and Node Pool Configurations
                                                                                                  
+
                                                                                                  Check Items
                                                                                                  Check whether the nic-max-above-warm-target value configured for the network component of the current cluster exceeds the maximum value allowed.
                                                                                                  
+
                                                                                                  
+
                                                                                                  Solution
                                                                                                  Determine the scope of impact based on the error information. For example:
                                                                                                  
+
                                                                                                  configuration check failed: [nodepool id(1786cd55-xxxx-xxxx-aac8-0255ac100095): [eni/nic-max-above-warm-target] should be less than or equal to 256, nodepool id(master): [eni/nic-max-above-warm-target] should be less than or equal to 256]. Please make corrections at settings
                                                                                                  
+
                                                                                                  This error information indicates that there are two abnormal nic-max-above-warm-target settings:
                                                                                                  
+
                                                                                                  • nodepool id(1786cd55-xxxx-xxxx-aac8-0255ac100095) indicates that the node pool with the ID 1786cd55-xxxx-xxxx-aac8-0255ac100095 has an abnormal configuration.
                                                                                                  • nodepool id(master) indicates that the cluster has an abnormal configuration.
                                                                                                  
+
                                                                                                  Scenario 1: Abnormal node pool configuration
                                                                                                  
+
                                                                                                  To fix this issue, perform the following operations:
                                                                                                  
+
                                                                                                  1. Log in to the CCE console. In the navigation pane, choose Nodes.
                                                                                                  2. Locate the affected node pool and choose More > Manage.
                                                                                                  3. In Networking Components, set the nic-max-above-warm-target value to a maximum of 256.
                                                                                                    
+
                                                                                                    
+
                                                                                                  4. Click OK.
                                                                                                  
+
                                                                                                  Scenario 2: Abnormal cluster configuration
                                                                                                  
+
                                                                                                  To fix this issue, perform the following operations:
                                                                                                  
+
                                                                                                  1. Log in to the CCE console. In the navigation pane, choose Settings.
                                                                                                  2. Click the Network tab and set the Threshold for Unbinding Pre-bound Container ENIs value to a maximum of 256.
                                                                                                    
+
                                                                                                    
+
                                                                                                  3. Click Confirm Configuration.
                                                                                                  
+
                                                                                                  
+
                                                                                                  
+
+
diff --git a/docs/cce/umn/cce_10_0529.html b/docs/cce/umn/cce_10_0529.html
new file mode 100644
index 000000000..0004d2d36
--- /dev/null
+++ b/docs/cce/umn/cce_10_0529.html
@@ -0,0 +1,15 @@
+
+
+
                                                                                                  Time Zone of Master Nodes
                                                                                                  
+
                                                                                                  Check Items
                                                                                                  Check whether the time zone of the master nodes matches the cluster's time zone. If they are different, the master nodes will be updated to match the cluster's time zone during a rolling upgrade.
                                                                                                  
+
                                                                                                  If there is a CronJob in your cluster, it may unexpectedly trigger an execution after the upgrade.
                                                                                                  
+
                                                                                                  
+
                                                                                                  Solution
                                                                                                  Before the upgrade, disable the CronJob and perform the pre-upgrade check. After the upgrade is complete, enable the CronJob.
                                                                                                  
+
                                                                                                  
+
                                                                                                  
+
+
diff --git a/docs/cce/umn/cce_10_0530.html b/docs/cce/umn/cce_10_0530.html
new file mode 100644
index 000000000..3ec165f36
--- /dev/null
+++ b/docs/cce/umn/cce_10_0530.html
@@ -0,0 +1,21 @@
+
+
+
                                                                                                  SNATIPRanges
                                                                                                  
+
                                                                                                  Check Items
                                                                                                  Check whether the SNATIPRanges value has changed after the upgrade. This check is available only for CCE Turbo clusters.
                                                                                                  
+
                                                                                                  
+
                                                                                                  What Is SNATIPRanges?
                                                                                                  In a CCE Turbo cluster, the CIDR blocks in SNATIPRanges are reserved for the cloud service. When a pod is created, the SNATIPRanges configuration will be automatically written into the pod's route table for the pod to access other cloud services.
                                                                                                  
+
                                                                                                  To check the SNATIPRanges value of a cluster, run the following command:
                                                                                                  
+
                                                                                                  kubectl get yc default -oyaml | grep snatIPRanges
                                                                                                  
+
                                                                                                  You can also run the ip route command in the pod to check the pod's route table.
                                                                                                  
+
                                                                                                  
+
                                                                                                  
+
                                                                                                  Solution
                                                                                                  When you update SNATIPRanges in a region's backbone configuration, the change takes effect after the cluster is upgraded. However, the pod's route table will not be automatically updated. To fix this, simply restart the pod to refresh its route table.
                                                                                                  
+
                                                                                                  CCE automatically checks if the SNATIPRanges configuration has been updated before a cluster upgrade. You can manually skip this check item and restart the pod after the upgrade to update its route table.
                                                                                                  
+
                                                                                                  
+
                                                                                                  
+
+
diff --git a/docs/cce/umn/cce_10_0531.html b/docs/cce/umn/cce_10_0531.html
new file mode 100644
index 000000000..3a80ac8b3
--- /dev/null
+++ b/docs/cce/umn/cce_10_0531.html
@@ -0,0 +1,16 @@
+
+
+
                                                                                                  Add-on Configuration Consistency
                                                                                                  
+
                                                                                                  Check Items
                                                                                                  Manual modifications to add-on configuration parameters (typically ConfigMaps), instead of modifications through the CCE console or APIs, may be overwritten after an upgrade, potentially affecting service operation.
                                                                                                  
+
                                                                                                  
+
                                                                                                  Solution
                                                                                                  • Non-forced upgrades
                                                                                                    • When upgrading your cluster, if the add-on version is compatible with both the source and target cluster versions, you need to determine whether to upgrade the add-on version.
                                                                                                    • If the add-on configurations are inconsistent but a forced upgrade is not required, you can skip this check item and leave the add-on upgrade option unselected during the cluster upgrade.
                                                                                                    
+
                                                                                                  • Forced upgrades
                                                                                                    • If the add-on version is no longer compatible with the upgraded cluster version, you must upgrade the add-on version.
                                                                                                    • If the add-on configurations are inconsistent and a forced upgrade is required, you cannot skip this check item. In this case, reconfigure the add-on parameters through the CCE console or APIs to ensure configuration consistency before proceeding with the upgrade.
                                                                                                    
+
                                                                                                  
+
                                                                                                  
+
                                                                                                  
+
+
diff --git a/docs/cce/umn/cce_10_0549.html b/docs/cce/umn/cce_10_0549.html
index 1b29ea8a1..3733c4c99 100644
--- a/docs/cce/umn/cce_10_0549.html
+++ b/docs/cce/umn/cce_10_0549.html
@@ -57,7 +57,7 @@
 
 
                                                                                            
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                            Category
                                                                                            
diff --git a/docs/cce/umn/cce_10_0476.html b/docs/cce/umn/cce_10_0476.html
index fe07e7189..2e2cc395f 100644
--- a/docs/cce/umn/cce_10_0476.html
+++ b/docs/cce/umn/cce_10_0476.html
@@ -18,32 +18,43 @@
                                                                                             		
 
                                                                                            Tunnel Network
                                                                                            
 
                                                                                            Cloud Native 2.0 Network
                                                                                            
+
                                                                                            Cloud Native Network 2.0
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            HCE OS 2.0
                                                                                            
+
                                                                                            HCE OS 2.0
                                                                                            
 
                                                                                            v1.30
                                                                                            
+
                                                                                            v1.31
                                                                                            
                                                                                             		
 
                                                                                            √
                                                                                            
                                                                                             		
 
                                                                                            √
                                                                                            
 
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
 
                                                                                            5.10.0-182.0.0.95.r1941_123.hce2.x86_64
                                                                                            
+
                                                                                            5.10.0-182.0.0.95.r2220_156.hce2.x86_64
                                                                                            
                                                                                             		
 
                                                                                            v1.29
                                                                                            
+
                                                                                            v1.30
                                                                                            
 
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
 
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
 
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
 
                                                                                            5.10.0-182.0.0.95.r1941_123.hce2.x86_64
                                                                                            
+
                                                                                            5.10.0-182.0.0.95.r2220_156.hce2.x86_64
                                                                                            
+
                                                                                            v1.29
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            5.10.0-182.0.0.95.r2220_156.hce2.x86_64
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            v1.28
                                                                                            
@@ -54,7 +65,7 @@
                                                                                             		
 
                                                                                            √
                                                                                            
 
                                                                                            5.10.0-182.0.0.95.r1941_123.hce2.x86_64
                                                                                            
+
                                                                                            5.10.0-182.0.0.95.r2220_156.hce2.x86_64
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            v1.27
                                                                                            
@@ -65,7 +76,7 @@
                                                                                             		
 
                                                                                            √
                                                                                            
 
                                                                                            5.10.0-182.0.0.95.r1941_123.hce2.x86_64
                                                                                            
+
                                                                                            5.10.0-182.0.0.95.r2220_156.hce2.x86_64
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            v1.25
                                                                                            
@@ -76,88 +87,110 @@
                                                                                             		
 
                                                                                            √
                                                                                            
 
                                                                                            5.10.0-182.0.0.95.r1941_123.hce2.x86_64
                                                                                            
+
                                                                                            5.10.0-182.0.0.95.r2220_156.hce2.x86_64
                                                                                            
                                                                                             		
 
                                                                                            Ubuntu 22.04
                                                                                            
+
                                                                                            Ubuntu 22.04
                                                                                            
 
                                                                                            v1.30
                                                                                            
+
                                                                                            v1.31
                                                                                            
                                                                                             		
 
                                                                                            √
                                                                                            
 
                                                                                            x
                                                                                            
+
                                                                                            ×
                                                                                            
 
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
 
                                                                                            5.15.0-113-generic
                                                                                            
+
                                                                                            5.15.0-126-generic
                                                                                            
                                                                                             		
 
                                                                                            v1.29
                                                                                            
+
                                                                                            v1.30
                                                                                            
 
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
 
                                                                                            x
                                                                                            
+
                                                                                            ×
                                                                                            
 
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
 
                                                                                            5.15.0-113-generic
                                                                                            
+
                                                                                            5.15.0-126-generic
                                                                                            
+
                                                                                            v1.29
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            ×
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            5.15.0-126-generic
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            v1.28
                                                                                            
                                                                                             		
 
                                                                                            √
                                                                                            
 
                                                                                            x
                                                                                            
+
                                                                                            ×
                                                                                            
                                                                                             		
 
                                                                                            √
                                                                                            
 
                                                                                            5.15.0-113-generic
                                                                                            
+
                                                                                            5.15.0-126-generic
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            v1.27
                                                                                            
                                                                                             		
 
                                                                                            √
                                                                                            
 
                                                                                            x
                                                                                            
+
                                                                                            ×
                                                                                            
                                                                                             		
 
                                                                                            √
                                                                                            
 
                                                                                            5.15.0-113-generic
                                                                                            
+
                                                                                            5.15.0-126-generic
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            v1.25
                                                                                            
                                                                                             		
 
                                                                                            √
                                                                                            
 
                                                                                            x
                                                                                            
+
                                                                                            ×
                                                                                            
                                                                                             		
 
                                                                                            √
                                                                                            
 
                                                                                            5.15.0-113-generic
                                                                                            
+
                                                                                            5.15.0-126-generic
                                                                                            
                                                                                             		
 
                                                                                            EulerOS release 2.9
                                                                                            
+
                                                                                            EulerOS release 2.9
                                                                                            
 
                                                                                            v1.30
                                                                                            
+
                                                                                            v1.31
                                                                                            
                                                                                             		
 
                                                                                            √
                                                                                            
                                                                                             		
 
                                                                                            √
                                                                                            
 
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
 
                                                                                            4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                                                                                            
+
                                                                                            4.18.0-147.5.1.6.h1447.eulerosv2r9.x86_64
                                                                                            
                                                                                             		
 
                                                                                            v1.29
                                                                                            
+
                                                                                            v1.30
                                                                                            
 
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
 
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
 
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
 
                                                                                            4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                                                                                            
+
                                                                                            4.18.0-147.5.1.6.h1447.eulerosv2r9.x86_64
                                                                                            
+
                                                                                            v1.29
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            4.18.0-147.5.1.6.h1447.eulerosv2r9.x86_64
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            v1.28
                                                                                            
@@ -168,7 +201,7 @@
                                                                                             		
 
                                                                                            √
                                                                                            
 
                                                                                            4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                                                                                            
+
                                                                                            4.18.0-147.5.1.6.h1447.eulerosv2r9.x86_64
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            v1.27
                                                                                            
@@ -179,7 +212,7 @@
                                                                                             		
 
                                                                                            √
                                                                                            
 
                                                                                            4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                                                                                            
+
                                                                                            4.18.0-147.5.1.6.h1447.eulerosv2r9.x86_64
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            v1.25
                                                                                            
@@ -190,7 +223,7 @@
                                                                                             		
 
                                                                                            √
                                                                                            
 
                                                                                            4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                                                                                            
+
                                                                                            4.18.0-147.5.1.6.h1447.eulerosv2r9.x86_64
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            v1.23
                                                                                            
@@ -201,7 +234,7 @@
                                                                                             		
 
                                                                                            √
                                                                                            
 
                                                                                            4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                                                                                            
+
                                                                                            4.18.0-147.5.1.6.h1447.eulerosv2r9.x86_64
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            v1.21
                                                                                            
@@ -212,7 +245,7 @@
                                                                                             		
 
                                                                                            √
                                                                                            
 
                                                                                            4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                                                                                            
+
                                                                                            4.18.0-147.5.1.6.h1447.eulerosv2r9.x86_64
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            v1.19
                                                                                            
@@ -223,7 +256,53 @@
                                                                                             		
 
                                                                                            √
                                                                                            
 
                                                                                            4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                                                                                            
+
                                                                                            4.18.0-147.5.1.6.h1447.eulerosv2r9.x86_64
                                                                                            
+
                                                                                            EulerOS release 2.5
                                                                                            
+
                                                                                            v1.25
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                                                            
+
                                                                                            v1.23
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                                                            
+
                                                                                            v1.21
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                                                            
+
                                                                                            v1.19
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            √
                                                                                            
+
                                                                                            3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                                                            
                                                                                             		
 
                                                                                            
                                                                                             
 
 
 
 
 
 
 
 
                                                                                            Security Groups
                                                                                            
 
                                                                                            Check whether the Protocol & Port of the worker node security groups is set to ICMP: All and whether the security group with the source IP address set to the master node security group is deleted.
                                                                                            
+
                                                                                            Check whether the Protocol & Port of the worker node security groups is set to ICMP: All and whether the security group rule with the source IP address set to the master node security group has been deleted.
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            8
                                                                                            
@@ -155,7 +155,7 @@
                                                                                             		
 
                                                                                            Node CPU Cores
                                                                                            
 
                                                                                            Check and make sure that the master nodes in your cluster have more than 2 CPU cores.
                                                                                            
+
                                                                                            Verify that the master nodes in your cluster have more than 2 CPU cores.
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            22
                                                                                            
@@ -365,9 +365,9 @@
 
                                                                                            
 
                                                                                            51
                                                                                            
 
                                                                                            GPU Add-on
                                                                                            
+
                                                                                            CCE AI Suite (NVIDIA GPU)
                                                                                            
 
                                                                                            The GPU add-on is involved in the upgrade, which may affect the GPU driver installation during the creation of a GPU node.
                                                                                            
+
                                                                                            CCE AI Suite (NVIDIA GPU) is involved in the upgrade, which may affect the GPU driver installation during the creation of a GPU node.
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            52
                                                                                            
@@ -400,9 +400,9 @@
 
                                                                                            
 
                                                                                            56
                                                                                            
 
                                                                                            nginx-ingress Upgrade
                                                                                            
+
                                                                                            NGINX Ingress Controller
                                                                                            
 
                                                                                            Check whether there are compatibility issues that may occur during nginx-ingress upgrade.
                                                                                            
+
                                                                                            Check whether there are compatibility issues that may occur during NGINX Ingress Controller upgrade.
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            57
                                                                                            
@@ -414,9 +414,9 @@
 
                                                                                            
 
                                                                                            58
                                                                                            
 
                                                                                            Key GPU Add-on Parameters
                                                                                            
+
                                                                                            Key CCE AI Suite (NVIDIA GPU) Parameters
                                                                                            
 
                                                                                            Check whether the configuration of the CCE AI Suite add-on in a cluster has been intrusively modified. If so, upgrading the cluster may fail.
                                                                                            
+
                                                                                            Check whether the configuration of CCE AI Suite (NVIDIA GPU) in a cluster has been intrusively modified. If so, upgrading the cluster may fail.
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            59
                                                                                            
@@ -479,7 +479,7 @@
                                                                                             		
 
                                                                                            Compatibility Between the Ubuntu Kernel and GPU Driver
                                                                                            
 
                                                                                            Make sure that the GPU add-on and Ubuntu nodes are compatible before using them in a cluster. If the Ubuntu kernel is 5.15.0-113-generic, the driver of the GPU add-on must be 535.161.08 or later.
                                                                                            
+
                                                                                            Make sure that CCE AI Suite (NVIDIA GPU) and Ubuntu nodes are compatible before using them in a cluster. If the Ubuntu kernel is 5.15.0-113-generic, the driver of the GPU add-on must be 535.161.08 or later.
                                                                                            
                                                                                             		
 
                                                                                            
 
                                                                                            68
                                                                                            
@@ -517,6 +517,41 @@
 
                                                                                            Check whether any modifications have been made to the listener, forwarding policy, forwarding rule, backend cloud server group, backend cloud server, or certificate configurations that were automatically generated by the ingress on the ELB console.
                                                                                            
                                                                                             		
 
                                                                                            73
                                                                                            
+
                                                                                            Network Policies of Cluster Network Components
                                                                                            
+
                                                                                            Check the network policy settings on the master nodes in your cluster. If any manual modifications have been made, they will be reset during the upgrade.
                                                                                            
+
                                                                                            74
                                                                                            
+
                                                                                            Cluster and Node Pool Configurations
                                                                                            
+
                                                                                            Check whether the nic-max-above-warm-target value configured for the network component of the current cluster exceeds the maximum value allowed.
                                                                                            
+
                                                                                            75
                                                                                            
+
                                                                                            Time Zone of Master Nodes
                                                                                            
+
                                                                                            Check whether the time zone of the master nodes matches the cluster's time zone. If they are different, the master nodes will be updated to match the cluster's time zone during a rolling upgrade.
                                                                                            
+
                                                                                            76
                                                                                            
+
                                                                                            SNATIPRanges
                                                                                            
+
                                                                                            Check whether the SNATIPRanges value has changed after the upgrade. This check is available only for CCE Turbo clusters.
                                                                                            
+
                                                                                            77
                                                                                            
+
                                                                                            Add-on Configuration Consistency
                                                                                            
+
                                                                                            Manual modifications to add-on configuration parameters (typically ConfigMaps), instead of modifications through the CCE console or APIs, may be overwritten after an upgrade, potentially affecting service operation.
                                                                                            
+
                                                                                            
                                                                                             
 
                                                                                            
 
                                                                                            
diff --git a/docs/cce/umn/cce_10_0550.html b/docs/cce/umn/cce_10_0550.html
index 76576c01b..9fe92fa6e 100644
--- a/docs/cce/umn/cce_10_0550.html
+++ b/docs/cce/umn/cce_10_0550.html
@@ -107,7 +107,7 @@
 
 
                                                                                          10. CIDR Block of the Cluster Management Plane
                                                                                            
 
                                                                                            11. 
-
                                                                                          11. GPU Add-on
                                                                                            
+
                                                                                          12. CCE AI Suite (NVIDIA GPU)
                                                                                            
 
                                                                                            13. 
 
                                                                                          13. Nodes' System Parameters
                                                                                            
 
                                                                                            14. 
@@ -117,11 +117,11 @@
 
 
                                                                                          14. Node Swap
                                                                                            
 
                                                                                            15. 
-
                                                                                          15. nginx-ingress Upgrade
                                                                                            
+
                                                                                          16. NGINX Ingress Controller
                                                                                            
 
                                                                                            17. 
 
                                                                                          17. containerd Pod Restart Risks
                                                                                            
 
                                                                                            18. 
-
                                                                                          18. Key GPU Add-on Parameters
                                                                                            
+
                                                                                          19. Key CCE AI Suite (NVIDIA GPU) Parameters
                                                                                            
 
                                                                                            20. 
 
                                                                                          20. GPU Pod Rebuild Risks
                                                                                            
 
                                                                                            21. 
@@ -151,6 +151,16 @@
 
 
                                                                                          21. Ingress and ELB Configuration Consistency
                                                                                            
 
                                                                                            22. 
+
                                                                                          22. Network Policies of Cluster Network Components
                                                                                            
+
                                                                                            23. 
+
                                                                                          23. Cluster and Node Pool Configurations
                                                                                            
+
                                                                                            24. 
+
                                                                                          24. Time Zone of Master Nodes
                                                                                            
+
                                                                                            25. 
+
                                                                                          25. SNATIPRanges
                                                                                            
+
                                                                                            26. 
+
                                                                                          26. Add-on Configuration Consistency
                                                                                            
+
                                                                                            27. 
 
 
 
                                                                                            
diff --git a/docs/cce/umn/cce_10_0551.html b/docs/cce/umn/cce_10_0551.html
index 77da4fa30..c38ac0d4a 100644
--- a/docs/cce/umn/cce_10_0551.html
+++ b/docs/cce/umn/cce_10_0551.html
@@ -1,7 +1,8 @@
 
 
 
                                                                                            CPU Scheduling
                                                                                            
-
                                                                                            
+
                                                                                            
+
                                                                                            
 
                                                                                            
 
                                                                                              
 
                                                                                            • CPU Policy
                                                                                              
diff --git a/docs/cce/umn/cce_10_0552.html b/docs/cce/umn/cce_10_0552.html
index 257aa91b4..c30b481f1 100644
--- a/docs/cce/umn/cce_10_0552.html
+++ b/docs/cce/umn/cce_10_0552.html
@@ -17,15 +17,15 @@ spec:
         memory: "200Mi"
         cpu: "1"
 
                                                                                              This feature is built on the optimized CPU scheduling in the HCE OS 2.0 kernel. When the CPU usage preferentially used by a container exceeds 85%, the container is automatically allocated to other CPUs with low usage to ensure the response capability of applications.
                                                                                              
-
                                                                                              
+
                                                                                              
 
                                                                                               
                                                                                              • When enhanced CPU policy is enabled, the application performance is better than that of the none policy but worse than that of the static policy.
                                                                                              • CPU would not be exclusively used by burstable pods, it is still in the shared CPU pool. When the burstable pods are in the low tide, other pods can share this CPU.
                                                                                              
 
                                                                                              
 
                                                                                              Notes and Constraints
                                                                                              To use this feature, the following conditions must be met:
                                                                                              
-
                                                                                              • The cluster version must be v1.23 or later.
                                                                                              • The node OS is HCE OS 2.0.
                                                                                              • The CPU management policy cannot take effect on physical cloud server nodes.
                                                                                              
+
                                                                                              • The cluster version must be v1.23 or later.
                                                                                              • The node OS is HCE OS 2.0.
                                                                                              • The CPU management policy does not apply to ECS (PM) nodes in CCE Turbo clusters.
                                                                                              
 
                                                                                              
-
                                                                                              Procedure
                                                                                              1. Log in to the CCE console.
                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                              3. Select a node pool whose OS is HCE OS 2.0 and click Manage in the Operation column.
                                                                                              4. On the Manage Components page, change the cpu-manager-policy value to enhanced-static in the kubelet area.
                                                                                              5. Click OK.
                                                                                              
+
                                                                                              Procedure
                                                                                              1. Log in to the CCE console.
                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                              3. Select a node pool whose OS is HCE OS 2.0 and choose Manage in the Operation column.
                                                                                              4. On the Manage Configurations page, change the cpu-manager-policy value to enhanced-static in the kubelet area.
                                                                                              5. Click OK.
                                                                                              
 
                                                                                              
-
                                                                                              Verification
                                                                                              Take a node with 8 vCPUs and 32 GB memory as an example. Deploy a workload whose CPU request is 1 and limit is 2 in the cluster in advance.
                                                                                              
+
                                                                                              Verification
                                                                                              Take a node with 8 vCPUs and 32 GiB of memory as an example. Deploy a workload whose CPU request is 1 and limit is 2 in the cluster beforehand.
                                                                                              
 
                                                                                              1. Log in to a node in the node pool and view the /var/lib/kubelet/cpu_manager_state output.
                                                                                                cat /var/lib/kubelet/cpu_manager_state
                                                                                                
 
                                                                                                Command output:
                                                                                                
 
                                                                                                 {"policyName":"enhanced-static","defaultCpuSet":"0,2-7","entries":{"6739f6f2-ebe5-48ae-945a-986d5d8919b9":{"container-1":"0-7,10001"}},"checksum":1638128523}
                                                                                                
diff --git a/docs/cce/umn/cce_10_0553.html b/docs/cce/umn/cce_10_0553.html
index 737b9b8fe..0b5cd9f13 100644
--- a/docs/cce/umn/cce_10_0553.html
+++ b/docs/cce/umn/cce_10_0553.html
@@ -8,10 +8,16 @@
 
                                                                                                2. 
 
                                                                                              2. Collecting Container Logs
                                                                                                
 
                                                                                                3. 
+
                                                                                              3. Collecting Kubernetes Events
                                                                                                
+
                                                                                                4. 
+
                                                                                              4. Collecting Control Plane Component Logs
                                                                                                
+
                                                                                                5. 
+
                                                                                              5. Collecting Audit Logs
                                                                                                
+
                                                                                                6. 
 
                                                                                            
 
 
                                                                                            
-
                                                                                            Parent topic: Observability
                                                                                            
+
                                                                                            Parent topic: O&M
                                                                                            
 
                                                                                            
 
                                                                                            
 
diff --git a/docs/cce/umn/cce_10_0554.html b/docs/cce/umn/cce_10_0554.html
new file mode 100644
index 000000000..66190cdf4
--- /dev/null
+++ b/docs/cce/umn/cce_10_0554.html
@@ -0,0 +1,68 @@
+
+
+
                                                                                            Collecting Control Plane Component Logs
                                                                                            
+
                                                                                            CCE allows you to collect the logs of master nodes. On the Logging page, you can select one or more control plane components (kube-controller-manager, kube-apiserver, and kube-scheduler) whose logs need to be reported.
                                                                                            
+
                                                                                            Constraints
                                                                                            • The cluster version must be v1.21.7-r0 or later, v1.23.5-r0 or later, or 1.25.
                                                                                            • There is required LTS resource quota.
                                                                                            
+
                                                                                            
+
                                                                                            Control Plane Components
                                                                                            There are three control plane log types. Each log stream corresponds to a component of the Kubernetes control plane. To learn more about these components, see Kubernetes Components.
                                                                                            
+
+
                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                            Table 1 Control plane components
                                                                                            Log Type
                                                                                            
+
                                                                                            Component
                                                                                            
+
                                                                                            Log Stream
                                                                                            
+
                                                                                            Description
                                                                                            
+
                                                                                            Control plane component logs
                                                                                            
+
                                                                                            kube-apiserver
                                                                                            
+
                                                                                            kube-apiserver-{{clusterID}}
                                                                                            
+
                                                                                            Exposes Kubernetes APIs. For more information, see kube-apiserver.
                                                                                            
+
                                                                                            kube-controller-manager
                                                                                            
+
                                                                                            kube-controller-manager-{{clusterID}}
                                                                                            
+
                                                                                            Manages controllers and embeds the core control loops shipped with Kubernetes. For more information, see kube-controller-manager.
                                                                                            
+
                                                                                            kube-scheduler
                                                                                            
+
                                                                                            kube-scheduler-{{clusterID}}
                                                                                            
+
                                                                                            Manages when and where to run Pods in your cluster. For more information, see kube-scheduler.
                                                                                            
+
                                                                                            
+
                                                                                            
+
                                                                                            
+
                                                                                            Enabling Control Plane Logging
                                                                                            Enabling control plane logging during cluster creation
                                                                                            
+
                                                                                            1. Log in to the CCE console.
                                                                                            2. In the upper right corner, click Create Cluster. Then, configure the parameters and click Next: Select Add-on.
                                                                                            3. On the displayed page, select Cloud Native Log Collection and click Next: Add-on Configuration.
                                                                                            4. On the displayed page, select Control Plane Logs for Cloud Native Log Collection.
                                                                                              
+
                                                                                            5. Click Next: Confirm configuration.
                                                                                            
+
                                                                                            Enabling control plane logging for an existing cluster
                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Logging.
                                                                                            2. Click the Control Plane Logs tab and modify the settings in Logging Settings.
                                                                                              Figure 1 Modifying logging settings
                                                                                              
+
                                                                                            3. Determine whether to enable logging for each component. If yes, click .
                                                                                            
+
                                                                                            
+
                                                                                            
+
                                                                                            Viewing Control Plane Component Logs of the Target Cluster
                                                                                            Viewing control plane component logs of the target cluster on the CCE console
                                                                                            
+
                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Logging.
                                                                                            2. Click the Control Plane Logs tab and select the topic of logs to be viewed. For details about available control plane log types, see Control Plane Components. For details about related operations, see Log Tank Service User Guide.
                                                                                            
+
                                                                                            Viewing control plane component logs of the target cluster on the LTS console
                                                                                            
+
                                                                                            1. Log in to the LTS console and choose Log Management.
                                                                                            2. Search for the log group by cluster ID and click the log group name to view the log streams. For details, see Log Tank Service User Guide.
                                                                                            
+
                                                                                            
+
                                                                                            Disabling Control Plane Logging
                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Logging.
                                                                                            2. Click the Control Plane Logs tab. Then, modify the log setting.
                                                                                            3. Determine whether to enable logging for each component.If you enable logging, click .
                                                                                               
                                                                                              After you disable control plane logging, logs are no longer written to the original log stream, but the existing logs will not be deleted and expenses may be incurred for this.
                                                                                              
+
                                                                                              
+
                                                                                            
+
                                                                                            
+
                                                                                            
+
                                                                                            
+
                                                                                            
+
                                                                                            Parent topic: Logging
                                                                                            
+
                                                                                            
+
                                                                                            
+
diff --git a/docs/cce/umn/cce_10_0555.html b/docs/cce/umn/cce_10_0555.html
new file mode 100644
index 000000000..af3802b77
--- /dev/null
+++ b/docs/cce/umn/cce_10_0555.html
@@ -0,0 +1,83 @@
+
+
+
                                                                                            Collecting Container Logs Using the Cloud Native Log Collection Add-on
                                                                                            
+
                                                                                            The Cloud Native Log Collection add-on (Cloud Native Log Collection) is developed based on Fluent Bit and OpenTelemetry for collecting logs and Kubernetes events. This add-on supports CRD-based log collection policies. It collects and forwards stdout logs, container file logs, node logs, and Kubernetes events in a cluster based on configured policies.
                                                                                            
+
                                                                                            Constraints
                                                                                            • Up to 100 log rules can be created for each cluster.
                                                                                            • The Cloud Native Log Collection add-on cannot collect .gz, .tar, and .zip logs and cannot access symbolic links of logs.
                                                                                            • If the node storage driver is Device Mapper, container file logs must be collected from the path where the data disk is attached to the node.
                                                                                            • If the container runtime is containerd, each stdout log cannot be in multiple lines. (This does not apply to the Cloud Native Log Collection add-on of version 1.3.0 or later.)
                                                                                            • If a volume is mounted to the directory of a service container, this add-on cannot collect data from the parent directory. In this case, you need to configure a complete data directory.
                                                                                            • If the lifetime of a container is less than 1 minute, logs cannot be collected in a timely manner. As a result, logs may be lost.
                                                                                            
+
                                                                                            
+
                                                                                            Enabling Logging on the Console
                                                                                            1. Enable logging.
                                                                                              Enabling logging during cluster creation
                                                                                              
+
                                                                                              1. Log in to the CCE console.
                                                                                              2. Click Create Cluster from the top menu.
                                                                                              3. Configure the parameters by referring to Creating a CCE Standard/Turbo Cluster. Then, click Next: Select Add-on in the lower right corner.
                                                                                              4. On the Select Add-on page, select Cloud Native Log Collection.
                                                                                              5. Click Next: Add-on Configuration in the lower right corner and select the required logs.
                                                                                                • Container logs: A log collection policy named default-stdout will be created, and stdout logs in all namespaces will be reported to LTS.
                                                                                                • Kubernetes events: A log collection policy named default-event will be created, and Kubernetes events in all namespaces will be reported to LTS.
                                                                                                
+
                                                                                              6. Click Next: Confirm configuration in the lower right corner. On the displayed page, click Submit.
                                                                                              
+
                                                                                            2. View and configure log collection policies.
                                                                                              1. On the CCE console, click the cluster name to access the cluster console. In the navigation pane, choose Logging.
                                                                                              2. Click View Log Collection Policies in the upper right corner.
                                                                                                
+
                                                                                                All log collection policies reported to LTS are displayed.
                                                                                                
+
                                                                                              3. Click Create Log Collection Policy.
                                                                                                 
                                                                                                • To avoid log disorder, you are advised to select different log streams for reporting logs in the log collection policies of various log types.
                                                                                                • The following are requirements for configuring the container and node file log paths:
                                                                                                  • Log directory: Enter an absolute path, for example, /log. The path must start with a slash (/) and contain a maximum of 512 characters. Only uppercase letters, lowercase letters, digits, hyphens (-), underscores (_), slashes (/), asterisks (*), and question marks (?) are allowed.
                                                                                                  • Log file name: It can contain only uppercase letters, lowercase letters, digits, hyphens (-), underscores (_), asterisks (*), question marks (?), and periods (.). Logs in the format of .gz, .tar, and .zip are not supported.
                                                                                                  
+
                                                                                                  The directory and file names must be complete and support asterisks (*) and question marks (?) as wildcards. A maximum of three levels of directories can be matched using wildcards. The level-1 directory does not support wildcards. An asterisk (*) can match multiple characters. A question mark (?) can match only one character. For example:
                                                                                                  
+
                                                                                                  • If the directory is /var/logs/* and the file name is *.log, the match expression is /var/logs/*/*.log, indicating that any files with the extension .log in all level-1 directories in the /var/logs directory are matched. Note that this expression cannot match any files with the extension .log in the /var/logs directory and multi-level directories in the /var/logs directory.
                                                                                                  • If the directory is /var/logs/app_* and the file name is *.log, any log files with the extension .log in all directories that match app_* in the /var/logs directory will be reported.
                                                                                                  
+
                                                                                                
+
                                                                                                
+
+
                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                Table 1 Parameters of a custom policy
                                                                                                Parameter
                                                                                                
+
                                                                                                Description
                                                                                                
+
                                                                                                Log Type
                                                                                                
+
                                                                                                Container standard output: used to collect container stdout logs. You can create a log collection policy by namespace, workload name, or instance label.
                                                                                                
+
                                                                                                Container file log: used to collect text logs. You can specify a workload or instance label to create a log collection policy.
                                                                                                
+
                                                                                                Node file log: used to collect logs from a node. Only one file path can be configured for a log collection policy.
                                                                                                
+
                                                                                                Kubernetes Events: used to collect Kubernetes events. You can configure collection policies by namespace.
                                                                                                
+
                                                                                                Log Source
                                                                                                
+
                                                                                                • All containers: You can specify all containers in a namespace. If this parameter is not specified, logs of containers in all namespaces will be collected.
                                                                                                • Workload: You can specify a workload and its containers. If this parameter is not specified, logs of all containers running the workload will be collected.
                                                                                                • Workload with target label: You can specify a workload by label and its containers. If this parameter is not specified, logs of all containers running the workload will be collected.
                                                                                                
+
                                                                                                • Workload: You can specify a workload and its containers. If this parameter is not specified, logs of all containers running the workload will be collected.
                                                                                                • Workload with target label: You can specify a workload by label and its containers. If this parameter is not specified, logs of all containers running the workload will be collected.
                                                                                                
+
                                                                                                You also need to specify the log collection path. For details, see the log path configuration requirements.
                                                                                                
+
                                                                                                Collection Path: used to configure the log collection path. For details, see the log path configuration requirements.
                                                                                                
+
                                                                                                You can specify a namespace whose Kubernetes events are to be collected. If no namespace is specified, Kubernetes events in all namespaces are collected.
                                                                                                
+
                                                                                                Log Format
                                                                                                
+
                                                                                                • Single-line
                                                                                                  Each log contains only one line of text. The newline character \n denotes the start of a new log.
                                                                                                  
+
                                                                                                • Multi-line
                                                                                                  Some programs (for example, Java program) print a log that occupies multiple lines. By default, logs are collected by line. If you want to display logs as a single message, you can enable multi-line logging and use the regular pattern. When you select Multi-line, configure Log Matching Format.
                                                                                                  
+
                                                                                                  For example, if logs need to be collected by line and each log starts with a date and occupies three lines, you can set Log Matching Format to the regular expression of the date, for example, \d{4}-\d{2}-\d{2} \d{2}\:\d{2}\:\d{2}.*.
                                                                                                  
+
                                                                                                  The three lines starting with the date are regarded as a log.
                                                                                                  2022-01-01 00:00:00 Exception in thread "main" java.lang.RuntimeException: Something has gone wrong, aborting!
+at com.myproject.module.MyProject.badMethod(MyProject.java:22)
+at com.myproject.module.MyProject.oneMoreMethod(MyProject.java:18)
                                                                                                  
+
                                                                                                  
+
                                                                                                
+
                                                                                                
+
                                                                                                LTS Collection
                                                                                                
+
                                                                                                This parameter is used to configure the log group and log stream for log reporting.
                                                                                                
+
                                                                                                • Centralized: The default log group (k8s-log-{Cluster ID}) and default log stream (stdout-{Cluster ID}) are automatically selected.
                                                                                                • Custom: Select a log group and log stream from the drop-down list.
                                                                                                  • Log Group: A log group is the basic unit for LTS to manage logs. If you do not have a log group, CCE prompts you to create one. The default name is k8s-log-{Cluster ID}, for example, k8s-log-bb7eaa87-07dd-11ed-ab6c-0255ac1001b3.
                                                                                                  • Log Stream: A log stream is the basic unit for reading and writing logs. You can put different types of logs into different streams to ease management. When you install the add-on or create a log collection policy based on the policy template, the following log streams are automatically created:
                                                                                                    - stdout-{Cluster ID} for container logs, for example, stdout-bb7eaa87-07dd-11ed-ab6c-0255ac1001b3
                                                                                                    
+
                                                                                                    - event-{Cluster ID} for Kubernetes events, for example, event-bb7eaa87-07dd-11ed-ab6c-0255ac1001b3
                                                                                                    
+
                                                                                                  
+
                                                                                                
+
                                                                                                
+
                                                                                                
+
                                                                                                
+
                                                                                              
+
                                                                                            3. View the logs.
                                                                                              1. On the CCE console, click the cluster name to access the cluster console. In the navigation pane, choose Logging.
                                                                                              2. View different types of logs:
                                                                                              3. Click View Log Collection Policies in the upper right corner. Locate the log collection policy and click View Log to go to the log list.
                                                                                              
+
                                                                                            
+
                                                                                            
+
                                                                                            
+
                                                                                            
+
                                                                                            
+
                                                                                            Parent topic: Collecting Container Logs
                                                                                            
+
                                                                                            
+
                                                                                            
+
diff --git a/docs/cce/umn/cce_10_0557.html b/docs/cce/umn/cce_10_0557.html
index 9b0061973..3099bf636 100644
--- a/docs/cce/umn/cce_10_0557.html
+++ b/docs/cce/umn/cce_10_0557.html
@@ -1,8 +1,9 @@
 
 
 
                                                                                            Overview
                                                                                            
-
                                                                                            Kubernetes logs allow you to locate and rectify faults. This section describes how you can manage Kubernetes logs generated for CCE.
                                                                                            
-
+
                                                                                            Kubernetes logs allow you to locate and rectify faults. This section describes how to manage Kubernetes logs using different methods.
                                                                                            
+
                                                                                            The following are Kubernetes log management methods:
                                                                                            
+
 
                                                                                            
 
                                                                                            
 
                                                                                            
diff --git a/docs/cce/umn/cce_10_0566.html b/docs/cce/umn/cce_10_0566.html
index ec81b1bd4..607f45ddd 100644
--- a/docs/cce/umn/cce_10_0566.html
+++ b/docs/cce/umn/cce_10_0566.html
@@ -5,7 +5,7 @@
 
                                                                                            
 
                                                                                            Procedure
                                                                                            After creating a node based on New Node Check, create a DaemonSet workload to create pods on each node.
                                                                                            
 
                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                            2. In the navigation pane, choose Workloads. On the displayed page, click Create Workload or Create from YAML in the upper right corner. For details about how to create a DaemonSet, see Creating a DaemonSet.
                                                                                              It is a good practice to use the image for routine tests as the base image. You can deploy minimum pods for an application by referring to the following YAML file.
                                                                                              
-
                                                                                               
                                                                                              In this test, YAML deploys DaemonSet in the default namespace, uses ngxin:perl as the base image, requests 10m vCPUs and 10 MiB memory, and limits 100 MB CPU and 50 MiB memory.
                                                                                              
+
                                                                                               
                                                                                              In this test, a DaemonSet is deployed in the default namespace using YAML. It uses the nginx:perl base image and specifies a request of 10m vCPUs and 10 MiB of memory. The resource limits for this DaemonSet are set to 100m vCPUs and 50 MiB of memory.
                                                                                              
 
                                                                                              
 
                                                                                              apiVersion: apps/v1
 kind: DaemonSet
diff --git a/docs/cce/umn/cce_10_0601.html b/docs/cce/umn/cce_10_0601.html
index ec2cedbd9..358e01cbd 100644
--- a/docs/cce/umn/cce_10_0601.html
+++ b/docs/cce/umn/cce_10_0601.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                              Migrating Nodes from Docker to containerd
                                                                                              
-
                                                                                              Kubernetes has removed dockershim from v1.24 and does not support Docker by default. CCE is going to stop the support for Docker. Change the node container engine from Docker to containerd.
                                                                                              
+
                                                                                              As of Kubernetes v1.24, dockershim has been deprecated. To maintain compatibility and ensure continued support for future Kubernetes releases, switch your node's container runtime from Docker to the officially endorsed containerd.
                                                                                              
 
                                                                                              Prerequisites
                                                                                              
 
                                                                                              
 
                                                                                              Precautions
                                                                                              • Theoretically, migration during container running will interrupt services for a short period of time. Therefore, it is strongly recommended that the services to be migrated have been deployed as multi-instance. In addition, you are advised to test the migration impact in the test environment to minimize potential risks.
                                                                                              • containerd cannot build images. Do not use the docker build command to build images on containerd nodes. For other differences between Docker and containerd, see Container Engines.
                                                                                              
@@ -14,7 +14,7 @@
 
                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                              2. In the navigation pane, choose Nodes. On the Node Pools tab page, locate the Docker node pool to be copied and choose More > Copy in the Operation column.
                                                                                                
 
                                                                                              3. In the Configurations area, set Container Engine to containerd and modify other parameter settings as needed to create the node pool.
                                                                                                
 
                                                                                              4. Scale the number of created containerd node pools to the number of original Docker node pools and delete nodes from the Docker node pools one by one.
                                                                                                Rolling migration is preferred. That is, add some containerd nodes and then delete some Docker nodes until the number of nodes in the new containerd node pool is the same as that in the original Docker node pool.
                                                                                                
-
                                                                                                 
                                                                                                If you have set node affinity for the workloads deployed on the original Docker nodes or node pool, set affinity policies for the workloads to run on the new containerd nodes or node pool.
                                                                                                
+
                                                                                                 
                                                                                                If you have configured node affinity for the workloads deployed on the original Docker nodes or node pool, configure affinity policies for the workloads to run on the new containerd nodes or node pool.
                                                                                                
 
                                                                                                
 
                                                                                              5. After the migration, delete the original Docker node pool.
                                                                                              
 
                                                                                              
diff --git a/docs/cce/umn/cce_10_0602.html b/docs/cce/umn/cce_10_0602.html
index a084ae250..fa13e3621 100644
--- a/docs/cce/umn/cce_10_0602.html
+++ b/docs/cce/umn/cce_10_0602.html
@@ -1,20 +1,26 @@
 
 
 
                                                                                              Enabling Overload Control for a Cluster
                                                                                              
-
                                                                                              Scenario
                                                                                              After overload control is enabled, the number of simultaneous requests is dynamically regulated according to the resource pressure on the master nodes. This ensures that both the nodes and the cluster remain accessible.
                                                                                              
-
                                                                                              
+
                                                                                              Cluster overload occurs when system load such as request volume or resource usage exceeds the system's processing capacity, leading to degraded performance or system failure. Overload control is a dynamic mechanism that limits concurrent external requests based on the resource pressure of the master node, ensuring the stability and reliability of the master node and the cluster. In a CCE standard or Turbo cluster, you can enable cluster overload control, monitor cluster overload, and configure overload alarms to reduce the risk of cluster overload. For details, see Figure 1.
                                                                                              
+
                                                                                              Figure 1 Process of cluster overload control
                                                                                              
 
                                                                                              Notes and Constraints
                                                                                              The cluster version must be 1.23 or later.
                                                                                              
 
                                                                                              
-
                                                                                              Enabling Overload Control
                                                                                              Method 1: Enabling it when creating a cluster
                                                                                              
-
                                                                                              When creating a cluster of v1.23 or later, you can enable overload control during the cluster creation.
                                                                                              
-
                                                                                              Method 2: Enabling it in an existing cluster
                                                                                              
-
                                                                                              1. Log in to the CCE console and click the name of an existing cluster whose version is v1.23 or later.
                                                                                              2. On the Overview page, check the master node information. If overload control is not enabled, a message will be displayed. You can click Enable to enable the function.
                                                                                              
+
                                                                                              Enabling Overload Control
                                                                                              After overload control is enabled, CCE will proportionally reject external traffic based on the overload level when the master node is overloaded. This effectively reduces the load on the master node and ensures the stability and availability of the cluster.
                                                                                              
+
                                                                                              Method 1: Enable overload control when creating a cluster.
                                                                                              
+
                                                                                              1. When creating a cluster of v1.23 or later, enable Overload Control in (Optional) Advanced Settings > Cluster Scalability on the Buy Cluster page. After this function is enabled, CCE will dynamically adjust concurrent requests based on the master node's resource pressure to ensure the stability and reliability of the master node and the cluster.
                                                                                                
+
                                                                                              2. After the cluster is created, click the cluster name. The cluster Overview page is displayed. In the Master Nodes area at the lower right of the page, overload control has been enabled if the following information is displayed: Overload control enabled. An overloaded master node rejects external traffic proportionally based on the overload level.
                                                                                                
+
                                                                                              
+
                                                                                              Method 2: Enable overload control in an existing cluster.
                                                                                              
+
                                                                                              1. Log in to the CCE console and click the name of the cluster of v1.23 or later. The cluster Overview page is displayed.
                                                                                              2. In the Master Nodes area at the lower right of the page, click Enable.
                                                                                              3. In the Master Nodes area, overload control has been enabled if the following information is displayed: Overload control enabled. An overloaded master node rejects external traffic proportionally based on the overload level.
                                                                                                
+
                                                                                              
 
                                                                                              
-
                                                                                              Overload Monitoring
                                                                                              1. Log in to the CCE console and click the name of an existing cluster whose version is v1.23 or later.
                                                                                              2. On the Overview page, check the master node information. The overload level metric will be displayed.
                                                                                                The overload levels are as follows:
                                                                                                • Circuit breaking: Rejects all external traffic.
                                                                                                • Severe overload: Rejects 75% external traffic.
                                                                                                • Moderate overload: Rejects 50% external traffic.
                                                                                                • Slight overload: Rejects 25% external traffic.
                                                                                                • Normal: Does not reject external traffic.
                                                                                                
+
                                                                                                Overload Monitoring
                                                                                                You can monitor cluster metrics to promptly check the cluster overload status.
                                                                                                
+
                                                                                                1. Log in to the CCE console and click the name of an existing cluster whose version is v1.23 or later.
                                                                                                2. On the Overview page, check the master node information. The overload level metric will be displayed.
                                                                                                  The overload levels are as follows:
                                                                                                  • Circuit breaking: Rejects all external traffic.
                                                                                                  • Severe overload: Rejects 75% external traffic.
                                                                                                  • Moderate overload: Rejects 50% external traffic.
                                                                                                  • Slight overload: Rejects 25% external traffic.
                                                                                                  • Normal: Does not reject external traffic.
                                                                                                  
 
                                                                                                  
 
                                                                                                
 
                                                                                                
-
                                                                                                Disabling Cluster Overload Control
                                                                                                1. Log in to the CCE console and click the name of an existing cluster whose version is v1.23 or later.
                                                                                                2. In the navigation pane, choose Settings.
                                                                                                3. On the Cluster Access tab page, disable overload control.
                                                                                                4. Click OK.
                                                                                                
+
                                                                                                Disabling Cluster Overload Control
                                                                                                You can disable overload control when it is no longer needed. After overload control is disabled, the master node will no longer reject external traffic when overloaded. Exercise caution when performing this operation.
                                                                                                
+
                                                                                                1. Log in to the CCE console and click the name of an existing cluster whose version is v1.23 or later.
                                                                                                2. In the navigation pane, choose Settings.
                                                                                                3. On the Cluster Access tab page, disable overload control.
                                                                                                4. Click OK.
                                                                                                
 
                                                                                                
 
                                                                                                
 
                                                                                                
diff --git a/docs/cce/umn/cce_10_0603.html b/docs/cce/umn/cce_10_0603.html
index d8dce2774..d0197ae8a 100644
--- a/docs/cce/umn/cce_10_0603.html
+++ b/docs/cce/umn/cce_10_0603.html
@@ -5,7 +5,7 @@
 
                                                                                                For example, if a StatefulSet service needs to control the access of a cloud database, you can fix the pod IP address of the service and configure the security group of the cloud database to allow only the service IP address to access the database.
                                                                                                
 
                                                                                                
 
                                                                                                Notes and Constraints
                                                                                                • You can configure a static IP address for a pod only in CCE Turbo clusters of the following versions:
                                                                                                  • v1.25: v1.25.3-r0 or later
                                                                                                  • v1.25 or later
                                                                                                  
-
                                                                                                • Currently, only StatefulSet pods or pods without ownerReferences can be configured with static IP addresses. Deployments, DaemonSets, and other types of workloads cannot be configured with static IP addresses. In addition, pods with HostNetwork configured cannot be configured with static IP addresses.
                                                                                                • Do not configure static IP addresses for services that do not have specific requirements on pod IP addresses. Otherwise, the pod rebuilding takes a longer time and the IP address usage decreases.
                                                                                                • The annotations of the static IP address of the pod object cannot be directly modified. Otherwise, the modification does not take effect in the background. To modify the annotations, modify the annotations configuration in the spec.template field of the corresponding StatefulSet workload.
                                                                                                • If there are no ENIs left on the node where the pod with a static IP address is rebuilt and scheduled (the pre-bound ENIs also occupy the ENI quota), the static IP address ENIs preempt the pre-bound ENIs. In this case, the pod starts slightly slowly. If a node uses a static IP address, properly configure the dynamic pre-binding policy for the node to ensure that not all ENIs are pre-bound.
                                                                                                
+
                                                                                              3. Currently, only StatefulSet pods or pods without ownerReferences can be configured with static IP addresses. Deployments, DaemonSets, and other types of workloads cannot be configured with static IP addresses. In addition, pods with hostNetwork configured cannot be configured with static IP addresses.
                                                                                              4. Do not configure static IP addresses for services that do not have specific requirements on pod IP addresses. Otherwise, the pod rebuilding takes a longer time and the IP address usage decreases.
                                                                                              5. The annotations of the static IP address of the pod object cannot be directly modified. Otherwise, the modification does not take effect in the background. To modify the annotations, modify the annotations configuration in the spec.template field of the corresponding StatefulSet workload.
                                                                                              6. If there are no ENIs left on the node where the pod with a static IP address is rebuilt and scheduled (the pre-bound ENIs also occupy the ENI quota), the static IP address ENIs preempt the pre-bound ENIs. In this case, the pod starts slightly slowly. If a node uses a static IP address, properly configure the dynamic pre-binding policy for the node to ensure that not all ENIs are pre-bound.
                                                                                                7. 
 
                                                                                              
 
                                                                                              Using the CCE Console
                                                                                              When creating a workload on the console, you can set the static IP address for a pod in the Advanced Settings > Network Configuration area.
                                                                                              
 
                                                                                              • Whether to enable fixed IP addresses: After the function is enabled, the pod IP address does not change each time the pod is restarted.
                                                                                              • Recycling Interval: Retention period of related IP addresses after the pod is deleted. During this interval, the original pod IP address cannot be used by other pods.
                                                                                              
diff --git a/docs/cce/umn/cce_10_0604.html b/docs/cce/umn/cce_10_0604.html
index f34f6cc97..0c839f6b5 100644
--- a/docs/cce/umn/cce_10_0604.html
+++ b/docs/cce/umn/cce_10_0604.html
@@ -4,7 +4,7 @@
 
                                                                                              Application Scenarios
                                                                                              By default, pods with IPv6 dual-stack ENIs can access only the IPv6 private network. To access the public network, configure shared bandwidth for such pods.
                                                                                              
 
                                                                                              
 
                                                                                              Notes and Constraints
                                                                                              • Only CCE Turbo clusters are supported and the following constraints must be met:
                                                                                                • IPv6 dual stack has been enabled for the cluster.
                                                                                                • The cluster version is v1.23.8-r0, v1.25.3-r0, or later.
                                                                                                
-
                                                                                              • The number of IPv6 ENIs that can be added to a shared bandwidth is limited by the tenant quota. The default value is 20. 
                                                                                              • HostNetwork Pods are not supported.
                                                                                              • All types of workloads are supported. When configuring IPv6 shared bandwidth for workloads with the replicas attribute, such as Deployment and StatefulSet, ensure that the number of replicas and the maximum number of pods during the upgrade are less than the remaining quota of IPv6 ENIs that can be added to the shared bandwidth.
                                                                                              • IPv6 dual-stack pod configured with shared bandwidth: When a pod is created, the CNI returns a success message only after the IPv6 dual-stack ENI is inserted into the shared bandwidth. When a pod is deleted, the IPv6 dual-stack ENI is removed from the shared bandwidth after the pod is completely deleted or the pod is in the deleting status for 30 seconds.
                                                                                              • If the IPv6 dual-stack ENI corresponding to the pod fails to be added to the shared bandwidth, an alarm event FailedIPv6InsertBandwidth is generated on the pod, for example, when the quota is exceeded or flow control is triggered. Rectify the fault based on the alarm event.
                                                                                              • On the Shared Bandwidths page of the EIP console, go to the target shared bandwidth details page, and click the IPv6 Addresses tab. The IPv6 dual-stack ENI whose Associated Instance is CCE is displayed. Do not remove the ENI directly on the page or using VPC APIs, otherwise, your services may be affected.
                                                                                              
+
                                                                                            3. The number of IPv6 ENIs that can be added to a shared bandwidth is limited by the tenant quota. The default value is 20. 
                                                                                            4. hostNetwork Pods are not supported.
                                                                                            5. All types of workloads are supported. When configuring IPv6 shared bandwidth for workloads with the replicas attribute, such as Deployment and StatefulSet, ensure that the number of replicas and the maximum number of pods during the upgrade are less than the remaining quota of IPv6 ENIs that can be added to the shared bandwidth.
                                                                                            6. IPv6 dual-stack pod configured with shared bandwidth: When a pod is created, the CNI returns a success message only after the IPv6 dual-stack ENI is inserted into the shared bandwidth. When a pod is deleted, the IPv6 dual-stack ENI is removed from the shared bandwidth after the pod is completely deleted or the pod is in the deleting status for 30 seconds.
                                                                                            7. If the IPv6 dual-stack ENI corresponding to the pod fails to be added to the shared bandwidth, an alarm event FailedIPv6InsertBandwidth is generated on the pod, for example, when the quota is exceeded or flow control is triggered. Rectify the fault based on the alarm event.
                                                                                            8. On the Shared Bandwidths page of the EIP console, go to the target shared bandwidth details page, and click the IPv6 Addresses tab. The IPv6 dual-stack ENI whose Associated Instance is CCE is displayed. Do not remove the ENI directly on the page or using VPC APIs, otherwise, your services may be affected.
                                                                                              9. 
 
                                                                                            
 
                                                                                            Using the CCE Console
                                                                                            When creating a workload, you can set the IPv6 shared bandwidth on the Advanced Settings > Network Configuration area.
                                                                                            
 
                                                                                            
diff --git a/docs/cce/umn/cce_10_0605.html b/docs/cce/umn/cce_10_0605.html
index 6d0d8428b..7fa4e5410 100644
--- a/docs/cce/umn/cce_10_0605.html
+++ b/docs/cce/umn/cce_10_0605.html
@@ -67,7 +67,7 @@
 
                                                                                            Drainage Through the Console
                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                            2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                                                                            3. Locate the target node and choose More > Nodal Drainage in the Operation column.
                                                                                            4. In the Nodal Drainage window displayed, set parameters.
                                                                                              • Timeout (s): Node drain tasks automatically fail after the specified timeout expires. A value of 0 indicates that task will not time out.
                                                                                              • Forced Drainage: If this function is enabled, pods managed by DaemonSet will be ignored, and pods with emptyDir volumes and pods not managed by controllers will be deleted. For details, see Rules for Draining Nodes.
                                                                                              
 
                                                                                            5. Click OK and wait until the node drainage is complete.
                                                                                            
 
                                                                                            
-
                                                                                            Drainage Using kubectl
                                                                                            1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                            2. Edit the YAML file for drainage.
                                                                                              The following is an example of Drainage-test.yaml:
                                                                                              
+
                                                                                              Drainage Using kubectl
                                                                                              1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                              2. Edit the YAML file for drainage.
                                                                                                The following is an example of Drainage-test.yaml:
                                                                                                
 
                                                                                                apiVersion: node.cce.io/v1
 kind: Drainage
 metadata:
@@ -111,7 +111,7 @@ status:
 
                                                                                              
 
                                                                                              
 
                                                                                              Drainage Through APIs
                                                                                              1. Obtain the token in the region where the cluster is located. 
                                                                                              2. Based on the API format, find the URL for the node drainage API.
                                                                                                URL of the API for draining a node:
                                                                                                https://{clusterid}.Endpoint/apis/node.cce.io/v1/drainages
                                                                                                
-
                                                                                                • {clusterid}: cluster ID, which can be obtained on the Overview page of the CCE console.
                                                                                                • Endpoint: endpoint of CCE in the region where the cluster is located.
                                                                                                  For details about the value, see Regions and Endpoints.
                                                                                                  
+
                                                                                                  • {clusterid}: cluster ID, which can be obtained on the Overview page of the CCE console.
                                                                                                  • Endpoint: endpoint of CCE in the region where the cluster is located.
                                                                                                    For details about its value, see Regions and Endpoints.
                                                                                                    
 
                                                                                                  
 
                                                                                                
 
                                                                                              3. Use the POST request method and configure request header parameters.
                                                                                                curl --location --request POST 'https://{clusterid}.Endpoint/apis/node.cce.io/v1/drainages' \
@@ -176,7 +176,7 @@ status:
 
                                                                                                Cancellation Using kubectl
                                                                                                 
                                                                                                In clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions, node drainage can be canceled.
                                                                                                
 
                                                                                                This operation will abort drainage on nodes, but workloads that have been evicted from these nodes will not be automatically migrated back.
                                                                                                
 
                                                                                                
-
                                                                                                1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                2. Check drainage resources.
                                                                                                  kubectl get drainages
                                                                                                  
+
                                                                                                  1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                  2. Check drainage resources.
                                                                                                    kubectl get drainages
                                                                                                    
 
                                                                                                    Command output:
                                                                                                    NAME                         AGE
 192.168.1.67-1721616409999   13s
                                                                                                    
 
                                                                                                    
@@ -218,7 +218,7 @@ status:
 
                                                                                                  
 
                                                                                                
 
                                                                                                Cancellation Through APIs
                                                                                                1. Obtain the token in the region where the cluster is located. 
                                                                                                2. Based on the API format, find the URL for the node drainage API.
                                                                                                  URL of the API for canceling node drainage:
                                                                                                  https://{clusterid}.Endpoint/apis/node.cce.io/v1/drainages/{drainageName}
                                                                                                  
-
                                                                                                  • {clusterid}: cluster ID, which can be obtained on the Overview page of the CCE console.
                                                                                                  • Endpoint: endpoint of CCE in the region where the cluster is located.
                                                                                                    For details about the value, see Regions and Endpoints.
                                                                                                    
+
                                                                                                    • {clusterid}: cluster ID, which can be obtained on the Overview page of the CCE console.
                                                                                                    • Endpoint: endpoint of CCE in the region where the cluster is located.
                                                                                                      For details about its value, see Regions and Endpoints.
                                                                                                      
 
                                                                                                    • {drainageName}: name of the drainage resource, which can be obtained by running the kubectl get drainages command.
                                                                                                    
 
                                                                                                  
 
                                                                                                3. Use the PATCH request method and configure request header parameters.
                                                                                                  curl --location --request PATCH 'https://{clusterid}.Endpoint/apis/node.cce.io/v1/drainages/{drainageName}' \
diff --git a/docs/cce/umn/cce_10_0614.html b/docs/cce/umn/cce_10_0614.html
index 6bfeb1cb7..04ea2e7fe 100644
--- a/docs/cce/umn/cce_10_0614.html
+++ b/docs/cce/umn/cce_10_0614.html
@@ -1,9 +1,9 @@
 
 
 
                                                                                                  Using an Existing EVS Disk Through a Static PV
                                                                                                  
-
                                                                                                  CCE allows you to create a PV using an existing EVS disk. After the PV is created, you can create a PVC and bind it to the PV. This mode applies if the underlying storage is available.
                                                                                                  
+
                                                                                                  CCE allows you to create a PV using an existing EVS disk. Then, you can create a PVC and bind it to the PV. This method is suitable for scenarios where underlying storage is available.
                                                                                                  
 
                                                                                                  Prerequisites
                                                                                                  • You have created a cluster and installed the CCE Container Storage (Everest) add-on in the cluster.
                                                                                                  • You have created an EVS disk that meets the following requirements:
                                                                                                    • The EVS disk cannot be a system disk or shared disk.
                                                                                                    • The EVS disk must be of the SCSI type (the default disk type is VBD when you create an EVS disk).
                                                                                                    • The EVS disk must be available and not used by other resources.
                                                                                                    • The AZ of the EVS disk must be the same as that of the cluster node. Otherwise, the EVS disk cannot be mounted and the pod cannot start.
                                                                                                    • If the EVS disk is encrypted, the key must be available.
                                                                                                    • EVS disks that have been partitioned are not supported.
                                                                                                    
-
                                                                                                  • To create a cluster using commands, ensure kubectl is used. For details, see Connecting to a Cluster Using kubectl.
                                                                                                  
+
                                                                                                4. To create a cluster using commands, ensure kubectl is used. For details, see Accessing a Cluster Using kubectl.
                                                                                                  5. 
 
                                                                                                
 
                                                                                                Notes and Constraints
                                                                                                • EVS disks cannot be attached across AZs and cannot be used by multiple workloads, multiple pods of the same workload, or multiple tasks. Data sharing of a shared disk is not supported between nodes in a CCE cluster. If an EVS disk is attached to multiple nodes, I/O conflicts and data cache conflicts may occur. Therefore, select only one pod when creating a Deployment that uses EVS disks.
                                                                                                • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS volumes mounted, the existing pods cannot be read or written when a new pod is scheduled to another node.
                                                                                                  For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS volumes mounted, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                  
 
                                                                                                
@@ -65,35 +65,35 @@
 
                                                                                              
 
                                                                                            3. Click Create to create a PVC and a PV.
                                                                                              You can choose Storage in the navigation pane and view the created PVC and PV on the PVCs and PVs tab pages, respectively.
                                                                                              
 
                                                                                            
-
                                                                                          27. Create an application.
                                                                                            1. Choose Workloads in the navigation pane. In the right pane, click the StatefulSets tab.
                                                                                            2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                              Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
-
                                                                                              Table 1 Mounting a storage volume
                                                                                              Parameter
                                                                                              
+
                                                                                            3. Create an application.
                                                                                              1. Choose Workloads in the navigation pane. In the right pane, click the StatefulSets tab.
                                                                                              2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Information area under Container Settings and choose Add Volume > PVC.
                                                                                                Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                
-
-
-
-
-
-
-
-
-
@@ -109,7 +109,7 @@
 
                                                                                                
-
                                                                                                Using an Existing EVS Disk Through kubectl
                                                                                                1. Use kubectl to access the cluster.
                                                                                                2. Create a PV. If a PV has been created in your cluster, skip this step.
                                                                                                  1. Create the pv-evs.yaml file.
                                                                                                    apiVersion: v1
+
                                                                                                    Using an Existing EVS Disk Through kubectl
                                                                                                    1. Use kubectl to access the cluster.
                                                                                                    2. Create a PV. If a PV has been created in your cluster, skip this step. When using a YAML file to create a PV, do not use parameters that are not declared in the file, such as status, spec.claimRef, and annotation.everest.io/set-disk-metadata. Otherwise, the PV may be abnormal.
                                                                                                      1. Create the pv-evs.yaml file.
                                                                                                        apiVersion: v1
 kind: PersistentVolume
 metadata:
   annotations:
@@ -132,8 +132,7 @@ spec:
       everest.io/disk-mode: SCSI           # Device type of the EVS disk. Only SCSI is supported.
       everest.io/disk-volume-type: SAS     # EVS disk type
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-      everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
-
+      everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
   persistentVolumeReclaimPolicy: Delete    # Reclaim policy
   storageClassName: csi-disk              # StorageClass name. The value must be csi-disk for EVS disks.
                                                                                                        
 
@@ -218,7 +217,7 @@ spec:
 
 
                                                                                                
-
@@ -233,7 +232,7 @@ metadata:
   namespace: default
   annotations:
       everest.io/disk-volume-type: SAS    # EVS disk type
-    everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
+    everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
 
   labels:
     failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed
@@ -244,7 +243,7 @@ spec:
   resources:
     requests:
       storage: 10Gi             # EVS disk capacity, ranging from 1 to 32768. The value must be the same as the storage size of the existing PV.
-  storageClassName: csi-disk    # StorageClass is EVS.
+  storageClassName: csi-disk    # The StorageClass is EVS.
   volumeName: pv-evs            # PV name
                                                                                                Table 1 Mounting a storage volume
                                                                                                Parameter
                                                                                                
 
                                                                                                Description
                                                                                                
+
                                                                                                Description
                                                                                                
                                                                                                 		
 
                                                                                                
 
                                                                                                PVC
                                                                                                
+
                                                                                                PVC
                                                                                                
 
                                                                                                Select an existing EVS volume.
                                                                                                
+
                                                                                                Select an existing EVS volume.
                                                                                                
 
                                                                                                An EVS volume can be mounted to only one workload.
                                                                                                
                                                                                                 		
 
                                                                                                Mount Path
                                                                                                
+
                                                                                                Mount Path
                                                                                                
 
                                                                                                Enter a mount path, for example, /tmp.
                                                                                                
+
                                                                                                Enter a mount path, for example, /tmp.
                                                                                                
 
                                                                                                This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                 NOTICE: 
                                                                                                If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                
 
                                                                                                
 
                                                                                                
                                                                                                 		
 
                                                                                                Subpath
                                                                                                
+
                                                                                                Subpath
                                                                                                
 
                                                                                                Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                
+
                                                                                                Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                
                                                                                                 		
 
                                                                                                Permission
                                                                                                
+
                                                                                                Permission
                                                                                                
 
                                                                                                • Read-only: You can only read the data in the mounted volumes.
                                                                                                • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                
+
                                                                                                • Read-only: You can only read the data in the mounted volumes.
                                                                                                • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                
                                                                                                 		
 
                                                                                                
                                                                                                 
 
 
                                                                                                Yes
                                                                                                
 
                                                                                                The StorageClass for EVS disks is csi-disk.
                                                                                                
+
                                                                                                StorageClass name, which is csi-disk for an EVS disk.
                                                                                                
                                                                                                 		
 
                                                                                                
                                                                                                 
 
 
                                                                                                
@@ -319,7 +318,7 @@ spec:
       - name: container-1
         image: nginx:latest
         volumeMounts:
-        - name: pvc-disk    # Volume name, which must be the same as the volume name in the volumes field.
+        - name: pvc-disk    # Volume name, which must be the same as the volume name in the volumes field
           mountPath: /data  # Location where the storage volume is mounted
       imagePullSecrets:
         - name: default-secret
diff --git a/docs/cce/umn/cce_10_0615.html b/docs/cce/umn/cce_10_0615.html
index 01f899779..4796352eb 100644
--- a/docs/cce/umn/cce_10_0615.html
+++ b/docs/cce/umn/cce_10_0615.html
@@ -2,13 +2,13 @@
 
 
                                                                                                Using an EVS Disk Through a Dynamic PV
                                                                                                CCE allows you to specify a StorageClass to automatically create an EVS disk and the corresponding PV. This function is applicable when no underlying storage volume is available.
                                                                                                
-
                                                                                                Prerequisites
                                                                                                
+
                                                                                                Prerequisites
                                                                                                
 
                                                                                                
 
                                                                                                Notes and Constraints
                                                                                                • EVS disks cannot be attached across AZs and cannot be used by multiple workloads, multiple pods of the same workload, or multiple tasks. Data sharing of a shared disk is not supported between nodes in a CCE cluster. If an EVS disk is attached to multiple nodes, I/O conflicts and data cache conflicts may occur. Therefore, select only one pod when creating a Deployment that uses EVS disks.
                                                                                                • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS volumes mounted, the existing pods cannot be read or written when a new pod is scheduled to another node.
                                                                                                  For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS volumes mounted, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                  
 
                                                                                                
 
                                                                                                • Resource tags can be added to dynamically created EVS disks. After the EVS disks are created, the resource tags cannot be updated on CCE. To update them, go to the EVS console. If you use an existing EVS disk to create a PV, you also need to add or update resource tags on the EVS console.
                                                                                                
 
                                                                                                
-
                                                                                                (Console) Automatically Creating an EVS Disk
                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                2. Dynamically create a PVC and PV.
                                                                                                  1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
+
                                                                                                    Automatically Creating an EVS Disk on the Console
                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                    2. Dynamically create a PVC and PV.
                                                                                                      1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
 
                                                                                                Table 3 Key parameters
                                                                                                Parameter
                                                                                                
@@ -291,7 +290,7 @@ spec:
 
                                                                                                Yes
                                                                                                
                                                                                                 		
 
                                                                                                StorageClass name, which must be the same as the StorageClass of the PV in 1.
                                                                                                
-
                                                                                                The StorageClass for EVS disks is csi-disk.
                                                                                                
+
                                                                                                The StorageClass for EVS volumes is csi-disk.
                                                                                                
                                                                                                 		
 
                                                                                                
 
 
                                                                                                Parameter
                                                                                                
                                                                                                 		
 
                                                                                                Description
                                                                                                
@@ -77,7 +77,7 @@
 
                                                                                                Resource Tag
                                                                                                
                                                                                                 		
 
                                                                                                You can add resource tags to classify resources, which is supported only when the Everest version in the cluster is 2.1.39 or later.
                                                                                                
-
                                                                                                You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                                                
+
                                                                                                You can create predefined tags on the TMS console. These tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                                                
 
                                                                                                CCE automatically creates system tags CCE-Cluster-ID={Cluster ID}, CCE-Cluster-Name={Cluster name}, and CCE-Namespace={Namespace name}. These tags cannot be modified.
                                                                                                
 
                                                                                                 NOTE: 
                                                                                                After a dynamic PV of the EVS type is created, the resource tags cannot be updated on the CCE console. To update these resource tags, go to the EVS console.
                                                                                                
 
                                                                                                
@@ -88,35 +88,35 @@
 
 
                                                                                              3. Click Create.
                                                                                                You can choose Storage in the navigation pane and view the created PVC and PV on the PVCs and PVs tab pages, respectively.
                                                                                                
 
                                                                                                4. 
-
                                                                                              4. Create an application.
                                                                                                1. Choose Workloads in the navigation pane. In the right pane, click the StatefulSets tab.
                                                                                                2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                  Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
-
                                                                                                  Table 1 Mounting a storage volume
                                                                                                  Parameter
                                                                                                  
+
                                                                                                3. Create an application.
                                                                                                  1. Choose Workloads in the navigation pane. In the right pane, click the StatefulSets tab.
                                                                                                  2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Information area under Container Settings and choose Add Volume > PVC.
                                                                                                    Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                    
-
-
-
-
-
-
-
-
-
@@ -139,9 +139,8 @@ metadata:
   namespace: default
   annotations:
       everest.io/disk-volume-type: SAS    # EVS disk type
-    everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
-
-    everest.io/disk-volume-tags: '{"key1":"value1","key2":"value2"}' # (Optional) Custom resource tags
+    everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
+    everest.io/disk-volume-tags: '{"key1":"value1","key2":"value2"}' # (Optional) Custom resource tags
     csi.storage.k8s.io/fstype: xfs    # (Optional) The file system is of the xfs type. If it is left blank, ext4 will be used by default.
     everest.io/csi.volume-name-prefix: test  # (Optional) Storage volume name prefix of the automatically created underlying storage
   labels:
@@ -152,8 +151,8 @@ spec:
   - ReadWriteOnce               # The value must be ReadWriteOnce for EVS disks.
   resources:
     requests:
-      storage: 10Gi             # EVS disk capacity, ranging from 1 to 32768.
-  storageClassName: csi-disk    # StorageClass is EVS.
+      storage: 10Gi             # EVS disk capacity, ranging from 1 to 32768
+  storageClassName: csi-disk    # The StorageClass is EVS.
                                                                                                    Table 1 Mounting a storage volume
                                                                                                    Parameter
                                                                                                    
 
                                                                                                    Description
                                                                                                    
+
                                                                                                    Description
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    PVC
                                                                                                    
+
                                                                                                    PVC
                                                                                                    
 
                                                                                                    Select an existing EVS volume.
                                                                                                    
+
                                                                                                    Select an existing EVS volume.
                                                                                                    
 
                                                                                                    An EVS volume can be mounted to only one workload.
                                                                                                    
                                                                                                     		
 
                                                                                                    Mount Path
                                                                                                    
+
                                                                                                    Mount Path
                                                                                                    
 
                                                                                                    Enter a mount path, for example, /tmp.
                                                                                                    
+
                                                                                                    Enter a mount path, for example, /tmp.
                                                                                                    
 
                                                                                                    This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                     NOTICE: 
                                                                                                    If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                    
 
                                                                                                    
 
                                                                                                    
                                                                                                     		
 
                                                                                                    Subpath
                                                                                                    
+
                                                                                                    Subpath
                                                                                                    
 
                                                                                                    Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                    
+
                                                                                                    Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                    
                                                                                                     		
 
                                                                                                    Permission
                                                                                                    
+
                                                                                                    Permission
                                                                                                    
 
                                                                                                    • Read-only: You can only read the data in the mounted volumes.
                                                                                                    • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                    
+
                                                                                                    • Read-only: You can only read the data in the mounted volumes.
                                                                                                    • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                    
                                                                                                     		
 
                                                                                                    
                                                                                                     
 
 
                                                                                                    
@@ -199,9 +198,9 @@ spec:
 
-
@@ -209,7 +208,7 @@ spec:
 
-
@@ -228,14 +227,15 @@ spec:
 
-
-
@@ -263,7 +263,7 @@ spec:
       - name: container-1
         image: nginx:latest
         volumeMounts:
-        - name: pvc-disk    # Volume name, which must be the same as the volume name in the volumes field.
+        - name: pvc-disk    # Volume name, which must be the same as the volume name in the volumes field
           mountPath: /data  # Location where the storage volume is mounted
       imagePullSecrets:
         - name: default-secret
diff --git a/docs/cce/umn/cce_10_0616.html b/docs/cce/umn/cce_10_0616.html
index f94e3deb0..6a48c0478 100644
--- a/docs/cce/umn/cce_10_0616.html
+++ b/docs/cce/umn/cce_10_0616.html
@@ -5,9 +5,9 @@
 
                                                                                                     
                                                                                                    When updating a StatefulSet in Kubernetes, it is not allowed to add or delete the volumeClaimTemplates field. This field can only be configured during the creation of the StatefulSet.
                                                                                                    
 
                                                                                                    
-
                                                                                                    Prerequisites
                                                                                                    
+
                                                                                                    Prerequisites
                                                                                                    
 
                                                                                                    
-
                                                                                                    Dynamically Mounting an EVS Disk on the Console
                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                    2. Choose Workloads in the navigation pane. In the right pane, click the StatefulSets tab.
                                                                                                    3. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select VolumeClaimTemplate.
                                                                                                    4. Click Create PVC. In the dialog box displayed, configure PVC parameters.
                                                                                                      Click Create.
+
                                                                                                      Dynamically Mounting an EVS Disk on the Console
                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                      2. Choose Workloads in the navigation pane. In the right pane, click the StatefulSets tab.
                                                                                                      3. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Information area under Container Settings and choose Add Volume > VCT.
                                                                                                      4. Click Create PVC. In the dialog box displayed, configure PVC parameters.
                                                                                                        Click Create.
 
                                                                                                    Table 2 Key parameters
                                                                                                    Parameter
                                                                                                    
                                                                                                     		
 
                                                                                                    No
                                                                                                    
 
                                                                                                    This field is optional. It is supported when the Everest version in the cluster is 2.1.39 or later.
                                                                                                    
+
                                                                                                    (Optional) This parameter is supported when the Everest version in the cluster is 2.1.39 or later.
                                                                                                    
 
                                                                                                    You can add resource tags to classify resources.
                                                                                                    
-
                                                                                                    You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                                                    
+
                                                                                                    You can create predefined tags on the TMS console. These tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                                                    
 
                                                                                                    CCE automatically creates system tags CCE-Cluster-ID={Cluster ID}, CCE-Cluster-Name={Cluster name}, and CCE-Namespace={Namespace name}. These tags cannot be modified.
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    No
                                                                                                    
 
                                                                                                    This field is optional. It specifies the file system type, which defaults to ext4.
                                                                                                    
+
                                                                                                    (Optional) This parameter specifies the file system type, which defaults to ext4.
                                                                                                    
 
                                                                                                    The value can be ext4 or xfs. The restrictions on using xfs are as follows:
                                                                                                    • The nodes must run CentOS 7, HCE OS 2.0, or Ubuntu 22.04, and the Everest version in the cluster must be 2.3.2 or later.
                                                                                                    • Only common containers are supported.
                                                                                                    
 
                                                                                                    
                                                                                                     		
 
                                                                                                    Yes
                                                                                                    
 
                                                                                                    Requested PVC capacity, in Gi. The value ranges from 1 to 32768.
                                                                                                    
+
                                                                                                    Requested PVC capacity, in Gi. The value is an integer ranging from 1 to 32768.
                                                                                                    
+
                                                                                                    If storage is set to a decimal, the value will be rounded up for the EVS disk. For example, if storage is set to 10.1Gi, an 11-GiB EVS disk will be created.
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    storageClassName
                                                                                                    
                                                                                                     		
 
                                                                                                    Yes
                                                                                                    
 
                                                                                                    The StorageClass for EVS disks is csi-disk.
                                                                                                    
+
                                                                                                    StorageClass name, which is csi-disk for an EVS disk.
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
 
                                                                                                    
-
@@ -72,7 +75,7 @@
 
-
@@ -236,7 +238,7 @@ spec:
 
-
@@ -255,14 +257,15 @@ spec:
 
-
-
@@ -288,7 +291,7 @@ statefulset-evs-1          1/1     Running   0             28s
                                                                                                    Expected output:
                                                                                                    lost+found
 static
                                                                                                    
-
                                                                                                  3. Run the following command to delete the pod named web-evs-auto-0:
                                                                                                    kubectl delete pod statefulset-evs-0
                                                                                                    
+
                                                                                                  4. Run the following command to delete the pod named statefulset-evs-0:
                                                                                                    kubectl delete pod statefulset-evs-0
                                                                                                    
 
                                                                                                    Expected output:
                                                                                                    
 
                                                                                                    pod "statefulset-evs-0" deleted
                                                                                                    
 
                                                                                                  5. After the deletion, the StatefulSet controller automatically creates a replica with the same name. Run the following command to check whether the files in the /data path have been modified:
                                                                                                    kubectl exec statefulset-evs-0 -- ls /data
                                                                                                    
diff --git a/docs/cce/umn/cce_10_0617.html b/docs/cce/umn/cce_10_0617.html
index 5aab99a27..081483cbd 100644
--- a/docs/cce/umn/cce_10_0617.html
+++ b/docs/cce/umn/cce_10_0617.html
@@ -5,6 +5,38 @@
 
                                                                                                    Expandable to petabytes, SFS provides fully hosted shared file storage, highly available and stable to handle data- and bandwidth-intensive applications
                                                                                                    
 
                                                                                                    • Standard file protocols: You can mount file systems as volumes to servers, the same as using local directories.
                                                                                                    • Data sharing: The same file system can be mounted to multiple servers, so that data can be shared.
                                                                                                    • Private network: Users can access data only in private networks of data centers.
                                                                                                    • Capacity and performance: The capacity of a single file system is high (PB level) and the performance is excellent (ms-level I/O latency).
                                                                                                    • Use cases: Deployments/StatefulSets in the ReadWriteMany mode and jobs created for high-performance computing (HPC), media processing, content management, web services, big data analysis, and workload process analysis
                                                                                                    
 
+
                                                                                                    Performance
                                                                                                    CCE supports SFS Capacity-Oriented. For more details, see File System Types.
                                                                                                    
+
+
                                                                                                    6. Parameter
                                                                                                    
                                                                                                     		
 
                                                                                                    Description
                                                                                                    
@@ -31,7 +31,10 @@
 
                                                                                                    
 
                                                                                                    Storage Classes
                                                                                                    
 
                                                                                                    The default StorageClass for EVS disks is csi-disk.
                                                                                                    
+
                                                                                                    The default StorageClasses for EVS disks are csi-disk and csi-disk-topology.
                                                                                                    
+
                                                                                                     NOTE: 
                                                                                                    If you use the csi-disk (EVS) StorageClass, a PVC and PV will be created immediately. The EVS disk is created with the PV, and then the PVC is bound to the PV.
                                                                                                    
+
                                                                                                    If you use the csi-disk-topology (EVS created with a delay) StorageClass, a PV will not be immediately created when a PVC is created. Instead, the pods that will be associated with the PVC are scheduled first, and then the EVS disk and PV are created, and finally the PV is bound to the PVC.
                                                                                                    
+
                                                                                                    
 
                                                                                                    You can customize a StorageClass and configure its reclaim policy and binding mode. For details, see Creating a StorageClass Using the CCE Console.
                                                                                                    
                                                                                                     		
 
                                                                                                    Resource Tag
                                                                                                    
                                                                                                     		
 
                                                                                                    You can add resource tags to classify resources, which is supported only when the Everest version in the cluster is 2.1.39 or later.
                                                                                                    
-
                                                                                                    You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency. 
                                                                                                    
+
                                                                                                    You can create predefined tags on the TMS console. These tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                                                    
 
                                                                                                    CCE automatically creates system tags CCE-Cluster-ID={Cluster ID}, CCE-Cluster-Name={Cluster name}, and CCE-Namespace={Namespace name}. These tags cannot be modified.
                                                                                                    
 
                                                                                                     NOTE: 
                                                                                                    After a dynamic PV of the EVS type is created, the resource tags cannot be updated on the CCE console. To update these resource tags, go to the EVS console.
                                                                                                    
 
                                                                                                    
@@ -147,9 +150,8 @@ spec:
         namespace: default
         annotations:
           everest.io/disk-volume-type: SAS    # EVS disk type
-          everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
-
-          everest.io/disk-volume-tags: '{"key1":"value1","key2":"value2"}' # (Optional) Custom resource tags
+          everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
+          everest.io/disk-volume-tags: '{"key1":"value1","key2":"value2"}' # (Optional) Custom resource tags
           csi.storage.k8s.io/fstype: xfs    # (Optional) The file system is of the xfs type. If it is left blank, ext4 will be used by default.
           everest.io/csi.volume-name-prefix: test  # (Optional) Storage volume name prefix of the automatically created underlying storage
         labels:
@@ -161,7 +163,7 @@ spec:
         resources:
           requests:
             storage: 10Gi             # EVS disk capacity, ranging from 1 to 32768
-        storageClassName: csi-disk    # StorageClass is EVS
+        storageClassName: csi-disk    # The StorageClass is EVS.
 ---
 apiVersion: v1
 kind: Service
@@ -226,9 +228,9 @@ spec:
                                                                                                     		
 
                                                                                                    No
                                                                                                    
 
                                                                                                    This field is optional. It is supported when the Everest version in the cluster is 2.1.39 or later.
                                                                                                    
+
                                                                                                    (Optional) This parameter is supported when the Everest version in the cluster is 2.1.39 or later.
                                                                                                    
 
                                                                                                    You can add resource tags to classify resources.
                                                                                                    
-
                                                                                                    You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                                                    
+
                                                                                                    You can create predefined tags on the TMS console. These tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                                                    
 
                                                                                                    CCE automatically creates system tags CCE-Cluster-ID={Cluster ID}, CCE-Cluster-Name={Cluster name}, and CCE-Namespace={Namespace name}. These tags cannot be modified.
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    No
                                                                                                    
 
                                                                                                    This field is optional. It specifies the file system type, which defaults to ext4.
                                                                                                    
+
                                                                                                    (Optional) This parameter specifies the file system type, which defaults to ext4.
                                                                                                    
 
                                                                                                    The value can be ext4 or xfs. The restrictions on using xfs are as follows:
                                                                                                    • The nodes must run CentOS 7, HCE OS 2.0, or Ubuntu 22.04, and the Everest version in the cluster must be 2.3.2 or later.
                                                                                                    • Only common containers are supported.
                                                                                                    
 
                                                                                                    
                                                                                                     		
 
                                                                                                    Yes
                                                                                                    
 
                                                                                                    Requested PVC capacity, in Gi. The value ranges from 1 to 32768.
                                                                                                    
+
                                                                                                    Requested PVC capacity, in Gi. The value is an integer ranging from 1 to 32768.
                                                                                                    
+
                                                                                                    If storage is set to a decimal, the value will be rounded up for the EVS disk. For example, if storage is set to 10.1Gi, an 11-GiB EVS disk will be created.
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    storageClassName
                                                                                                    
                                                                                                     		
 
                                                                                                    Yes
                                                                                                    
 
                                                                                                    The StorageClass for EVS disks is csi-disk.
                                                                                                    
+
                                                                                                    StorageClass name, which is csi-disk for an EVS disk.
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
 
 
                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                    Table 1 Performance
                                                                                                    Parameter
                                                                                                    
+
                                                                                                    SFS Capacity-Oriented
                                                                                                    
+
                                                                                                    Maximum bandwidth
                                                                                                    
+
                                                                                                    2 GB/s
                                                                                                    
+
                                                                                                    Maximum IOPS
                                                                                                    
+
                                                                                                    2000
                                                                                                    
+
                                                                                                    Latency
                                                                                                    
+
                                                                                                    3–20 ms
                                                                                                    
+
                                                                                                    Maximum capacity
                                                                                                    
+
                                                                                                    4 PB
                                                                                                    
+
                                                                                                    
+
                                                                                                    
+
                                                                                                    
 
                                                                                                    Application Scenarios
                                                                                                    SFS supports the following mounting modes based on application scenarios:
                                                                                                    
 
                                                                                                    • Using an Existing SFS File System Through a Static PV: static creation mode, where you use an existing SFS volume to create a PV and then mount storage to the workload through a PVC. This mode applies if the underlying storage is available.
                                                                                                    • Using an SFS File System Through a Dynamic PV: dynamic creation mode, in which you do not need to create SFS file systems beforehand. Instead, specify a StorageClass when creating a PVC. Then, a file system and PV will be created automatically. This mode applies to scenarios where no underlying storage is available.
                                                                                                    
 
                                                                                                    
diff --git a/docs/cce/umn/cce_10_0619.html b/docs/cce/umn/cce_10_0619.html
index 87659773c..93cf093e8 100644
--- a/docs/cce/umn/cce_10_0619.html
+++ b/docs/cce/umn/cce_10_0619.html
@@ -2,9 +2,9 @@
 
 
                                                                                                    Using an Existing SFS File System Through a Static PV
                                                                                                    
 
                                                                                                    SFS is a network-attached storage (NAS) that provides shared, scalable, and high-performance file storage. It applies to large-capacity expansion and cost-sensitive services. This section describes how to use an existing SFS file system to statically create PVs and PVCs for data persistence and sharing in workloads.
                                                                                                    
-
                                                                                                    Prerequisites
                                                                                                    
+
                                                                                                    Prerequisites
                                                                                                    
 
                                                                                                    
-
                                                                                                    Notes and Constraints
                                                                                                    • Multiple PVs can use the same SFS or SFS Turbo file system with the following restrictions:
                                                                                                      • Do not mount the PVCs/PVs that use the same underlying SFS or SFS Turbo volume to one pod. This will lead to a pod startup failure because not all PVCs can be mounted to the pod due to the same volumeHandle value.
                                                                                                      • The persistentVolumeReclaimPolicy parameter in the PVs must be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                      • When the underlying volume is repeatedly used, enable isolation and protection for ReadWriteMany at the application layer to prevent data overwriting and loss.
                                                                                                      
+
                                                                                                      Notes and Constraints
                                                                                                      • Multiple PVs can use the same SFS or SFS Turbo file system with the following restrictions:
                                                                                                        • Do not mount multiple PVCs or PVs that use the same underlying SFS or SFS Turbo volume to a single pod. Doing so will cause pod startup failures, as not all PVCs can be mounted due to identical volumeHandle value.
                                                                                                        • The persistentVolumeReclaimPolicy parameter in the PVs must be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                        • When the underlying volume is repeatedly used, enable isolation and protection for ReadWriteMany at the application layer to prevent data overwriting and loss.
                                                                                                        
 
                                                                                                      
 
                                                                                                      
 
                                                                                                      Using an Existing SFS File System on the Console
                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                      2. Statically create a PVC and PV.
                                                                                                        1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
@@ -71,34 +71,34 @@
 
                                                                                                    
 
                                                                                                  6. Click Create to create a PVC and a PV.
                                                                                                    You can choose Storage in the navigation pane and view the created PVC and PV on the PVCs and PVs tab pages, respectively.
                                                                                                    
 
                                                                                                  
-
                                                                                                4. Create an application.
                                                                                                  1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                  2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                    Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
-
                                                                                                    Table 1 Mounting a storage volume
                                                                                                    Parameter
                                                                                                    
+
                                                                                                  3. Create an application.
                                                                                                    1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                    2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Information area under Container Settings and choose Add Volume > PVC.
                                                                                                      Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                      
-
-
-
-
-
-
-
-
-
@@ -111,24 +111,24 @@
 
                                                                                                      
-
                                                                                                      Using an Existing SFS Capacity-Oriented File System Through kubectl
                                                                                                      1. Use kubectl to access the cluster.
                                                                                                      2. Create a PV.
                                                                                                        1. Create the pv-sfs.yaml file.
                                                                                                          Example:
                                                                                                          apiVersion: v1
+
                                                                                                          Using an Existing SFS Capacity-Oriented File System Through kubectl
                                                                                                          1. Use kubectl to access the cluster.
                                                                                                          2. Create a PV.
                                                                                                            1. Create the pv-sfs.yaml file.
                                                                                                              Example:
                                                                                                              apiVersion: v1
 kind: PersistentVolume
 metadata:
   annotations:
     pv.kubernetes.io/provisioned-by: everest-csi-provisioner
     everest.io/reclaim-policy: retain-volume-only      # (Optional) The underlying volume is retained when the PV is deleted.
-  name: pv-sfs    # PV name
+  name: pv-sfs    # PV name
 spec:
   accessModes:
-  - ReadWriteMany      # Access mode. The value must be ReadWriteMany for SFS.
+  - ReadWriteMany      # Access mode. The value must be ReadWriteMany for SFS.
   capacity:
-    storage: 1Gi     # SFS volume capacity
+    storage: 1Gi     # SFS volume capacity
   csi:
     driver: nas.csi.everest.io    # Dependent storage driver for the mounting
     fsType: nfs
     volumeHandle: <your_volume_id>   # SFS Capacity-Oriented volume ID
     volumeAttributes:
-      everest.io/share-export-location: <your_location>  # Shared path of the SFS volume
+      everest.io/share-export-location: <your_location>  # Shared path of the SFS volume
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
   persistentVolumeReclaimPolicy: Retain    # Reclaim policy
   storageClassName: csi-nas               # StorageClass name. csi-nas indicates that SFS Capacity-Oriented is used.
@@ -147,8 +147,8 @@ spec:
 
 
                                                                                                      
-
-
-
                                                                                                      Table 1 Mounting a storage volume
                                                                                                      Parameter
                                                                                                      
 
                                                                                                      Description
                                                                                                      
+
                                                                                                      Description
                                                                                                      
                                                                                                       		
 
                                                                                                      
 
                                                                                                      PVC
                                                                                                      
+
                                                                                                      PVC
                                                                                                      
 
                                                                                                      Select an existing SFS volume.
                                                                                                      
+
                                                                                                      Select an existing SFS volume.
                                                                                                      
                                                                                                       		
 
                                                                                                      Mount Path
                                                                                                      
+
                                                                                                      Mount Path
                                                                                                      
 
                                                                                                      Enter a mount path, for example, /tmp.
                                                                                                      
+
                                                                                                      Enter a mount path, for example, /tmp.
                                                                                                      
 
                                                                                                      This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                       NOTICE: 
                                                                                                      If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                      
 
                                                                                                      
 
                                                                                                      
                                                                                                       		
 
                                                                                                      Subpath
                                                                                                      
+
                                                                                                      Subpath
                                                                                                      
 
                                                                                                      Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                      
+
                                                                                                      Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                      
                                                                                                       		
 
                                                                                                      Permission
                                                                                                      
+
                                                                                                      Permission
                                                                                                      
 
                                                                                                      • Read-only: You can only read the data in the mounted volumes.
                                                                                                      • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                      
+
                                                                                                      • Read-only: You can only read the data in the mounted volumes.
                                                                                                      • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                      
                                                                                                       		
 
                                                                                                      
                                                                                                       
 
 
                                                                                                      No
                                                                                                      
 
                                                                                                      Only retain-volume-only is supported.
                                                                                                      
-
                                                                                                      This parameter is valid only when the Everest version is 1.2.9 or later and the reclaim policy is Delete. If the reclaim policy is Delete and the current value is retain-volume-only, the associated PV is deleted while the underlying storage volume is retained, when a PVC is deleted.
                                                                                                      
+
                                                                                                      Only retain-volume-only is supported.
                                                                                                      
+
                                                                                                      This parameter is valid only when the Everest version is 1.2.9 or later and the reclaim policy is Delete. If the reclaim policy is Delete and the current value is retain-volume-only, the associated PV is deleted while the underlying storage volume is retained, when a PVC is deleted.
                                                                                                      
                                                                                                       		
 
                                                                                                      
 
                                                                                                      volumeHandle
                                                                                                      
@@ -169,7 +169,7 @@ spec:
 
                                                                                                      
 
                                                                                                      mountOptions
                                                                                                      
 
                                                                                                      Yes
                                                                                                      
+
                                                                                                      No
                                                                                                      
                                                                                                       		
 
                                                                                                      Mount options.
                                                                                                      
 
                                                                                                      If not specified, the following configurations are used by default. For details, see Configuring SFS Volume Mount Options.
                                                                                                      
@@ -185,17 +185,16 @@ spec:
 
                                                                                                      Yes
                                                                                                      
                                                                                                       		
 
                                                                                                      A reclaim policy is supported when the cluster version is or later than 1.19.10 and the Everest version is or later than 1.2.9.
                                                                                                      
-
                                                                                                      The Delete and Retain reclaim policies are supported. For details, see PV Reclaim Policy. If multiple PVs use the same SFS volume, use Retain to prevent the underlying volume from being deleted with a PV.
                                                                                                      
-
                                                                                                      Retain: When a PVC is deleted, both the PV and underlying storage resources will be retained. You need to manually delete these resources. After the PVC is deleted, the PV is in the Released state and cannot be bound to a PVC again.
                                                                                                      
-
                                                                                                      Delete: When a PVC is deleted, its PV will also be deleted.
                                                                                                      
+
                                                                                                      The Delete and Retain reclaim policies are supported. For details, see PV Reclaim Policy. If multiple PVs use the same SFS volume, use Retain to prevent the underlying volume from being deleted with a PV.
                                                                                                      
+
                                                                                                      Retain: When a PVC is deleted, both the PV and underlying storage resources will be retained. You need to manually delete these resources. After the PVC is deleted, the PV is in the Released state and cannot be bound to a PVC again.
                                                                                                      
+
                                                                                                      Delete: When a PVC is deleted, its PV will also be deleted.
                                                                                                      
                                                                                                       		
 
                                                                                                      
 
                                                                                                      storage
                                                                                                      
                                                                                                       		
 
                                                                                                      Yes
                                                                                                      
 
                                                                                                      Requested capacity in the PVC, in Gi.
                                                                                                      
-
                                                                                                      For SFS, this field is used only for verification (cannot be empty or 0). Its value is fixed at 1, and any value you set does not take effect for SFS file systems.
                                                                                                      
+
                                                                                                      Requested PVC capacity, in Gi. The value must be the same as that of the existing SFS Capacity-Oriented storage.
                                                                                                      
                                                                                                       		
 
                                                                                                      
 
                                                                                                      storageClassName
                                                                                                      
@@ -210,7 +209,7 @@ spec:
 
 
                                                                                                    3. Run the following command to create a PV:
                                                                                                      kubectl apply -f pv-sfs.yaml
                                                                                                      
 
                                                                                                      4. 
-
                                                                                                    4. Create a PVC.
                                                                                                      1. Create the pvc-sfs.yaml file.
                                                                                                        apiVersion: v1
+
                                                                                                      2. Create a PVC.
                                                                                                        1. Create the pvc-sfs.yaml file.
                                                                                                          apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: pvc-sfs
@@ -219,7 +218,7 @@ metadata:
     volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
 spec:
   accessModes:
-  - ReadWriteMany               # The value must be ReadWriteMany for SFS.
+  - ReadWriteMany               # The value must be ReadWriteMany for SFS.
   resources:
     requests:
       storage: 1Gi               # SFS volume capacity
@@ -261,7 +260,7 @@ spec:
 
 
                                                                                                        2. Run the following command to create a PVC:
                                                                                                          kubectl apply -f pvc-sfs.yaml
                                                                                                          
 
                                                                                                        
-
                                                                                                      3. Create an application.
                                                                                                        1. Create a file named web-demo.yaml. In this example, the SFS volume is mounted to the /data path.
                                                                                                          apiVersion: apps/v1
+
                                                                                                        2. Create an application.
                                                                                                          1. Create a file named web-demo.yaml. In this example, the SFS volume is mounted to the /data path.
                                                                                                            apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: web-demo
@@ -280,14 +279,14 @@ spec:
       - name: container-1
         image: nginx:latest
         volumeMounts:
-        - name: pvc-sfs-volume    # Volume name, which must be the same as the volume name in the volumes field
+        - name: pvc-sfs-volume    # Volume name, which must be the same as the volume name in the volumes field
           mountPath: /data  # Location where the storage volume is mounted
       imagePullSecrets:
         - name: default-secret
       volumes:
         - name: pvc-sfs-volume    # Volume name, which can be customized
           persistentVolumeClaim:
-            claimName: pvc-sfs    # Name of the created PVC
                                                                                                            
+            claimName: pvc-sfs    # Name of the created PVC
 
                                                                                                          2. Run the following command to create a workload to which the SFS volume is mounted:
                                                                                                            kubectl apply -f web-demo.yaml
                                                                                                            
 
                                                                                                            After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence and Sharing.
                                                                                                            
 
                                                                                                          
@@ -337,36 +336,36 @@ static
 
                                                                                                        
 
 
                                                                                                        Related Operations
                                                                                                        You can also perform the operations listed in Table 4.
-
                                                                                                        Table 4 Related operations
                                                                                                        Operation
                                                                                                        
+
                                                                                                        
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0620.html b/docs/cce/umn/cce_10_0620.html
index f32232d68..d4567d7c1 100644
--- a/docs/cce/umn/cce_10_0620.html
+++ b/docs/cce/umn/cce_10_0620.html
@@ -2,7 +2,7 @@
 
 
                                                                                                        Using an SFS File System Through a Dynamic PV
                                                                                                        This section describes how to use storage classes to dynamically create PVs and PVCs for data persistence and sharing in workloads.
                                                                                                        
-
                                                                                                        Prerequisites
                                                                                                        
+
                                                                                                        Prerequisites
                                                                                                        
 
                                                                                                        
 
                                                                                                        Automatically Creating an SFS File System on the Console
                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                        2. Dynamically create a PVC and PV.
                                                                                                          1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
 
                                                                                                        Table 4 Related operations
                                                                                                        Operation
                                                                                                        
 
                                                                                                        Description
                                                                                                        
+
                                                                                                        Description
                                                                                                        
 
                                                                                                        Procedure
                                                                                                        
+
                                                                                                        Procedure
                                                                                                        
                                                                                                         		
 
                                                                                                        
 
                                                                                                        Creating a storage volume (PV)
                                                                                                        
+
                                                                                                        Creating a storage volume (PV)
                                                                                                        
 
                                                                                                        Create a PV on the CCE console.
                                                                                                        
+
                                                                                                        Create a PV on the CCE console.
                                                                                                        
 
                                                                                                        1. Choose Storage in the navigation pane. In the right pane, click the PVs tab. Click Create PersistentVolume in the upper right corner. In the dialog box displayed, configure parameters.
                                                                                                          • Volume Type: Select SFS.
                                                                                                          • SFS: Click Select SFS. On the displayed page, select the SFS file system that meets your requirements and click OK.
                                                                                                          • PV Name: Enter the PV name, which must be unique in a cluster.
                                                                                                          • Access Mode: SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                          • Reclaim Policy: Delete or Retain is supported. For details, see PV Reclaim Policy.
                                                                                                             NOTE: 
                                                                                                            If multiple PVs use the same underlying storage volume, use Retain to prevent the underlying volume from being deleted with a PV.
                                                                                                            
+
                                                                                                        1. Choose Storage in the navigation pane. In the right pane, click the PVs tab. Click Create PersistentVolume in the upper right corner. In the dialog box displayed, configure parameters.
                                                                                                          • Volume Type: Select SFS.
                                                                                                          • SFS: Click Select SFS. On the displayed page, select the SFS file system that meets your requirements and click OK.
                                                                                                          • PV Name: Enter the PV name, which must be unique in a cluster.
                                                                                                          • Access Mode: SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                          • Reclaim Policy: Delete or Retain is supported. For details, see PV Reclaim Policy.
                                                                                                             NOTE: 
                                                                                                            If multiple PVs use the same underlying storage volume, use Retain to prevent the underlying volume from being deleted with a PV.
                                                                                                            
 
                                                                                                            
 
                                                                                                          • Mount Options: Enter the mounting parameter key-value pairs. For details, see Configuring SFS Volume Mount Options.
                                                                                                          
 
                                                                                                        2. Click Create.
                                                                                                        
                                                                                                         		
 
                                                                                                        Viewing events
                                                                                                        
+
                                                                                                        Viewing events
                                                                                                        
 
                                                                                                        View event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                        
+
                                                                                                        View event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                        
 
                                                                                                        1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                        2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (events are retained for one hour).
                                                                                                        
+
                                                                                                        1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                        2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (events are retained for one hour).
                                                                                                        
                                                                                                         		
 
                                                                                                        Viewing a YAML file
                                                                                                        
+
                                                                                                        Viewing a YAML file
                                                                                                        
 
                                                                                                        View, copy, or download the YAML file of a PVC or PV.
                                                                                                        
+
                                                                                                        View, copy, or download the YAML file of a PVC or PV.
                                                                                                        
 
                                                                                                        1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                        2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                        
+
                                                                                                        1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                        2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                        
                                                                                                         		
 
                                                                                                        
                                                                                                         
 
                                                                                                        
-
@@ -40,54 +40,44 @@
 
                                                                                                        For example, if the storage volume name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                        
-
-
-
-
-
-
                                                                                                        Parameter
                                                                                                        
@@ -24,12 +24,12 @@
 
                                                                                                        Creation Method
                                                                                                        
                                                                                                         		
 
                                                                                                        • If no underlying storage is available, select Dynamically provision to create a PVC, PV, and underlying storage on the console in cascading mode.
                                                                                                        • If underlying storage is available, create a PV or use an existing PV to statically create a PVC. For details, see Using an Existing SFS File System Through a Static PV.
                                                                                                        
-
                                                                                                        In this document, Dynamically provision is selected.
                                                                                                        
+
                                                                                                        In this example, select Dynamically provision.
                                                                                                        
                                                                                                         		
 
                                                                                                        
 
                                                                                                        Storage Classes
                                                                                                        
 
                                                                                                        The default StorageClass for SFS volumes is csi-nas.
                                                                                                        
+
                                                                                                        The default StorageClass of SFS volumes is csi-nas.
                                                                                                        
 
                                                                                                        You can customize a StorageClass and configure its reclaim policy and binding mode. For details, see Creating a StorageClass Using the CCE Console.
                                                                                                        
                                                                                                         		
 
                                                                                                        
 
 
                                                                                                        Capacity (GiB)
                                                                                                        
-
                                                                                                        The value cannot be less than 10.
                                                                                                        
-
                                                                                                        
 
                                                                                                        Access Mode
                                                                                                        
                                                                                                         		
 
                                                                                                        SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                        
                                                                                                         		
 
                                                                                                        Encryption
                                                                                                        
-
                                                                                                        Configure whether to encrypt underlying storage if the storage class is csi-nas. If you select Enabled (key), an encryption key must be configured.
                                                                                                        
-
                                                                                                        
 
 
                                                                                                        
 
                                                                                                        
 
                                                                                                      4. Click Create to create a PVC and a PV.
                                                                                                        You can choose Storage in the navigation pane and view the created PVC and PV on the PVCs and PVs tab pages, respectively.
                                                                                                        
 
                                                                                                        5. 
-
                                                                                                      5. Create an application.
                                                                                                        1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                        2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                          Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
-
                                                                                                          Table 1 Mounting a storage volume
                                                                                                          Parameter
                                                                                                          
+
                                                                                                        3. Create an application.
                                                                                                          1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                          2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Information area under Container Settings and choose Add Volume > PVC.
                                                                                                            Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                            
-
-
-
-
-
-
-
-
-
@@ -106,11 +96,8 @@ metadata:
   name: pvc-sfs-auto
   namespace: default
   annotations: 
-    everest.io/crypt-key-id: <your_key_id>      # (Optional) ID of the key for encrypting file systems
 
-    everest.io/crypt-alias: sfs/default         # (Optional) Key name. Mandatory for encrypting volumes.
 
-    everest.io/crypt-domain-id: <your_domain_id>   # (Optional) ID of the tenant to which an encrypted volume belongs. Mandatory for encrypting volumes.
 
     everest.io/csi.volume-name-prefix: test  # (Optional) Storage volume name prefix of the automatically created underlying storage
 spec:
@@ -119,7 +106,7 @@ spec:
   resources:
     requests:
       storage: 1Gi             # SFS volume capacity
-  storageClassName: csi-nas    # StorageClass is SFS. 
+  storageClassName: csi-nas    # The StorageClass is SFS.
                                                                                                            Table 1 Mounting a storage volume
                                                                                                            Parameter
                                                                                                            
 
                                                                                                            Description
                                                                                                            
+
                                                                                                            Description
                                                                                                            
                                                                                                             		
 
                                                                                                            
 
                                                                                                            PVC
                                                                                                            
+
                                                                                                            PVC
                                                                                                            
 
                                                                                                            Select an existing SFS volume.
                                                                                                            
+
                                                                                                            Select an existing SFS volume.
                                                                                                            
                                                                                                             		
 
                                                                                                            Mount Path
                                                                                                            
+
                                                                                                            Mount Path
                                                                                                            
 
                                                                                                            Enter a mount path, for example, /tmp.
                                                                                                            
+
                                                                                                            Enter a mount path, for example, /tmp.
                                                                                                            
 
                                                                                                            This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                             NOTICE: 
                                                                                                            If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                            
 
                                                                                                            
 
                                                                                                            
                                                                                                             		
 
                                                                                                            Subpath
                                                                                                            
+
                                                                                                            Subpath
                                                                                                            
 
                                                                                                            Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                            
+
                                                                                                            Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                            
                                                                                                             		
 
                                                                                                            Permission
                                                                                                            
+
                                                                                                            Permission
                                                                                                            
 
                                                                                                            • Read-only: You can only read the data in the mounted volumes.
                                                                                                            • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                            
+
                                                                                                            • Read-only: You can only read the data in the mounted volumes.
                                                                                                            • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                            
                                                                                                             		
 
                                                                                                            
                                                                                                             
 
 
                                                                                                            
@@ -134,14 +121,14 @@ spec:
 
-
diff --git a/docs/cce/umn/cce_10_0624.html b/docs/cce/umn/cce_10_0624.html
index 478a7795e..bf2740c52 100644
--- a/docs/cce/umn/cce_10_0624.html
+++ b/docs/cce/umn/cce_10_0624.html
@@ -6,7 +6,7 @@
 
                                                                                                            • Standard file protocols: You can mount file systems as volumes to servers, the same as using local directories.
                                                                                                            • Data sharing: The same file system can be mounted to multiple servers, so that data can be shared.
                                                                                                            • Private network: Users can access data only in private networks of data centers.
                                                                                                            • Data isolation: The on-cloud storage service provides exclusive cloud file storage, which delivers data isolation and ensures IOPS performance.
                                                                                                            • Use cases: Deployments/StatefulSets in the ReadWriteMany mode, DaemonSets, and jobs created for high-traffic websites, log storage, DevOps, and enterprise OA applications
                                                                                                            Application Scenarios
                                                                                                            SFS Turbo supports the following mounting modes:
                                                                                                            
-
+
 
                                                                                                            
diff --git a/docs/cce/umn/cce_10_0625.html b/docs/cce/umn/cce_10_0625.html
index 8f2b63a15..0aab5cd86 100644
--- a/docs/cce/umn/cce_10_0625.html
+++ b/docs/cce/umn/cce_10_0625.html
@@ -2,9 +2,9 @@
 
 
                                                                                                            Using an Existing SFS Turbo File System Through a Static PV
                                                                                                            
 
                                                                                                            SFS Turbo is a shared file system with high availability and durability. It is suitable for applications that contain massive small files and require low latency, and high IOPS. This section describes how to use an existing SFS Turbo file system to statically create PVs and PVCs for data persistence and sharing in workloads.
                                                                                                            
-
                                                                                                            Prerequisites
                                                                                                            
+
                                                                                                            Prerequisites
                                                                                                            • You have created a cluster and installed the CCE Container Storage (Everest) add-on in the cluster.
                                                                                                            • To create a cluster using commands, ensure kubectl is used. For details, see Accessing a Cluster Using kubectl.
                                                                                                            • You have created an available SFS Turbo file system, and the SFS Turbo file system and the cluster are in the same VPC.
                                                                                                            
 
                                                                                                            
-
                                                                                                            Notes and Constraints
                                                                                                            • Multiple PVs can use the same SFS or SFS Turbo file system with the following restrictions:
                                                                                                              • Do not mount the PVCs/PVs that use the same underlying SFS or SFS Turbo volume to one pod. This will lead to a pod startup failure because not all PVCs can be mounted to the pod due to the same volumeHandle value.
                                                                                                              • The persistentVolumeReclaimPolicy parameter in the PVs must be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                              • When the underlying volume is repeatedly used, enable isolation and protection for ReadWriteMany at the application layer to prevent data overwriting and loss.
                                                                                                              
+
                                                                                                              Notes and Constraints
                                                                                                              • Multiple PVs can use the same SFS or SFS Turbo file system with the following restrictions:
                                                                                                                • Do not mount multiple PVCs or PVs that use the same underlying SFS or SFS Turbo volume to a single pod. Doing so will cause pod startup failures, as not all PVCs can be mounted due to identical volumeHandle value.
                                                                                                                • The persistentVolumeReclaimPolicy parameter in the PVs must be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                                • When the underlying volume is repeatedly used, enable isolation and protection for ReadWriteMany at the application layer to prevent data overwriting and loss.
                                                                                                                
 
                                                                                                              
 
                                                                                                              
 
                                                                                                              Using an Existing SFS Turbo File System on the Console
                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                              2. Statically create a PVC and PV.
                                                                                                                1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
@@ -58,7 +58,7 @@
 
                                                                                                            
-
                                                                                                            Table 2 Key parameters
                                                                                                            Parameter
                                                                                                            
 
                                                                                                            Yes
                                                                                                            
                                                                                                             		
 
                                                                                                            Requested capacity in the PVC, in Gi.
                                                                                                            
-
                                                                                                            For SFS, this field is used only for verification (cannot be empty or 0). Its value is fixed at 1, and any value you set does not take effect for SFS file systems.
                                                                                                            
+
                                                                                                            For SFS, this parameter is used only for verification and cannot be empty or 0. Its value is fixed at 1, and any value set will not take effect for SFS file systems.
                                                                                                            
                                                                                                             		
 
                                                                                                            
 
                                                                                                            everest.io/crypt-key-id
                                                                                                            
                                                                                                             		
 
                                                                                                            No
                                                                                                            
 
                                                                                                            If StorageClass is csi-nas, you can determine whether to encrypt the underlying storage.
                                                                                                            
+
                                                                                                            If the StorageClass is csi-nas, you can determine whether to encrypt the underlying storage.
                                                                                                            
 
                                                                                                            This parameter is mandatory when an SFS system is encrypted. Enter the encryption key ID selected during SFS system creation. You can use a custom key or the default key named sfs/default.
                                                                                                            
 
                                                                                                            To obtain a key ID, log in to the DEW console, locate the key to be encrypted, and copy the key ID.
                                                                                                            
                                                                                                             		
 
 
 
 
                                                                                                            
 
                                                                                                            Reclaim Policyb
                                                                                                            
 
                                                                                                            Only Retain is available if you do not use subdirectories to create PVs. This indicates that the PV is not deleted when the PVC is deleted. For details, see PV Reclaim Policy. If you choose to use a subdirectory to create a PV, the value of this parameter can be Delete.
                                                                                                            
+
                                                                                                            Only Retain is available if you do not use subdirectories to create PVs. This indicates that the PV is not deleted when the PVC is deleted. For details, see PV Reclaim Policy. If you choose to use a subdirectory to create a PV, the value of this parameter can be Delete.
                                                                                                            
                                                                                                             		
 
                                                                                                            
 
                                                                                                            Subdirectory Reclaim Policyb
                                                                                                            
@@ -80,34 +80,34 @@
 
 
                                                                                                          3. Click Create to create a PVC and a PV.
                                                                                                            You can choose Storage in the navigation pane and view the created PVC and PV on the PVCs and PVs tab pages, respectively.
                                                                                                            
 
                                                                                                            4. 
-
                                                                                                          4. Create an application.
                                                                                                            1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                            2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                              Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
-
                                                                                                              Table 1 Mounting a storage volume
                                                                                                              Parameter
                                                                                                              
+
                                                                                                            3. Create an application.
                                                                                                              1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                              2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Information area under Container Settings and choose Add Volume > PVC.
                                                                                                                Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                                
-
-
-
-
-
-
-
-
-
@@ -138,7 +138,6 @@ spec:
     volumeHandle: <your_volume_id>   # SFS Turbo volume ID
     volumeAttributes:
       everest.io/share-export-location: <your_location>   # Shared path of the SFS Turbo volume
-
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
   persistentVolumeReclaimPolicy: Retain    # Reclaim policy
   storageClassName: csi-sfsturbo          # StorageClass name of the SFS Turbo file system
@@ -215,7 +214,6 @@ metadata:
   namespace: default
   annotations:
     volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
-
 spec:
   accessModes:
   - ReadWriteMany                  # The value must be ReadWriteMany for SFS Turbo.
@@ -293,7 +291,7 @@ spec:
 
                                                                                                                
-
                                                                                                                Using Subdirectories of an Existing SFS Turbo File System Through kubectl
                                                                                                                1. Use kubectl to access the cluster.
                                                                                                                2. Create a PV.
                                                                                                                  1. Create the pv-sfsturbo.yaml file.
                                                                                                                    Example:
                                                                                                                    apiVersion: v1
+
                                                                                                                    Using Subdirectories of an Existing SFS Turbo File System Through kubectl
                                                                                                                    1. Use kubectl to access the cluster.
                                                                                                                    2. Create a PV.
                                                                                                                      1. Create the pv-sfsturbo.yaml file.
                                                                                                                        Example:
                                                                                                                        apiVersion: v1
 kind: PersistentVolume
 metadata:
   annotations:
@@ -302,41 +300,42 @@ metadata:
   name: pv-sfsturbo    # PV name
 spec:
   accessModes:
-  - ReadWriteMany      # Access mode. The value must be ReadWriteMany for SFS Turbo.
+  - ReadWriteMany      # Access mode. The value must be ReadWriteMany for SFS Turbo.
   capacity:
-    storage: 500Gi       # SFS Turbo volume capacity
+    storage: 500Gi       # SFS Turbo volume capacity
   csi:
     driver: sfsturbo.csi.everest.io    # Dependent storage driver for the mounting
     fsType: nfs
-    volumeHandle: pv-sfsturbo   # PV name when subdirectories are used
+    volumeHandle: pv-sfsturbo   # PV name
     volumeAttributes:
       everest.io/share-export-location: <sfsturbo_path>:/<absolute_path>   # Shared path and subdirectory of the SFS Turbo file system
 
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-      everest.io/volume-as: absolute-path   # (Optional) An SFS Turbo subdirectory is used.
+      everest.io/volume-as: absolute-path   # An SFS Turbo subdirectory is used.
+      everest.io/sfsturbo-share-id: <sfsturbo_id>    # SFS Turbo ID
   persistentVolumeReclaimPolicy: Retain    # Reclaim policy, which can be set to Delete when subdirectories are automatically created
   storageClassName: csi-sfsturbo          # StorageClass name of the SFS Turbo file system
   mountOptions: []                         # Mount options
                                                                                                                        
 
                                                                                                                        
 
-
                                                                                                                Table 1 Mounting a storage volume
                                                                                                                Parameter
                                                                                                                
 
                                                                                                                Description
                                                                                                                
+
                                                                                                                Description
                                                                                                                
                                                                                                                 		
 
                                                                                                                
 
                                                                                                                PVC
                                                                                                                
+
                                                                                                                PVC
                                                                                                                
 
                                                                                                                Select an existing SFS Turbo volume.
                                                                                                                
+
                                                                                                                Select an existing SFS Turbo volume.
                                                                                                                
                                                                                                                 		
 
                                                                                                                Mount Path
                                                                                                                
+
                                                                                                                Mount Path
                                                                                                                
 
                                                                                                                Enter a mount path, for example, /tmp.
                                                                                                                
+
                                                                                                                Enter a mount path, for example, /tmp.
                                                                                                                
 
                                                                                                                This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                 NOTICE: 
                                                                                                                If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                
 
                                                                                                                
 
                                                                                                                
                                                                                                                 		
 
                                                                                                                Subpath
                                                                                                                
+
                                                                                                                Subpath
                                                                                                                
 
                                                                                                                Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                                
+
                                                                                                                Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                                
                                                                                                                 		
 
                                                                                                                Permission
                                                                                                                
+
                                                                                                                Permission
                                                                                                                
 
                                                                                                                • Read-only: You can only read the data in the mounted volumes.
                                                                                                                • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                
+
                                                                                                                • Read-only: You can only read the data in the mounted volumes.
                                                                                                                • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                
                                                                                                                 		
 
                                                                                                                
                                                                                                                 
 
 
                                                                                                                Table 4 Key parameters
                                                                                                                Parameter
                                                                                                                
+
                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
-
-
-
@@ -404,7 +411,7 @@ spec:
 
                                                                                                              3. Run the following command to create a PV:
                                                                                                                kubectl apply -f pv-sfsturbo.yaml
                                                                                                                
 
                                                                                                                4. 
-
                                                                                                              4. Create a PVC.
                                                                                                                1. Create the pvc-sfsturbo.yaml file.
                                                                                                                  apiVersion: v1
+
                                                                                                                2. Create a PVC.
                                                                                                                  1. Create the pvc-sfsturbo.yaml file.
                                                                                                                    apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: pvc-sfsturbo
@@ -414,40 +421,40 @@ metadata:
 
 spec:
   accessModes:
-  - ReadWriteMany                  # The value must be ReadWriteMany for SFS Turbo.
+  - ReadWriteMany                  # The value must be ReadWriteMany for SFS Turbo.
   resources:
     requests:
-      storage: 500Gi               # SFS Turbo volume capacity.
-  storageClassName: csi-sfsturbo       # StorageClass name of the SFS Turbo file system, which must be the same as that of the PV
-  volumeName: pv-sfsturbo    # PV name
                                                                                                                    
+      storage: 500Gi               # SFS Turbo volume capacity.
+  storageClassName: csi-sfsturbo       # StorageClass name of the SFS Turbo file system, which must be the same as that of the PV
+  volumeName: pv-sfsturbo    # PV name
 
-
                                                                                                                5. Table 4 Key parameters
                                                                                                                Parameter
                                                                                                                
 
                                                                                                                Mandatory
                                                                                                                
+
                                                                                                                Mandatory
                                                                                                                
                                                                                                                 		
 
                                                                                                                Description
                                                                                                                
                                                                                                                 		
 
                                                                                                                
 
                                                                                                                volumeHandle
                                                                                                                
+
                                                                                                                volumeHandle
                                                                                                                
 
                                                                                                                Yes
                                                                                                                
+
                                                                                                                Yes
                                                                                                                
                                                                                                                 		
 
                                                                                                                PV name when an SFS Turbo subdirectory is used to create the PV.
                                                                                                                
                                                                                                                 		
 
                                                                                                                everest.io/share-export-location
                                                                                                                
+
                                                                                                                everest.io/share-export-location
                                                                                                                
 
                                                                                                                Yes
                                                                                                                
+
                                                                                                                Yes
                                                                                                                
                                                                                                                 		
 
                                                                                                                Shared path of the SFS Turbo subdirectory.
                                                                                                                
 
                                                                                                                Format:
                                                                                                                
@@ -345,9 +344,9 @@ spec:
 
                                                                                                                Log in to the CCE console, choose Service List > Storage > Scalable File Service, and select SFS Turbo. You can obtain the shared path of the file system.
                                                                                                                
                                                                                                                 		
 
                                                                                                                mountOptions
                                                                                                                
+
                                                                                                                mountOptions
                                                                                                                
 
                                                                                                                No
                                                                                                                
+
                                                                                                                No
                                                                                                                
                                                                                                                 		
 
                                                                                                                Mount options.
                                                                                                                
 
                                                                                                                If not specified, the following configurations are used by default. For details, see Configuring SFS Turbo Mount Options.
                                                                                                                
@@ -358,18 +357,18 @@ spec:
 - hard
                                                                                                                 		
 
                                                                                                                persistentVolumeReclaimPolicy
                                                                                                                
+
                                                                                                                persistentVolumeReclaimPolicy
                                                                                                                
 
                                                                                                                Yes
                                                                                                                
+
                                                                                                                Yes
                                                                                                                
                                                                                                                 		
 
                                                                                                                A reclaim policy is supported when the cluster version is or later than 1.19.10 and the Everest version is or later than 1.2.9. For details, see PV Reclaim Policy.
                                                                                                                
-
                                                                                                                Retain: When a PVC is deleted, both the PV and underlying storage resources will be retained. You need to manually delete these resources. After the PVC is deleted, the PV is in the Released state and cannot be bound to a PVC again.
                                                                                                                
+
                                                                                                                Retain: When a PVC is deleted, both the PV and underlying storage resources will be retained. You need to manually delete these resources. After the PVC is deleted, the PV is in the Released state and cannot be bound to a PVC again.
                                                                                                                
 
                                                                                                                Delete: This parameter can be configured when subdirectories are automatically created, indicating that the PV is deleted when a PVC is deleted.
                                                                                                                
                                                                                                                 		
 
                                                                                                                everest.io/reclaim-policy
                                                                                                                
+
                                                                                                                everest.io/reclaim-policy
                                                                                                                
 
                                                                                                                No
                                                                                                                
+
                                                                                                                No
                                                                                                                
                                                                                                                 		
 
                                                                                                                Whether to retain subdirectories when deleting a PVC. This parameter must be used with PV Reclaim Policy. This parameter is available only when the PV reclaim policy is Delete. Options:
                                                                                                                
 
                                                                                                                • retain-volume-only: If a PVC is deleted, the PV will be deleted, but the subdirectories associated with the PV will be retained.
                                                                                                                • delete: After a PVC is deleted, the PV and its associated subdirectories will also be deleted.
                                                                                                                   NOTE: 
                                                                                                                  When a subdirectory is deleted, only the absolute path of the subdirectory configured in the PVC will be deleted. The upper-layer directory will not be deleted.
                                                                                                                  
@@ -377,26 +376,34 @@ spec:
 
                                                                                                                
                                                                                                                 		
 
                                                                                                                everest.io/volume-as
                                                                                                                
+
                                                                                                                everest.io/volume-as
                                                                                                                
 
                                                                                                                No
                                                                                                                
+
                                                                                                                Yes
                                                                                                                
                                                                                                                 		
 
                                                                                                                The value is fixed at absolute-path, indicating that a dynamically created SFS Turbo subdirectory is used.
                                                                                                                
 
                                                                                                                Ensure Everest of v2.3.23 or later has been installed in the cluster.
                                                                                                                
                                                                                                                 		
 
                                                                                                                storage
                                                                                                                
+
                                                                                                                everest.io/sfsturbo-share-id
                                                                                                                
 
                                                                                                                Yes
                                                                                                                
+
                                                                                                                Yes
                                                                                                                
+
                                                                                                                Shared path of the SFS Turbo volume.
                                                                                                                
+
                                                                                                                Log in to the CCE console, choose Service List > Storage > Scalable File Service, and select SFS Turbo. You can obtain the shared path of the file system.
                                                                                                                
+
                                                                                                                storage
                                                                                                                
+
                                                                                                                Yes
                                                                                                                
                                                                                                                 		
 
                                                                                                                Requested capacity in the PVC, in Gi. If a subdirectory is used, this parameter serves no purpose other than for verification and must have a non-empty, non-zero value.
                                                                                                                
                                                                                                                 		
 
                                                                                                                storageClassName
                                                                                                                
+
                                                                                                                storageClassName
                                                                                                                
 
                                                                                                                Yes
                                                                                                                
+
                                                                                                                Yes
                                                                                                                
 
                                                                                                                The StorageClass name of SFS Turbo volumes is csi-sfsturbo.
                                                                                                                
+
                                                                                                                The StorageClass name of SFS Turbo volumes is csi-sfsturbo.
                                                                                                                
                                                                                                                 		
 
                                                                                                                
                                                                                                                 
 
                                                                                                                
-
@@ -69,34 +69,34 @@
 
                                                                                                              5. Click Create to create a PVC and a PV.
                                                                                                                You can choose Storage in the navigation pane and view the created PVC and PV on the PVCs and PVs tab pages, respectively.
                                                                                                                
 
                                                                                                                6. 
-
                                                                                                              6. Create an application.
                                                                                                                1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                                2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                  Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
-
                                                                                                                7. Table 5 Key parameters
                                                                                                                Parameter
                                                                                                                
+
                                                                                                                
-
-
-
-
-
-
-
@@ -545,7 +552,7 @@ static
-
                                                                                                                Table 5 Key parameters
                                                                                                                Parameter
                                                                                                                
 
                                                                                                                Mandatory
                                                                                                                
+
                                                                                                                Mandatory
                                                                                                                
                                                                                                                 		
 
                                                                                                                Description
                                                                                                                
                                                                                                                 		
 
                                                                                                                
 
                                                                                                                storage
                                                                                                                
+
                                                                                                                storage
                                                                                                                
 
                                                                                                                Yes
                                                                                                                
+
                                                                                                                Yes
                                                                                                                
                                                                                                                 		
 
                                                                                                                Requested capacity in the PVC, in Gi.
                                                                                                                
 
                                                                                                                The value must be the same as the storage size of the existing PV.
                                                                                                                
                                                                                                                 		
 
                                                                                                                storageClassName
                                                                                                                
+
                                                                                                                storageClassName
                                                                                                                
 
                                                                                                                Yes
                                                                                                                
+
                                                                                                                Yes
                                                                                                                
                                                                                                                 		
 
                                                                                                                StorageClass name, which must be the same as the StorageClass of the PV in 1.
                                                                                                                
 
                                                                                                                The StorageClass name of SFS Turbo volumes is csi-sfsturbo.
                                                                                                                
                                                                                                                 		
 
                                                                                                                volumeName
                                                                                                                
+
                                                                                                                volumeName
                                                                                                                
 
                                                                                                                Yes
                                                                                                                
+
                                                                                                                Yes
                                                                                                                
                                                                                                                 		
 
                                                                                                                PV name, which must be the same as the PV name in 1.
                                                                                                                
                                                                                                                 		
 
 
                                                                                                                Create a PV on the CCE console.
                                                                                                                
 
                                                                                                                1. Choose Storage in the navigation pane. In the right pane, click the PVs tab. Click Create PersistentVolume in the upper right corner. In the dialog box displayed, configure parameters.
                                                                                                                  • Volume Type: Select SFS Turbo.
                                                                                                                  • SFS Turbo: Click Select SFS Turbo. On the page displayed, select the SFS Turbo file system that meets your requirements and click OK.
                                                                                                                  • Subdirectory: Determine whether to use subdirectories to create PVs. Enter the absolute path of a subdirectory, for example, /a/b. Ensure that the subdirectory is available.
                                                                                                                  • PV Name: Enter the PV name, which must be unique in a cluster.
                                                                                                                  • Access Mode: SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                  • Reclaim Policy: Only Retain is supported if you do not use subdirectories to create PVs. For details, see PV Reclaim Policy. If you choose to use a subdirectory to create a PV, the value of this parameter can be Delete.
                                                                                                                  • Subdirectory Reclaim Policy: Determine whether to retain subdirectories when a PVC is deleted. This parameter must be used with PV Reclaim Policy and can be configured when PV Reclaim Policy is set to Delete.
                                                                                                                    Retain: If a PVC is deleted, the PV will be deleted, but the subdirectories associated with the PV will be retained.
                                                                                                                    
+
                                                                                                                1. Choose Storage in the navigation pane. In the right pane, click the PVs tab. Click Create PersistentVolume in the upper right corner. In the dialog box displayed, configure parameters.
                                                                                                                  • Volume Type: Select SFS Turbo.
                                                                                                                  • SFS Turbo: Click Select SFS Turbo. On the page displayed, select the SFS Turbo file system that meets your requirements and click OK.
                                                                                                                  • Subdirectory: Determine whether to use subdirectories to create PVs. Enter the absolute path of a subdirectory, for example, /a/b. Ensure that the subdirectory is available.
                                                                                                                  • PV Name: Enter the PV name, which must be unique in a cluster.
                                                                                                                  • Access Mode: SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                  • Reclaim Policy: Only Retain is supported if you do not use subdirectories to create PVs. For details, see PV Reclaim Policy. If you choose to use a subdirectory to create a PV, the value of this parameter can be Delete.
                                                                                                                  • Subdirectory Reclaim Policy: Determine whether to retain subdirectories when a PVC is deleted. This parameter must be used with PV Reclaim Policy and can be configured when PV Reclaim Policy is set to Delete.
                                                                                                                    Retain: If a PVC is deleted, the PV will be deleted, but the subdirectories associated with the PV will be retained.
                                                                                                                    
 
                                                                                                                    Delete: After a PVC is deleted, the PV and its associated subdirectories will also be deleted.
                                                                                                                    
 
                                                                                                                  • Mount Options: Enter the mounting parameter key-value pairs. For details, see Configuring SFS Turbo Mount Options.
                                                                                                                  
 
                                                                                                                2. Click Create.
                                                                                                                
diff --git a/docs/cce/umn/cce_10_0626.html b/docs/cce/umn/cce_10_0626.html
index 0551b5b7a..cbb479538 100644
--- a/docs/cce/umn/cce_10_0626.html
+++ b/docs/cce/umn/cce_10_0626.html
@@ -58,10 +58,10 @@
 
                                                                                                                
 
                                                                                                                
 
                                                                                                                
-
                                                                                                                You can set other mount options if needed. For details, see Mounting an NFS File System to ECSs (Linux).
                                                                                                                
+
                                                                                                                You can configure other mount options if needed. For details, see Mounting an NFS File System to ECSs (Linux).
                                                                                                                
 
 
                                                                                                                Configuring Mount Options in a PV
                                                                                                                You can use the mountOptions field to configure mount options in a PV. The options you can configure in mountOptions are listed in SFS Turbo Mount Options.
                                                                                                                
-
                                                                                                                1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                2. Configure mount options in a PV. Example:
                                                                                                                  apiVersion: v1
+
                                                                                                                  1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                  2. Configure mount options in a PV. Example:
                                                                                                                    apiVersion: v1
 kind: PersistentVolume
 metadata:
   annotations:
@@ -88,7 +88,7 @@ spec:
   - timeo=600
   - hard
                                                                                                                    
 
                                                                                                                  3. After a PV is created, you can create a PVC and bind it to the PV, and then mount the PV to the container in the workload. For details, see Using an Existing SFS Turbo File System Through a Static PV.
                                                                                                                  4. Check whether the mount options take effect.
                                                                                                                    In this example, the PVC is mounted to the workload that uses the nginx:latest image. You can run the mount -l command to check whether the mount options take effect.
                                                                                                                    1. View the pod to which the SFS Turbo volume has been mounted. In this example, the workload name is web-sfsturbo.
                                                                                                                      kubectl get pod | grep web-sfsturbo
                                                                                                                      
-
                                                                                                                      The command output is as follows:
                                                                                                                      
+
                                                                                                                      Command output:
                                                                                                                      
 
                                                                                                                      web-sfsturbo-***   1/1     Running   0             23m
                                                                                                                      
 
                                                                                                                    2. Run the following command to check the mount options (web-sfsturbo-*** is an example pod):
                                                                                                                      kubectl exec -it web-sfsturbo-*** -- mount -l | grep nfs
                                                                                                                      
 
                                                                                                                      If the mounting information in the command output is consistent with the configured mount options, the mount options have been configured.
                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0630.html b/docs/cce/umn/cce_10_0630.html
index a6825335c..cee624802 100644
--- a/docs/cce/umn/cce_10_0630.html
+++ b/docs/cce/umn/cce_10_0630.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                      Using an OBS Bucket Through a Dynamic PV
                                                                                                                      
 
                                                                                                                      This section describes how to automatically create an OBS bucket. It is applicable when no underlying storage volume is available.
                                                                                                                      
-
                                                                                                                      Notes and Constraints
                                                                                                                      • If OBS volumes are used, the owner group and permission of the mount point cannot be modified.
                                                                                                                      • Every time an OBS volume is mounted to a workload through a PVC, a resident process is created in the backend. When a workload uses too many OBS volumes or reads and writes a large number of object storage files, resident processes will consume a significant amount of memory. To ensure stable running of the workload, make sure that the number of OBS volumes used does not exceed the requested memory. For example, if the workload requests for 4 GiB of memory, the number of OBS volumes should be no more than 4.
                                                                                                                      • Kata containers do not support OBS volumes.
                                                                                                                      • Hard links are not supported when common buckets are mounted.
                                                                                                                      
+
                                                                                                                      Notes and Constraints
                                                                                                                      • If OBS volumes are used, the owner group and permission of the mount point cannot be modified.
                                                                                                                      • Every time an OBS volume is mounted to a workload through a PVC, a resident process is created in the backend. When a workload uses too many OBS volumes or reads and writes a large number of object storage files, resident processes will consume a significant amount of memory. To ensure stable running of the workload, make sure that the number of OBS volumes used does not exceed the requested memory. For example, if the workload requests for 4 GiB of memory, the number of OBS volumes should be no more than 4.
                                                                                                                      • Secure containers do not support OBS volumes.
                                                                                                                      • Hard links are not supported when common buckets are mounted.
                                                                                                                      
 
                                                                                                                      • OBS allows a single user to create a maximum of 100 buckets. If a large number of dynamic PVCs are created, the number of buckets may exceed the upper limit, and no more OBS buckets can be created. In this case, use OBS by calling its API or SDK and do not mount OBS buckets to workloads.
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      Automatically Creating an OBS Volume on the Console
                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                      2. Dynamically create a PVC and PV.
                                                                                                                        1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
@@ -30,7 +30,7 @@
 
                                                                                                                
 
                                                                                                                Storage Classes
                                                                                                                
 
                                                                                                                The default StorageClass for OBS volumes is csi-obs.
                                                                                                                
+
                                                                                                                The default StorageClass of OBS volumes is csi-obs.
                                                                                                                
 
                                                                                                                You can customize a StorageClass and configure its reclaim policy and binding mode. For details, see Creating a StorageClass Using the CCE Console.
                                                                                                                
                                                                                                                 		
 
                                                                                                                
 
                                                                                                                Table 1 Mounting a storage volume
                                                                                                                Parameter
                                                                                                                
+
                                                                                                              7. Create an application.
                                                                                                                1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                                2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Information area under Container Settings and choose Add Volume > PVC.
                                                                                                                  Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                                  
-
-
-
-
-
-
-
-
-
@@ -119,15 +119,14 @@ metadata:
     csi.storage.k8s.io/fstype: obsfs        # Instance type
     csi.storage.k8s.io/node-publish-secret-name: <your_secret_name>       # Custom secret name
     csi.storage.k8s.io/node-publish-secret-namespace: <your_namespace>    # Namespace of the custom secret
-
-    everest.io/csi.volume-name-prefix: test  # (Optional) Storage volume name prefix of the automatically created underlying storage
+    everest.io/csi.volume-name-prefix: test  # (Optional) Storage volume name prefix of the automatically created underlying storage
 spec:
   accessModes:
     - ReadWriteMany             # The value must be ReadWriteMany for OBS.
   resources:
     requests:
       storage: 1Gi               # OBS volume capacity
-  storageClassName: csi-obs    # StorageClass is OBS.
+  storageClassName: csi-obs    # The StorageClass is OBS.
                                                                                                                  Table 1 Mounting a storage volume
                                                                                                                  Parameter
                                                                                                                  
 
                                                                                                                  Description
                                                                                                                  
+
                                                                                                                  Description
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
                                                                                                                  PVC
                                                                                                                  
+
                                                                                                                  PVC
                                                                                                                  
 
                                                                                                                  Select an existing OBS volume.
                                                                                                                  
+
                                                                                                                  Select an existing OBS volume.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  Mount Path
                                                                                                                  
+
                                                                                                                  Mount Path
                                                                                                                  
 
                                                                                                                  Enter a mount path, for example, /tmp.
                                                                                                                  
+
                                                                                                                  Enter a mount path, for example, /tmp.
                                                                                                                  
 
                                                                                                                  This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                   NOTICE: 
                                                                                                                  If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                  
 
                                                                                                                  
 
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  Subpath
                                                                                                                  
+
                                                                                                                  Subpath
                                                                                                                  
 
                                                                                                                  Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                                  
+
                                                                                                                  Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  Permission
                                                                                                                  
+
                                                                                                                  Permission
                                                                                                                  
 
                                                                                                                  • Read-only: You can only read the data in the mounted volumes.
                                                                                                                  • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                  
+
                                                                                                                  • Read-only: You can only read the data in the mounted volumes.
                                                                                                                  • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
                                                                                                                   
 
 
                                                                                                                  
@@ -142,7 +141,7 @@ spec:
 
                                                                                                                  Table 2 Key parameters
                                                                                                                  Parameter
                                                                                                                  
 
                                                                                                                  Yes
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  OBS StorageClass.
                                                                                                                  
-
                                                                                                                  • If fsType is set to s3fs, STANDARD (standard bucket) and WARM (infrequent access bucket) are supported.
                                                                                                                  • This parameter is invalid when fsType is set to obsfs.
                                                                                                                  
+
                                                                                                                  • If fsType is set to s3fs, standard buckets (STANDARD) and infrequent access buckets (WARM) are supported.
                                                                                                                  • This parameter is invalid when fsType is set to obsfs.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
                                                                                                                  csi.storage.k8s.io/fstype
                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0631.html b/docs/cce/umn/cce_10_0631.html
index 1ba983b62..a749100c1 100644
--- a/docs/cce/umn/cce_10_0631.html
+++ b/docs/cce/umn/cce_10_0631.html
@@ -8,109 +8,163 @@
 
 
                                                                                                                  OBS Mount Options
                                                                                                                  When mounting an OBS volume, the Everest add-on presets the options described in Table 1 and Table 2 by default. The options in Table 1 are mandatory. 
                                                                                                                  
 
-
                                                                                                                  Table 1 Mandatory mount options configured by default
                                                                                                                  Parameter
                                                                                                                  
+
                                                                                                                  
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
+
+
+
+
+
                                                                                                                  Table 1 Mandatory mount options configured by default
                                                                                                                  Parameter
                                                                                                                  
 
                                                                                                                  Value
                                                                                                                  
+
                                                                                                                  Supported Object Storage Type
                                                                                                                  
 
                                                                                                                  Description
                                                                                                                  
+
                                                                                                                  Value
                                                                                                                  
+
                                                                                                                  Description
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
                                                                                                                  use_ino
                                                                                                                  
+
                                                                                                                  use_ino
                                                                                                                  
 
                                                                                                                  Blank
                                                                                                                  
+
                                                                                                                  Parallel file system
                                                                                                                  
 
                                                                                                                  If enabled, obsfs allocates the inode number. Enabled by default in read/write mode.
                                                                                                                  
+
                                                                                                                  Blank
                                                                                                                  
+
                                                                                                                  If enabled, obsfs allocates the inode number. Enabled by default in read/write mode.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  big_writes
                                                                                                                  
+
                                                                                                                  big_writes
                                                                                                                  
 
                                                                                                                  Blank
                                                                                                                  
+
                                                                                                                  Parallel file system
                                                                                                                  
+
                                                                                                                  Object bucket
                                                                                                                  
 
                                                                                                                  If configured, the maximum size of the cache can be modified.
                                                                                                                  
+
                                                                                                                  Blank
                                                                                                                  
+
                                                                                                                  If enabled, the maximum size of the write cache can be changed.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  nonempty
                                                                                                                  
+
                                                                                                                  nonempty
                                                                                                                  
 
                                                                                                                  Blank
                                                                                                                  
+
                                                                                                                  Parallel file system
                                                                                                                  
+
                                                                                                                  Object bucket
                                                                                                                  
 
                                                                                                                  Allows non-empty mount paths.
                                                                                                                  
+
                                                                                                                  Blank
                                                                                                                  
+
                                                                                                                  Allows non-empty mount paths.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  allow_other
                                                                                                                  
+
                                                                                                                  allow_other
                                                                                                                  
 
                                                                                                                  Blank
                                                                                                                  
+
                                                                                                                  Parallel file system
                                                                                                                  
+
                                                                                                                  Object bucket
                                                                                                                  
 
                                                                                                                  Allows other users to access the parallel file system.
                                                                                                                  
+
                                                                                                                  Blank
                                                                                                                  
+
                                                                                                                  Allows other users to access the mount directory.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  no_check_certificate
                                                                                                                  
+
                                                                                                                  no_check_certificate
                                                                                                                  
 
                                                                                                                  Blank
                                                                                                                  
+
                                                                                                                  Parallel file system
                                                                                                                  
+
                                                                                                                  Object bucket
                                                                                                                  
 
                                                                                                                  Disables server certificate verification.
                                                                                                                  
+
                                                                                                                  Blank
                                                                                                                  
+
                                                                                                                  Disables server certificate verification.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  enable_noobj_cache
                                                                                                                  
+
                                                                                                                  enable_noobj_cache
                                                                                                                  
 
                                                                                                                  Blank
                                                                                                                  
+
                                                                                                                  Object bucket
                                                                                                                  
 
                                                                                                                  Enables cache entries for objects that do not exist, which can improve performance. Enabled by default in object bucket read/write mode.
                                                                                                                  
+
                                                                                                                  Blank
                                                                                                                  
+
                                                                                                                  Enables cache entries for objects that do not exist, which can improve performance. Enabled by default in object bucket read/write mode.
                                                                                                                  
 
                                                                                                                  This option is no longer configured by default since Everest 1.2.40.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  sigv2
                                                                                                                  
+
                                                                                                                  sigv2
                                                                                                                  
 
                                                                                                                  Blank
                                                                                                                  
+
                                                                                                                  Object bucket
                                                                                                                  
 
                                                                                                                  Specifies the signature version. Used by default in object buckets.
                                                                                                                  
+
                                                                                                                  Blank
                                                                                                                  
+
                                                                                                                  Specifies the signature version. Used by default in object buckets.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  public_bucket
                                                                                                                  
+
                                                                                                                  public_bucket
                                                                                                                  
 
                                                                                                                  1
                                                                                                                  
+
                                                                                                                  Object bucket
                                                                                                                  
 
                                                                                                                  If this parameter is set to 1, public buckets are mounted anonymously. Enabled by default in object bucket read-only mode.
                                                                                                                  
+
                                                                                                                  1
                                                                                                                  
+
                                                                                                                  If this parameter is set to 1, public buckets are mounted anonymously. Enabled by default in object bucket read-only mode.
                                                                                                                  
+
                                                                                                                  compat_dir
                                                                                                                  
+
                                                                                                                  Object bucket
                                                                                                                  
+
                                                                                                                  Blank
                                                                                                                  
+
                                                                                                                  This parameter is automatically added when s3fs v1.92 is used. Multi-level directory objects in a bucket can be displayed.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
                                                                                                                   
 
                                                                                                                  
 
                                                                                                                  
 
-
                                                                                                                  Table 2 Optional mount options configured by default
                                                                                                                  Parameter
                                                                                                                  
+
                                                                                                                  
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
+
+
+
+
+
@@ -119,7 +173,7 @@
 
                                                                                                                  Configuring Mount Options in a PV
                                                                                                                  You can use the mountOptions field to configure mount options in a PV. The options you can configure in mountOptions are listed in OBS Mount Options.
                                                                                                                  
-
                                                                                                                  1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                  2. Configure mount options in a PV. Example:
                                                                                                                    apiVersion: v1
+
                                                                                                                    1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                    2. Configure mount options in a PV. Example:
                                                                                                                      apiVersion: v1
 kind: PersistentVolume
 metadata:
   annotations:
@@ -139,7 +193,6 @@ spec:
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
       everest.io/obs-volume-type: STANDARD
       everest.io/region: <your_region>                        # Region where the OBS volume is
-
     nodePublishSecretRef:            # Custom secret of the OBS volume
       name: <your_secret_name>       # Custom secret name
       namespace: <your_namespace>    # Namespace of the custom secret
@@ -155,7 +208,7 @@ spec:
 
                                                                                                                    
 
                                                                                                                  Configuring Mount Options in a StorageClass
                                                                                                                  You can use the mountOptions field to configure mount options in a StorageClass. The options you can configure in mountOptions are listed in OBS Mount Options.
                                                                                                                  
-
                                                                                                                  1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                  2. Create a custom StorageClass. Example:
                                                                                                                    kind: StorageClass
+
                                                                                                                    1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                    2. Create a custom StorageClass. Example:
                                                                                                                      kind: StorageClass
 apiVersion: storage.k8s.io/v1
 metadata:
   name: csi-obs-mount-option
diff --git a/docs/cce/umn/cce_10_0633.html b/docs/cce/umn/cce_10_0633.html
index 5c280d7f2..be64f576e 100644
--- a/docs/cce/umn/cce_10_0633.html
+++ b/docs/cce/umn/cce_10_0633.html
@@ -2,14 +2,14 @@
 
 
                                                                                                                      Overview
                                                                                                                      
 
                                                                                                                      Introduction
                                                                                                                      CCE allows you to use LVM to combine data volumes on nodes into a storage pool (VolumeGroup) and create LVs for containers to mount. A PV that uses a local persistent volume as the medium is considered local PV.
                                                                                                                      
-
                                                                                                                      Compared with the HostPath volume, the local PV can be used in a persistent and portable manner. In addition, the PV of the local PV has the node affinity configuration. The pod mounted to the local PV is automatically scheduled based on the affinity configuration. You do not need to manually schedule the pod to a specific node.
                                                                                                                      
+
                                                                                                                      Compared with the hostPath volume, the local PV can be used in a persistent and portable manner. In addition, the PV of the local PV has the node affinity configuration. The pod mounted to the local PV is automatically scheduled based on the affinity configuration. You do not need to manually schedule the pod to a specific node.
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      Mount Modes
                                                                                                                      Local PVs can be mounted only in the following modes:
                                                                                                                      
-
                                                                                                                      • Using a Local PV Through a Dynamic PV: dynamic creation mode, in which you specify a StorageClass when creating a PVC. Then, an OBS volume and PV will be created automatically.
                                                                                                                      • Dynamically Mounting a Local PV to a StatefulSet: available only for StatefulSets. In this mode, each pod is associated with a unique PVC and PV. After a pod is rescheduled, the original data can still be mounted to it based on the PVC name. This mode applies to StatefulSets with multiple pods.
                                                                                                                      
+
                                                                                                                      • Using a Local PV Through a Dynamic PV: dynamic creation mode, in which you specify a StorageClass when creating a PVC. Then, a local PV will be created automatically.
                                                                                                                      • Dynamically Mounting a Local PV to a StatefulSet: available only for StatefulSets. In this mode, each pod is associated with a unique PVC and PV. After a pod is rescheduled, the original data can still be mounted to it based on the PVC name. This mode applies to StatefulSets with multiple pods.
                                                                                                                      
 
                                                                                                                       
                                                                                                                      Local PVs cannot be used through static PVs. That is, local PVs cannot be manually created and then mounted to workloads through PVCs.
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      
-
                                                                                                                      Notes and Constraints
                                                                                                                      • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                      • Deleting, removing, resetting, or scaling a node will cause the loss of the PVC/PV data of the local PV associated with the node. The lost data cannot be restored, and the affected PVC/PV cannot be used again. In these scenarios, the pod that uses the local PV is evicted from the node. A new pod will be created and stay in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.
                                                                                                                      • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                      • Local PVs are in non-shared mode and cannot be mounted to multiple workloads or tasks concurrently. Additionally, local PVs cannot be mounted to multiple pods of a workload concurrently.
                                                                                                                      
+
                                                                                                                      Notes and Constraints
                                                                                                                      • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                      • Removing, deleting, resetting, or scaling a node will cause the loss of the PVC/PV data of the local PV associated with the node. The lost data cannot be restored, and the affected PVC/PV cannot be used again. In these scenarios, the pod that uses the local PV is evicted from the node. A new pod will be created and stay in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.
                                                                                                                      • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                      • Local PVs are in non-shared mode and cannot be mounted to multiple workloads or tasks concurrently. Additionally, local PVs cannot be mounted to multiple pods of a workload concurrently.
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0634.html b/docs/cce/umn/cce_10_0634.html
index b6f118a8c..e209acf58 100644
--- a/docs/cce/umn/cce_10_0634.html
+++ b/docs/cce/umn/cce_10_0634.html
@@ -1,9 +1,9 @@
 
 
 
                                                                                                                      Using a Local PV Through a Dynamic PV
                                                                                                                      
-
                                                                                                                      Prerequisites
                                                                                                                      
+
                                                                                                                      Prerequisites
                                                                                                                      
 
                                                                                                                      
-
                                                                                                                      Notes and Constraints
                                                                                                                      • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                      • Deleting, removing, resetting, or scaling a node will cause the loss of the PVC/PV data of the local PV associated with the node. The lost data cannot be restored, and the affected PVC/PV cannot be used again. In these scenarios, the pod that uses the local PV is evicted from the node. A new pod will be created and stay in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.
                                                                                                                      • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                      • Local PVs are in non-shared mode and cannot be mounted to multiple workloads or tasks concurrently. Additionally, local PVs cannot be mounted to multiple pods of a workload concurrently.
                                                                                                                      
+
                                                                                                                      Notes and Constraints
                                                                                                                      • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                      • Removing, deleting, resetting, or scaling a node will cause the loss of the PVC/PV data of the local PV associated with the node. The lost data cannot be restored, and the affected PVC/PV cannot be used again. In these scenarios, the pod that uses the local PV is evicted from the node. A new pod will be created and stay in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.
                                                                                                                      • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                      • Local PVs are in non-shared mode and cannot be mounted to multiple workloads or tasks concurrently. Additionally, local PVs cannot be mounted to multiple pods of a workload concurrently.
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      Automatically Creating a Local PV on the Console
                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                      2. Dynamically create a PVC and PV.
                                                                                                                        1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
 
                                                                                                                  Table 2 Optional mount options configured by default
                                                                                                                  Parameter
                                                                                                                  
 
                                                                                                                  Value
                                                                                                                  
+
                                                                                                                  Supported Object Storage Type
                                                                                                                  
 
                                                                                                                  Description
                                                                                                                  
+
                                                                                                                  Value
                                                                                                                  
+
                                                                                                                  Description
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
                                                                                                                  max_write
                                                                                                                  
+
                                                                                                                  max_write
                                                                                                                  
 
                                                                                                                  131072
                                                                                                                  
+
                                                                                                                  Parallel file system
                                                                                                                  
+
                                                                                                                  Object bucket
                                                                                                                  
 
                                                                                                                  This parameter is valid only when big_writes is configured. The recommended value is 128 KB.
                                                                                                                  
+
                                                                                                                  131072
                                                                                                                  
+
                                                                                                                  This parameter is valid only when big_writes is configured. The recommended value is 128 KB.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  ssl_verify_hostname
                                                                                                                  
+
                                                                                                                  multipart_size
                                                                                                                  
 
                                                                                                                  0
                                                                                                                  
+
                                                                                                                  Object bucket
                                                                                                                  
 
                                                                                                                  Disables SSL certificate verification based on the host name.
                                                                                                                  
+
                                                                                                                  20
                                                                                                                  
+
                                                                                                                  If a file is uploaded in multiple parts, the size of each part, measured in MB, will affect the size of the file that can be uploaded.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  max_background
                                                                                                                  
+
                                                                                                                  ssl_verify_hostname
                                                                                                                  
 
                                                                                                                  100
                                                                                                                  
+
                                                                                                                  Parallel file system
                                                                                                                  
+
                                                                                                                  Object bucket
                                                                                                                  
 
                                                                                                                  Allows setting the maximum number of waiting requests in the background. Used by default in parallel file systems.
                                                                                                                  
+
                                                                                                                  0
                                                                                                                  
+
                                                                                                                  Disables SSL certificate verification based on the host name.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  umask
                                                                                                                  
+
                                                                                                                  max_background
                                                                                                                  
 
                                                                                                                  0
                                                                                                                  
+
                                                                                                                  Parallel file system
                                                                                                                  
+
                                                                                                                  Object bucket
                                                                                                                  
 
                                                                                                                  Mask of the configuration file permission.
                                                                                                                  
+
                                                                                                                  100
                                                                                                                  
+
                                                                                                                  Allows setting the maximum number of waiting requests in the background. Used by default in parallel file systems.
                                                                                                                  
+
                                                                                                                  umask
                                                                                                                  
+
                                                                                                                  Parallel file system
                                                                                                                  
+
                                                                                                                  Object bucket
                                                                                                                  
+
                                                                                                                  0
                                                                                                                  
+
                                                                                                                  Mask of the configuration file permission.
                                                                                                                  
 
                                                                                                                  For example, if the umask value is 022, the directory permission (the maximum permission is 777) is 755 (777 - 022 = 755, rwxr-xr-x).
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
 
 
                                                                                                                  
@@ -64,35 +65,35 @@
 
                                                                                                                   
                                                                                                                  The volume binding mode of the local storage class (named csi-local-topology) is late binding (that is, the value of volumeBindingMode is WaitForFirstConsumer). In this mode, PV creation and binding are delayed. The corresponding PV is created and bound only when the PVC is used during workload creation.
                                                                                                                  
 
                                                                                                                  
-
                                                                                                                3. Create an application.
                                                                                                                  1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                                  2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                    Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
-
                                                                                                                  4. Parameter
                                                                                                                  
@@ -43,7 +43,8 @@
 
                                                                                                                  Capacity
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  Requested capacity of the storage volume in GiB or MiB.
                                                                                                                  
-
                                                                                                                   NOTE: 
                                                                                                                  To implement local PVs, Logical Volume Manager (LVM) is used with a local extent (LE) of 4 MiB. If the requested PVC capacity is not a multiple of 4 MiB, the LVM logical volume's actual capacity will be rounded up to the nearest multiple of 4 MiB. For example, if you request 401 MiB of PVC capacity, the LVM logical volume's actual capacity will be 404 MiB (101 LEs), which is the same as what is displayed on the page.
                                                                                                                  
+
                                                                                                                   NOTE: 
                                                                                                                  Local PVs are implemented using LVM, with a basic unit of 4 MiB for LVM logical extents (LEs). The actual usage of LVM logical volumes varies by write mode:
                                                                                                                  
+
                                                                                                                  • Linear mode: If the requested PVC capacity is not a multiple of 4 MiB, the LVM logical volume capacity will be rounded up to the nearest 4 MiB multiple.
                                                                                                                  • Striping mode: LVM allocates storage in complete stripe sets. If the calculated number of stripe sets is not an integer, it will be automatically rounded up to the next whole number.
                                                                                                                  
 
                                                                                                                  
 
                                                                                                                  		
 
                                                                                                                  
 
                                                                                                                  Table 1 Mounting a storage volume
                                                                                                                  Parameter
                                                                                                                  
+
                                                                                                                4. Create an application.
                                                                                                                  1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                                  2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Information area under Container Settings and choose Add Volume > PVC.
                                                                                                                    Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                                    
-
-
-
-
-
-
-
-
-
@@ -118,7 +119,7 @@ spec:
   resources:
     requests:
       storage: 10Gi             # Local PV capacity
-  storageClassName: csi-local-topology    # StorageClass is local PV.
+  storageClassName: csi-local-topology    # The StorageClass is local PV.
                                                                                                                    Table 1 Mounting a storage volume
                                                                                                                    Parameter
                                                                                                                    
 
                                                                                                                    Description
                                                                                                                    
+
                                                                                                                    Description
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    
 
                                                                                                                    PVC
                                                                                                                    
+
                                                                                                                    PVC
                                                                                                                    
 
                                                                                                                    Select an existing local PV.
                                                                                                                    
+
                                                                                                                    Select an existing local PV.
                                                                                                                    
 
                                                                                                                    A local PV can be mounted to only one workload.
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    Mount Path
                                                                                                                    
+
                                                                                                                    Mount Path
                                                                                                                    
 
                                                                                                                    Enter a mount path, for example, /tmp.
                                                                                                                    
+
                                                                                                                    Enter a mount path, for example, /tmp.
                                                                                                                    
 
                                                                                                                    This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                     NOTICE: 
                                                                                                                    If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    Subpath
                                                                                                                    
+
                                                                                                                    Subpath
                                                                                                                    
 
                                                                                                                    Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                                    
+
                                                                                                                    Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    Permission
                                                                                                                    
+
                                                                                                                    Permission
                                                                                                                    
 
                                                                                                                    • Read-only: You can only read the data in the mounted volumes.
                                                                                                                    • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                    
+
                                                                                                                    • Read-only: You can only read the data in the mounted volumes.
                                                                                                                    • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    
                                                                                                                     
 
 
                                                                                                                    
@@ -142,8 +143,10 @@ spec:
 
-
diff --git a/docs/cce/umn/cce_10_0635.html b/docs/cce/umn/cce_10_0635.html
index 90763e3f1..b05663dd2 100644
--- a/docs/cce/umn/cce_10_0635.html
+++ b/docs/cce/umn/cce_10_0635.html
@@ -5,9 +5,9 @@
 
                                                                                                                     
                                                                                                                    When updating a StatefulSet in Kubernetes, it is not allowed to add or delete the volumeClaimTemplates field. This field can only be configured during the creation of the StatefulSet.
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Prerequisites
                                                                                                                    
+
                                                                                                                    Prerequisites
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Dynamically Mounting a Local PV on the Console
                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                    2. Choose Workloads in the navigation pane. In the right pane, click the StatefulSets tab.
                                                                                                                    3. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select VolumeClaimTemplate.
                                                                                                                    4. Click Create PVC. In the dialog box displayed, configure the volume claim template parameters.
                                                                                                                      Click Create.
+
                                                                                                                      Dynamically Mounting a Local PV on the Console
                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                      2. Choose Workloads in the navigation pane. In the right pane, click the StatefulSets tab.
                                                                                                                      3. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Information area under Container Settings and choose Add Volume > VCT.
                                                                                                                      4. Click Create PVC. In the dialog box displayed, configure the volume claim template parameters.
                                                                                                                        Click Create.
 
                                                                                                                    Table 2 Key parameters
                                                                                                                    Parameter
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    Yes
                                                                                                                    
 
                                                                                                                    Requested PVC capacity in Gi or Mi.
                                                                                                                    
-
                                                                                                                     NOTE: 
                                                                                                                    To implement local PVs, Logical Volume Manager (LVM) is used with a local extent (LE) of 4 MiB. If the requested PVC capacity is not a multiple of 4 MiB, the LVM logical volume's actual capacity will be rounded up to the nearest multiple of 4 MiB. For example, if you request 401 MiB of PVC capacity, the LVM logical volume's actual capacity will be 404 MiB (101 LEs), which is the same as what is displayed on the page.
                                                                                                                    
+
                                                                                                                    PVC capacity, in Gi or Mi. The value must be an integer.
                                                                                                                    
+
                                                                                                                    If storage is set to a decimal, the value will be rounded up for the local PV. For example, if storage is set to 10.1Gi, an 11-GiB local PV will be created.
                                                                                                                    
+
                                                                                                                     NOTE: 
                                                                                                                    Local PVs are implemented using LVM, with a basic unit of 4 MiB for LVM logical extents (LEs). The actual usage of LVM logical volumes varies by write mode:
                                                                                                                    
+
                                                                                                                    • Linear mode: If the requested PVC capacity is not a multiple of 4 MiB, the LVM logical volume capacity will be rounded up to the nearest 4 MiB multiple.
                                                                                                                    • Striping mode: LVM allocates storage in complete stripe sets. If the calculated number of stripe sets is not an integer, it will be automatically rounded up to the next whole number.
                                                                                                                    
 
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    
 
                                                                                                                    
@@ -134,7 +135,7 @@ spec:
         resources:
           requests:
             storage: 10Gi               # Storage volume capacity
-        storageClassName: csi-local-topology      # StorageClass is local PV.
+        storageClassName: csi-local-topology      # The StorageClass is local PV.
 ---
 apiVersion: v1
 kind: Service
@@ -177,8 +178,10 @@ spec:
 
-
diff --git a/docs/cce/umn/cce_10_0636.html b/docs/cce/umn/cce_10_0636.html
index 8dcaadb3f..16034c5f1 100644
--- a/docs/cce/umn/cce_10_0636.html
+++ b/docs/cce/umn/cce_10_0636.html
@@ -1,16 +1,17 @@
 
                                                                                                                    Ephemeral Volumes
                                                                                                                    
-
                                                                                                                    
+
                                                                                                                    
+
                                                                                                                    
 
 
diff --git a/docs/cce/umn/cce_10_0637.html b/docs/cce/umn/cce_10_0637.html
index 8862ea948..9ade09d9b 100644
--- a/docs/cce/umn/cce_10_0637.html
+++ b/docs/cce/umn/cce_10_0637.html
@@ -6,7 +6,7 @@
 
                                                                                                                    Common EVs in Kubernetes:
                                                                                                                    • emptyDir: empty at pod startup, with storage coming locally from the kubelet base directory (usually the root disk) or memory. emptyDir is allocated from the EV of the node. If data from other sources (such as log files or image tiering data) occupies the ephemeral storage, the storage capacity may be insufficient.
                                                                                                                    • ConfigMap: Kubernetes data of the ConfigMap type is mounted to pods as data volumes.
                                                                                                                    • Secret: Kubernetes data of the Secret type is mounted to pods as data volumes.
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    emptyDir Types
                                                                                                                    CCE provides the following emptyDir types:
                                                                                                                    • Using a Temporary Path: Kubernetes-native emptyDir type. Its lifecycle is the same as that of a pod. Memory can be specified as the storage medium. When the pod is deleted, the emptyDir volume is deleted and its data is lost.
                                                                                                                    • Using a Local EV: Local data disks in a node form a storage pool (VolumeGroup) through LVM. LVs are created as the storage medium of emptyDir and mounted to pods. LVs deliver better performance than the default storage medium of emptyDir.
                                                                                                                    
+
                                                                                                                    emptyDir Types
                                                                                                                    CCE provides the following emptyDir types:
                                                                                                                    • Temporary Path: Kubernetes-native emptyDir type. Its lifecycle is the same as that of a pod. Memory can be specified as the storage medium. When the pod is deleted, the emptyDir volume is deleted and its data is lost.
                                                                                                                    • Local EV: Local data disks in a node form a storage pool (VolumeGroup) through LVM. LVs are created as the storage medium of emptyDir and mounted to pods. LVs deliver better performance than the default storage medium of emptyDir.
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    Notes and Constraints
                                                                                                                    • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
                                                                                                                    • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                    • Ensure that the /var/lib/kubelet/pods/ directory is not mounted to the pod on the node. Otherwise, the pod, mounted with such volumes, may fail to be deleted.
                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0638.html b/docs/cce/umn/cce_10_0638.html
index 33e99179a..26ed9de90 100644
--- a/docs/cce/umn/cce_10_0638.html
+++ b/docs/cce/umn/cce_10_0638.html
@@ -1,9 +1,9 @@
 
 
-
                                                                                                                    Using a Temporary Path
                                                                                                                    
+
                                                                                                                    Temporary Path
                                                                                                                    
 
                                                                                                                    A temporary path is of the Kubernetes-native emptyDir type. Its lifecycle is the same as that of a pod. Memory can be specified as the storage medium. When the pod is deleted, the emptyDir volume is deleted and its data is lost.
                                                                                                                    
-
                                                                                                                    Using a Temporary Path on the Console
                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                    2. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                                    3. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select EmptyDir.
                                                                                                                    4. Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
                                                                                                                      
-
                                                                                                                    Parameter
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    Description
                                                                                                                    
@@ -45,7 +45,8 @@
 
                                                                                                                    Capacity
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    Requested capacity of the storage volume in GiB or MiB.
                                                                                                                    
-
                                                                                                                     NOTE: 
                                                                                                                    To implement local PVs, Logical Volume Manager (LVM) is used with a local extent (LE) of 4 MiB. If the requested PVC capacity is not a multiple of 4 MiB, the LVM logical volume's actual capacity will be rounded up to the nearest multiple of 4 MiB. For example, if you request 401 MiB of PVC capacity, the LVM logical volume's actual capacity will be 404 MiB (101 LEs), which is the same as what is displayed on the page.
                                                                                                                    
+
                                                                                                                     NOTE: 
                                                                                                                    Local PVs are implemented using LVM, with a basic unit of 4 MiB for LVM logical extents (LEs). The actual usage of LVM logical volumes varies by write mode:
                                                                                                                    
+
                                                                                                                    • Linear mode: If the requested PVC capacity is not a multiple of 4 MiB, the LVM logical volume capacity will be rounded up to the nearest 4 MiB multiple.
                                                                                                                    • Striping mode: LVM allocates storage in complete stripe sets. If the calculated number of stripe sets is not an integer, it will be automatically rounded up to the next whole number.
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    		
 
                                                                                                                    
 
                                                                                                                    Yes
                                                                                                                    
 
                                                                                                                    Requested PVC capacity in Gi or Mi.
                                                                                                                    
-
                                                                                                                     NOTE: 
                                                                                                                    To implement local PVs, Logical Volume Manager (LVM) is used with a local extent (LE) of 4 MiB. If the requested PVC capacity is not a multiple of 4 MiB, the LVM logical volume's actual capacity will be rounded up to the nearest multiple of 4 MiB. For example, if you request 401 MiB of PVC capacity, the LVM logical volume's actual capacity will be 404 MiB (101 LEs), which is the same as what is displayed on the page.
                                                                                                                    
+
                                                                                                                    PVC capacity, in Gi or Mi. The value must be an integer.
                                                                                                                    
+
                                                                                                                    If storage is set to a decimal, the value will be rounded up for the local PV. For example, if storage is set to 10.1Gi, an 11-GiB local PV will be created.
                                                                                                                    
+
                                                                                                                     NOTE: 
                                                                                                                    Local PVs are implemented using LVM, with a basic unit of 4 MiB for LVM logical extents (LEs). The actual usage of LVM logical volumes varies by write mode:
                                                                                                                    
+
                                                                                                                    • Linear mode: If the requested PVC capacity is not a multiple of 4 MiB, the LVM logical volume capacity will be rounded up to the nearest 4 MiB multiple.
                                                                                                                    • Striping mode: LVM allocates storage in complete stripe sets. If the calculated number of stripe sets is not an integer, it will be automatically rounded up to the next whole number.
                                                                                                                    
 
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    
 
 
 
                                                                                                                    
-
-
@@ -69,7 +69,7 @@
 
                                                                                                                    Typical scenario: Disk I/O suspension causes process suspension.
                                                                                                                    
@@ -81,7 +81,7 @@
 
@@ -206,7 +206,7 @@
 
-
@@ -240,7 +240,7 @@
 
                                                                                                                    Typical scenario: When creating a node, a user configures two data disks as an ephemeral volume storage pool. Some data disks are deleted by mistake. As a result, the storage pool becomes abnormal.
                                                                                                                    
@@ -378,7 +378,7 @@
 
-
                                                                                                                    Table 1 Mounting an EV
                                                                                                                    Parameter
                                                                                                                    
+
                                                                                                                    Using a Temporary Path on the Console
                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                    2. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                                    3. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Information area under Container Settings and choose Add Volume > emptyDir.
                                                                                                                    4. Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
                                                                                                                      
+
                                                                                                                      
@@ -13,21 +13,21 @@
 
-
-
-
@@ -117,37 +117,13 @@
 
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -239,7 +215,7 @@
 
-
-
-
@@ -480,7 +455,7 @@
 
@@ -590,12 +565,12 @@
 
-
@@ -611,7 +586,7 @@
 
@@ -663,6 +638,17 @@
 
                                                                                                                      This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                      
+
+
+
+
+
+
                                                                                                                      Table 1 Mounting a temporary path
                                                                                                                      Parameter
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Description
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Memory:
                                                                                                                      • You can select this option to improve the running speed, but the storage capacity is subject to the memory size. This mode is applicable when data volume is small and efficient read and write is required.
                                                                                                                      • If this function is disabled, data is stored in hard disks, which applies to a large amount of data with low requirements on reading and writing efficiency.
                                                                                                                      
 
                                                                                                                      
-
                                                                                                                       NOTE: 
                                                                                                                      • If Memory is selected, pay attention to the memory size. If the storage capacity exceeds the memory size, an OOM event occurs.
                                                                                                                      • If Memory is selected, the size of an EV is the same as pod specifications.
                                                                                                                      • If Memory is not selected, EVs will not occupy the system memory.
                                                                                                                      
+
                                                                                                                       NOTE: 
                                                                                                                      • If Memory is selected, pay attention to the memory size. If the storage capacity exceeds the memory size, an OOM event occurs.
                                                                                                                      • If Memory is selected, the size of an emptyDir is the same as pod specifications.
                                                                                                                      • If Memory is not selected, emptyDir volumes will not occupy the system memory.
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      		
 
                                                                                                                      
 
                                                                                                                      Mount Path
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Enter a mount path, for example, /tmp.
                                                                                                                      
-
                                                                                                                      This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                       NOTICE: 
                                                                                                                      If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                      
+
                                                                                                                      This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                       NOTICE: 
                                                                                                                      If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      		
 
                                                                                                                      
 
                                                                                                                      Subpath
                                                                                                                      
 
                                                                                                                      Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                      
+
                                                                                                                      Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
                                                                                                                      Permission
                                                                                                                      
@@ -40,7 +40,7 @@
 
 
                                                                                                                    5. After the configuration, click Create Workload.
                                                                                                                      6. 
 
-
                                                                                                                      Using a Temporary Path Through kubectl
                                                                                                                      1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                      2. Create a file named nginx-emptydir.yaml and edit it.
                                                                                                                        vi nginx-emptydir.yaml
                                                                                                                        
+
                                                                                                                        Using a Temporary Path Through kubectl
                                                                                                                        1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                        2. Create a file named nginx-emptydir.yaml and edit it.
                                                                                                                          vi nginx-emptydir.yaml
                                                                                                                          
 
                                                                                                                          Content of the YAML file:
                                                                                                                          
 
                                                                                                                          apiVersion: apps/v1
 kind: Deployment
@@ -68,7 +68,7 @@ spec:
       volumes:
         - name: vol-emptydir         # Volume name, which can be customized
           emptyDir:
-            medium: Memory          # EV disk medium: If this parameter is set to Memory, the memory is enabled. If this parameter is left blank, the native default storage medium is used.
+            medium: Memory          # emptyDir volume medium: If this parameter is set to Memory, the memory is enabled. If this parameter is left blank, the native default storage medium will be used.
             sizeLimit: 1Gi          # Volume capacity
                                                                                                                          
 
                                                                                                                        3. Create a workload.
                                                                                                                          kubectl apply -f nginx-emptydir.yaml
                                                                                                                          
 
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0649.html b/docs/cce/umn/cce_10_0649.html
index d8d53005b..3601a3f59 100644
--- a/docs/cce/umn/cce_10_0649.html
+++ b/docs/cce/umn/cce_10_0649.html
@@ -4,8 +4,8 @@
 
                                                                                                                        Prerequisites
                                                                                                                        To use node flavor priorities, the Autoscaler version must be 1.19.35, 1.21.28, 1.23.30, 1.25.20, or later. To balance load among AZs, the version must be 1.23.122, 1.25.117, 1.27.85, 1.28.52, or later.
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        Elastic Capacity Expansion Policies
                                                                                                                        Node pools are scaled according to their priorities and flavor priorities.
                                                                                                                        
-
                                                                                                                        
-
                                                                                                                        1. Predictive flavor filtering:
                                                                                                                          • The predictive algorithm chooses proper flavors that meet the scheduling needs of pending pods from all node pools.
                                                                                                                          • To schedule pods, various factors are considered, including whether the node resources meet the requested resources of the pods, and if the nodeSelector, nodeAffinity, and taints satisfy the conditions for pod scheduling.
                                                                                                                          • Additionally, if certain node pool flavors experience scale-out failures, such as insufficient resources, and enter a 5-minute cooldown period, the scale-out algorithm will automatically exclude them from consideration during that time.
                                                                                                                          
+
                                                                                                                          
+
                                                                                                                          1. Predictive flavor filtering:
                                                                                                                            • The predictive algorithm chooses proper flavors that meet the scheduling needs of pending pods from all node pools.
                                                                                                                            • When pods are scheduled, several factors are taken into account. These include checking if the node resources meet the requested resources of the pods, and verifying if the nodeSelector, nodeAffinity, and taints meet the conditions for pod scheduling.
                                                                                                                            • If certain node pool flavors experience scale-out failures, for example, due to insufficient resources, they will enter a 5-minute cooldown period. During this time, the scale-out algorithm will automatically exclude them from being considered.
                                                                                                                            
 
                                                                                                                          2. Node pool sorting by priority
                                                                                                                            Node pools are assigned priorities and sorted accordingly. The node pool with the highest priority is preferentially selected.
                                                                                                                            
 
                                                                                                                          3. Flavor selection by priority
                                                                                                                            When multiple node pools have the same highest priority, the flavor with the highest priority is selected according to the following rules:
                                                                                                                            
 
                                                                                                                            • The flavor with the highest priority in each node pool is selected.
                                                                                                                            • If multiple flavors have the same priority, choose the one that requires the least volume of resources to meet the pod scheduling requirements.
                                                                                                                            • If multiple flavors require the minimum volume of resources, choose one based on a balanced distribution among AZs.
                                                                                                                            
diff --git a/docs/cce/umn/cce_10_0652.html b/docs/cce/umn/cce_10_0652.html
index 8ae075729..86161fc26 100644
--- a/docs/cce/umn/cce_10_0652.html
+++ b/docs/cce/umn/cce_10_0652.html
@@ -1,11 +1,11 @@
 
 
 
                                                                                                                            Modifying Node Pool Configurations
                                                                                                                            
-
                                                                                                                            Notes and Constraints
                                                                                                                            The default node pool does not support the following management operations.
                                                                                                                            
+
                                                                                                                            Notes and Constraints
                                                                                                                            The default node pool does not support the management operations described in this section.
                                                                                                                            
 
                                                                                                                            
 
                                                                                                                            Configuration Management
                                                                                                                            CCE allows you to highly customize Kubernetes parameter settings on core components in a cluster. For more information, see kubelet.
                                                                                                                            
 
                                                                                                                            This function is supported only in clusters of v1.15 or later. It is not displayed for versions earlier than v1.15.
                                                                                                                            
-
                                                                                                                            1. Log in to the CCE console.
                                                                                                                            2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                            3. Locate the row containing the target node pool and choose More > Manage.
                                                                                                                            4. On the Manage Configurations page on the right, modify node pool parameter setting.
                                                                                                                              The following parameters can be configured for a node pool:
+
                                                                                                                              1. Log in to the CCE console.
                                                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                              3. Click Manage in the Operation column of the target node pool
                                                                                                                              4. On the Manage Configurations page on the right, modify node pool parameter setting.
                                                                                                                                The following parameters can be configured for a node pool:
 
                                                                                                                                
 
                                                                                                                              5. Click OK.
                                                                                                                              
 
                                                                                                                              
@@ -32,7 +32,7 @@
 
                                                                                                                      		
 
                                                                                                                      Default: none
                                                                                                                      
 
                                                                                                                      None
                                                                                                                      
+
                                                                                                                      The CPU management policy does not apply to ECS (PM) node pools in CCE Turbo clusters.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
                                                                                                                      QPS for requests to kube-apiserver
                                                                                                                      
@@ -63,7 +63,7 @@
                                                                                                                       		
 
                                                                                                                      Maximum number of pods that can run on a node.
                                                                                                                      
                                                                                                                       		
+
 
 
                                                                                                                      None
                                                                                                                      
 
                                                                                                                      allowed-unsafe-sysctls
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Insecure system configuration allowed.
                                                                                                                      
-
                                                                                                                      Starting from v1.17.17, CCE enables pod security policies for kube-apiserver. Add corresponding configurations to allowedUnsafeSysctls of a pod security policy to make the policy take effect. (This configuration is not required for clusters earlier than v1.17.17.) For details, see Example of Enabling Unsafe Sysctls in Pod Security Policy.
                                                                                                                      
+
                                                                                                                      Starting from v1.17.17, CCE enables pod security policies for kube-apiserver. Add corresponding configurations to allowedUnsafeSysctls of a pod security policy to make the policy take effect. (This configuration is not required for clusters earlier than v1.17.17.) For details, see Example of Enabling Unsafe sysctls in a PSP.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Default: []
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      None
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Node oversubscription
                                                                                                                      
-
                                                                                                                      over-subscription-resource
                                                                                                                      
-
                                                                                                                      Whether to enable node oversubscription.
                                                                                                                      
-
                                                                                                                      If this parameter is set to true, node oversubscription is enabled on nodes. For details, see Dynamic Resource Oversubscription.
                                                                                                                      
-
                                                                                                                      • For clusters of versions earlier than v1.23.9-r0 or v1.25.4-r0: enabled (true) by default
                                                                                                                      • Disabled by default if the cluster version is v1.23.9-r0, v1.25.4-r0, v1.27-r0, or later
                                                                                                                      
-
                                                                                                                      None
                                                                                                                      
-
                                                                                                                      Hybrid deployment
                                                                                                                      
-
                                                                                                                      colocation
                                                                                                                      
-
                                                                                                                      Whether to enable hybrid deployment on nodes.
                                                                                                                      
-
                                                                                                                      If this parameter is set to true, hybrid deployment is enabled on nodes. For details, see Dynamic Resource Oversubscription.
                                                                                                                      
-
                                                                                                                      • For clusters of versions earlier than v1.23.9-r0 or v1.25.4-r0: enabled (true) by default
                                                                                                                      • Disabled by default if the cluster version is v1.23.9-r0, v1.25.4-r0, v1.27-r0, or later
                                                                                                                      
-
                                                                                                                      None
                                                                                                                      
-
                                                                                                                      
 
                                                                                                                      Topology management policy
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      topology-manager-policy
                                                                                                                      
@@ -201,7 +177,7 @@
 
                                                                                                                      Pull an image in serial mode.
                                                                                                                      
 
                                                                                                                      • false: recommended configuration so that an image can be pulled in parallel mode to improve pod startup.
                                                                                                                      • true: allows images to be pulled in serial mode.
                                                                                                                      
 
                                                                                                                      • Enabled by default if the cluster version is earlier than v1.21.12-r0, v1.23.11-r0, v1.27.3-r0 or v1.25.6-r0
                                                                                                                      • Disabled by default if the cluster version is v1.21.12-r0, v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later
                                                                                                                      
+
                                                                                                                      • Enabled by default if the cluster version is earlier than v1.21.12-r0, v1.23.11-r0, v1.27.3-r0, v1.28.1-r0 or v1.25.6-r0
                                                                                                                      • Disabled by default if the cluster version is v1.21.12-r0, v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, v1.28.1-r0, or later
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      This parameter is available only in clusters of v1.21.10-r0, v1.23.8-r0, v1.25.3-r0, or later versions.
                                                                                                                      
 
                                                                                                                      Default: 10
                                                                                                                      
 
                                                                                                                      Value range: 2 to 100
                                                                                                                      
 
                                                                                                                      This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                                                                                      
+
                                                                                                                      This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
                                                                                                                      Maximum Container Log File Size
                                                                                                                      
@@ -251,7 +227,7 @@
 
                                                                                                                      Default: 50
                                                                                                                      
 
                                                                                                                      Value range: 1 to 4096
                                                                                                                      
 
                                                                                                                      This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                                                                                      
+
                                                                                                                      This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
                                                                                                                      Upper Limit for Image Garbage Collection
                                                                                                                      
@@ -264,20 +240,20 @@
 
                                                                                                                      Value range: 1 to 100
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      To disable image garbage collection, set this parameter to 100.
                                                                                                                      
-
                                                                                                                      This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                                                                                      
+
                                                                                                                      This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
                                                                                                                      Lower Limit for Image Garbage Collection
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      image-gc-low-threshold
                                                                                                                      
 
                                                                                                                      When the disk usage reduces to this value, image garbage collection stops.
                                                                                                                      
+
                                                                                                                      Image garbage collection stops when the disk usage drops below the specified threshold.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Default: 70
                                                                                                                      
 
                                                                                                                      Value range: 1 to 100
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      The value of this parameter cannot be greater than the upper limit for image garbage collection.
                                                                                                                      
-
                                                                                                                      This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                                                                                      
+
                                                                                                                      This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
                                                                                                                      Node memory reservation
                                                                                                                      
@@ -316,7 +292,6 @@
 
 
                                                                                                                      kubelet can identify the following specific file system identifiers:
                                                                                                                      
 
                                                                                                                      • nodefs: main file system of a node. It is used for local disk volumes, emptyDir volumes that are not supported by memory, and log storage. For example, nodefs contains /var/lib/kubelet/.
                                                                                                                      • imagefs: file system partition used by a container engine.
                                                                                                                      
-
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      
@@ -467,7 +442,7 @@
                                                                                                                       		
 
                                                                                                                      Maximum number of connection tracking entries
                                                                                                                      
 
                                                                                                                      To obtain the value, run the following command:
                                                                                                                      
-
                                                                                                                      sysctl -w net.nf_conntrack_max
                                                                                                                      
+
                                                                                                                      sysctl net.nf_conntrack_max
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Default: 131072
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Wait time of a closed TCP connection
                                                                                                                      
 
                                                                                                                      To obtain the value, run the following command:
                                                                                                                      
-
                                                                                                                      sysctl -w net.netfilter.nf_conntrack_tcp_timeout_close_wait
                                                                                                                      
+
                                                                                                                      sysctl net.netfilter.nf_conntrack_tcp_timeout_close_wait
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Default: 1h0m0s
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
                                                                                                                      Maximum size of a container core file
                                                                                                                      
+
                                                                                                                      Maximum size of a container core file
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      limitcore
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Maximum size of a core file in a container. The unit is byte.
                                                                                                                      
-
                                                                                                                      If not specified, the value is infinity.
                                                                                                                      
+
                                                                                                                      If not specified, the value is infinity.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Default: 5368709120
                                                                                                                      
 
                                                                                                                      Default: 1048576
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      The value cannot exceed the value of the kernel parameter nr_open and cannot be a negative number.
                                                                                                                      
-
                                                                                                                      You can run the following command to obtain the kernel parameter nr_open:
                                                                                                                      
+
                                                                                                                      You can run the following command to obtain the kernel parameter nr_open:
                                                                                                                      
 
                                                                                                                      sysctl -a | grep nr_open
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
 
                                                                                                                      Available data space for a single container
                                                                                                                      
+
                                                                                                                      container-base-size
                                                                                                                      
+
                                                                                                                      Maximum data space that can be used by each container.
                                                                                                                      
+
                                                                                                                      Default: 0
                                                                                                                      
+
                                                                                                                      The parameter value cannot be changed.
                                                                                                                      
+
                                                                                                                      
 
                                                                                                                      Modify Image Repository Configuration
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      registry-mirrors
                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0653.html b/docs/cce/umn/cce_10_0653.html
index 2da85ef45..2d2a13289 100644
--- a/docs/cce/umn/cce_10_0653.html
+++ b/docs/cce/umn/cce_10_0653.html
@@ -19,7 +19,7 @@
 
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                    
-
                                                                                                                    Configurations
+
                                                                                                                    Node Configuration
 
                                                                                                                    
-
                                                                                                                    Table 2 Node configuration parameters
                                                                                                                    Parameter
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    Description
                                                                                                                    
@@ -29,6 +29,8 @@
 
                                                                                                                    Specifications
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    Select node specifications that best fit your service needs.
                                                                                                                    
+
                                                                                                                     NOTE: 
                                                                                                                    • If a node pool is configured with multiple node flavors, only the flavors (which can be located in different AZs) of the same node type are supported. For example, a node pool consisting of general computing-plus nodes supports only general computing-plus node flavors, but not the flavors of general computing nodes.
                                                                                                                    • A maximum of 10 node flavors can be added to a node pool (the flavors in different AZs are counted separately). When adding a node flavor, you can choose multiple AZs, but you need to specify them.
                                                                                                                    • Nodes in a newly created node pool are created using the default flavor. If the resources for the default flavor are insufficient, node creation will fail.
                                                                                                                    • After a node pool is created, the flavors of existing nodes cannot be deleted.
                                                                                                                    
+
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    
 
                                                                                                                    Container Engine
                                                                                                                    
@@ -79,7 +81,7 @@
 
                                                                                                                    System disk used by the node OS. The value ranges from 40 GiB to 1024 GiB. The default value is 50 GiB.
                                                                                                                    
 
                                                                                                                     NOTE: 
                                                                                                                    After the system disk configuration is modified, the modification takes effect only on newly added nodes. The configuration cannot be synchronized to existing nodes even if they are reset.
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    System Disk Encryption: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. Only the nodes of the Elastic Cloud Server (VM) type in certain regions support system disk encryption. For details, see the console.
                                                                                                                    • Not encrypted is selected by default.
                                                                                                                    • After setting System Disk Encryption to Enabled (key), choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the key text box.
                                                                                                                    
+
                                                                                                                    System Disk Encryption: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. Only the nodes of the Elastic Cloud Server (VM) type in certain regions support system disk encryption. For details, see the console.
                                                                                                                    • Not encrypted is selected by default.
                                                                                                                    • After setting System Disk Encryption to Enabled (key), choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
                                                                                                                    
 
                                                                                                                     NOTE: 
                                                                                                                    The modified system disk encryption automatically takes effect on new nodes. For existing nodes, manually reset the nodes for the modification to take effect.
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    
@@ -95,25 +97,25 @@
 
                                                                                                                    
 
                                                                                                                    Data Disk
                                                                                                                    
 
                                                                                                                    At least one data disk is required for the container runtime and kubelet components in clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.
                                                                                                                    • Default data disk: used for container runtime and kubelet components. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB.
                                                                                                                    • Other common data disks: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.
                                                                                                                    
-
                                                                                                                    
+
                                                                                                                    • At least one default data disk must be added for storing container runtime and kubelet components if System Component Storage is set to Data Disk. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable. This function is available for clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0.
                                                                                                                      • Default data disk: used for container runtime and kubelet components. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB.
                                                                                                                      • Other common data disks: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.
                                                                                                                      
+
                                                                                                                    • If System Component Storage is set to System Disk, you do not need to add a default data disk. In this case, all data disks are common ones: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB. This function is available for clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later versions.
                                                                                                                    
 
                                                                                                                     NOTE: 
                                                                                                                    After the data disk configuration is modified, the modification takes effect only on newly added nodes. The configuration cannot be synchronized to existing nodes even if they are reset.
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    Advanced Settings
                                                                                                                    
-
                                                                                                                    Expand the area and configure the following parameters:
                                                                                                                    
-
                                                                                                                    • Data Disk Space Allocation: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Space Allocation of a Data Disk.
                                                                                                                       NOTE: 
                                                                                                                      After the data disk space allocation configuration is modified, the modification takes effect only for new nodes. The configuration cannot take effect for the existing nodes even if they are reset.
                                                                                                                      
+
                                                                                                                      Expand the area and configure the following parameters:
                                                                                                                      
+
                                                                                                                      • Data Disk Space Allocation: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Space Allocation of a Data Disk.
                                                                                                                         NOTE: 
                                                                                                                        After the data disk space allocation configuration is modified, the modification takes effect only for new nodes. The configuration cannot take effect for the existing nodes even if they are reset.
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                      • Enabled: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. 
                                                                                                                        • Not encrypted is selected by default.
                                                                                                                        • After setting Data Disk Encryption to Enabled, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the key text box.
                                                                                                                        
+
                                                                                                                      • Enabled: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. 
                                                                                                                        • Not encrypted is selected by default.
                                                                                                                        • After setting Data Disk Encryption to Enabled, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
                                                                                                                        
 
                                                                                                                         NOTE: 
                                                                                                                        After the Data Disk Encryption is modified, the modification takes effect only on newly added nodes. The configuration cannot be synchronized to existing nodes even if they are reset.
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                      
-
                                                                                                                      Adding data disks
                                                                                                                      
+
                                                                                                                      Adding data disks
                                                                                                                      
 
                                                                                                                      A maximum of 16 data disks can be attached to an ECS. By default, a raw disk is created without any processing. You can also click Expand and select any of the following options:
                                                                                                                      
 
                                                                                                                      • Default: By default, a raw disk is created without any processing.
                                                                                                                      • Mount Disk: The data disk is attached to a specified directory.
                                                                                                                      • Use as PV: applicable when there is a high performance requirement on PVs. The node.kubernetes.io/local-storage-persistent label is added to the node with PV configured. The value is linear or striped.
                                                                                                                      • Use as ephemeral volume: applicable when there is a high performance requirement on emptyDir.
                                                                                                                      
+
                                                                                                                      PVs and EVs support the following write modes:
                                                                                                                      
+
                                                                                                                      • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                                                                      • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence. This allows data to be concurrently read and written. A storage pool consisting of striped volumes cannot be scaled-out. This option can be selected only when there are multiple volumes.
                                                                                                                      
 
                                                                                                                       NOTE: 
                                                                                                                      • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                      • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
                                                                                                                      
 
                                                                                                                      
-
                                                                                                                      Local PVs and local EVs can be written in the following modes:
                                                                                                                      • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                                                                      • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence. This allows data to be concurrently read and written. A storage pool consisting of striped volumes cannot be scaled-out. This option can be selected only when multiple volumes exist.
                                                                                                                      
-
                                                                                                                      
 
                                                                                                                      Local Disk Description
                                                                                                                      
 
                                                                                                                      If the node flavor is disk-intensive or ultra-high I/O, one data disk can be a local disk.
                                                                                                                      
 
                                                                                                                      Local disks may break down and do not ensure data reliability. Store your service data in EVS disks, which are more reliable than local disks.
                                                                                                                      
@@ -133,7 +135,7 @@
 
                                                                                                                    Resource Tag
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    You can add resource tags to classify resources.
                                                                                                                    
-
                                                                                                                    You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                                                                    
+
                                                                                                                    You can create predefined tags on the TMS console. These tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                                                                    
 
                                                                                                                    CCE will automatically create the "CCE-Dynamic-Provisioning-Node=Node ID" tag.
                                                                                                                    
 
                                                                                                                     NOTE: 
                                                                                                                    Modified resource tags automatically take effect on new nodes.
                                                                                                                    
 
                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0654.html b/docs/cce/umn/cce_10_0654.html
index ada775a82..1a0ec2128 100644
--- a/docs/cce/umn/cce_10_0654.html
+++ b/docs/cce/umn/cce_10_0654.html
@@ -5,7 +5,7 @@
 
                                                                                                                     
                                                                                                                    • Do not delete or reset nodes during batch synchronization. Otherwise, the synchronization of node pool configuration may fail.
                                                                                                                    • This operation involves resetting nodes. Workloads running on a node may be interrupted due to standalone deployment or insufficient schedulable resources. Evaluate the upgrade risks and perform the upgrade during off-peak hours. Alternatively, specify a disruption budget for your key applications to ensure the availability of these applications during the upgrade.
                                                                                                                    • During configuration synchronization for existing nodes, the nodes will be reset, and the system disks and data disks will be cleared. Back up important data before the synchronization.
                                                                                                                    • Only some node pool parameters can be synchronized by resetting nodes. The constraints are as follows:
                                                                                                                      • Changes to the container engine, OS, or pre-/post-installation script in a node pool take effect only on new nodes. To synchronize the modification onto existing nodes, manually reset these nodes.
                                                                                                                      • Changes to resource tags and Kubernetes labels/taints in a node pool will be automatically synchronized to existing nodes. You do not need to reset these nodes.
                                                                                                                      
 
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Synchronizing a Single Node
                                                                                                                    1. Log in to the CCE console.
                                                                                                                    2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Nodes tab.
                                                                                                                    3. Find upgrade in the Node Pool column of the existing nodes in the node pool.
                                                                                                                    4. Click update. In the dialog box that is displayed, confirm whether to reset the node immediately.
                                                                                                                    
+
                                                                                                                    Synchronizing a Single Node
                                                                                                                    1. Log in to the CCE console.
                                                                                                                    2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Nodes tab.
                                                                                                                    3. Find Node pool updated in the Node Name column of the existing nodes in the node pool.
                                                                                                                    4. Move the cursor to Node pool updated. The Reset button is displayed. You can then determine whether to reset the node immediately.
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    Batch Synchronization
                                                                                                                    1. Log in to the CCE console.
                                                                                                                    2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                    3. Choose More > Synchronize in the Operation column of the target node pool.
                                                                                                                    4. In the Batch synchronization window, configure parameters.
                                                                                                                      • OS: shows the image of the target version. You do not need to configure this parameter.
                                                                                                                      • Synchronization Policy: Node Reset is supported.
                                                                                                                      • Max. Nodes for Batch Synchronize: maximum number of nodes that will be unavailable during node synchronization. Nodes will be unavailable during synchronization by resetting the nodes. Properly configure this parameter to prevent pod scheduling failures caused by too many unavailable nodes in the cluster.
                                                                                                                      • Node List: Select the nodes requiring the synchronization of node pool configurations.
                                                                                                                      
 
                                                                                                                    5. Click OK.
                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0656.html b/docs/cce/umn/cce_10_0656.html
index 6140b1d79..8ab5930a3 100644
--- a/docs/cce/umn/cce_10_0656.html
+++ b/docs/cce/umn/cce_10_0656.html
@@ -46,11 +46,11 @@
 
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Migrating Nodes from a Custom Node Pool to the Default Node Pool
                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                    2. In the navigation pane, choose Nodes and click the Node Pools tab.
                                                                                                                    3. Click View Node in the Operation column of the node pool to be migrated.
                                                                                                                    4. Choose More > Migrate Node in the Operation column of the target node to migrate the node.
                                                                                                                    5. In the displayed Migrate Node dialog box, confirm the information.
                                                                                                                       
                                                                                                                      • The migration does not affect custom resource tags, Kubernetes labels, and taints of the node.
                                                                                                                      • After the migration, system labels cce.cloud.com and cce-nodepool on the node will be deleted. If an existing workload uses these labels for affinity or anti-affinity scheduling, the existing pods on the node will be stopped and rescheduled when kubelet is restarted.
                                                                                                                      
+
                                                                                                                      Migrating Nodes from a Custom Node Pool to the Default Node Pool
                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                      2. In the navigation pane, choose Nodes and click the Node Pools tab.
                                                                                                                      3. Click View Node in the Operation column of the node pool to be migrated.
                                                                                                                      4. Choose More > Migrate Node in the Operation column of the target node to migrate the node.
                                                                                                                      5. In the displayed Migrate Node dialog box, confirm the information.
                                                                                                                         
                                                                                                                        • The migration does not affect custom resource tags, and Kubernetes labels and taints of the node.
                                                                                                                        • After the migration, system labels cce.cloud.com and cce-nodepool on the node will be deleted. If an existing workload uses these labels for affinity or anti-affinity scheduling, the existing pods on the node will be stopped and rescheduled when kubelet is restarted.
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                      
 
                                                                                                                      
-
                                                                                                                      Migrating Nodes from the Default Node Pool to a Custom Node Pool
                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                      2. In the navigation pane, choose Nodes and click the Node Pools tab.
                                                                                                                      3. Locate the target node pool and choose More > Accept Node.
                                                                                                                      4. In the Accept Node dialog box, select the nodes that meet the following conditions:
                                                                                                                        • The nodes and the current node pool are deployed in the same VPC and subnet.
                                                                                                                        • The nodes and the current node pool belong to the same enterprise project.
                                                                                                                        • The nodes and the current node pool are in the same cloud server group.
                                                                                                                        • The billing mode of the nodes is supported by the current node pool.
                                                                                                                        • The nodes are running and they are from the default node pool.
                                                                                                                        • The flavor, AZ, resource reservation, container engine, and OS configurations of the nodes are the same as those of the node pool.
                                                                                                                        
+
                                                                                                                        Migrating Nodes from the Default Node Pool to a Custom Node Pool
                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                        2. In the navigation pane, choose Nodes and click the Node Pools tab.
                                                                                                                        3. Locate the target node pool and choose More > Accept Node.
                                                                                                                        4. In the Accept Node dialog box, select the nodes that meet the following conditions:
                                                                                                                          • The nodes and the current node pool are deployed in the same VPC and subnet.
                                                                                                                          • The nodes and the current node pool are in the same cloud server group.
                                                                                                                          • The billing mode of the nodes is supported by the current node pool.
                                                                                                                          • The nodes are running and they are from the default node pool.
                                                                                                                          • The flavor, AZ, resource reservation, container engine, and OS configurations of the nodes are the same as those of the node pool.
                                                                                                                          
 
                                                                                                                        5. Click OK.
                                                                                                                           
                                                                                                                          • After nodes are migrated into a node pool, the pool's resource tags, Kubernetes labels, and Kubernetes taints will be synchronized to the nodes. If there is a conflict, the node pool's configurations will take precedence.
                                                                                                                          • After the migration, the pool's security group will take over the nodes' original security group.
                                                                                                                          • After the migration, the pool's agency will take over the nodes' original agency.
                                                                                                                          • After the migration, the nodes' original login mode will remain unchanged.
                                                                                                                          • After a node is migrated to a node pool after being accepted by the cluster, its acceptance tag will be removed. Scaling in the node pool may result in the removal of the node.
                                                                                                                          
 
                                                                                                                          
 
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0658.html b/docs/cce/umn/cce_10_0658.html
index 418bbe958..d7f5a5754 100644
--- a/docs/cce/umn/cce_10_0658.html
+++ b/docs/cce/umn/cce_10_0658.html
@@ -4,7 +4,7 @@
 
                                                                                                                        You can specify a specification in a node pool for scaling.
                                                                                                                        
 
                                                                                                                         
                                                                                                                        The default node pool does not support scaling. Use Creating a Node to add a node.
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                        1. Log in to the CCE console.
                                                                                                                        2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                        3. Choose Scaling next to the target node pool.
                                                                                                                        4. In the displayed Node Pool Scaling window, configure scaling parameters.
                                                                                                                          • Add or reduce nodes for scaling.
                                                                                                                          • Use the selected flavor to increase or decrease the number of nodes.
                                                                                                                          • Configure the number of nodes to be added or deleted.
                                                                                                                            • When scaling out a node pool, make sure that the total number of nodes, both existing and new, does not exceed the management scale of the current cluster.
                                                                                                                            • When scaling in a node pool, make sure that the number of nodes to be removed does not exceed the number of nodes currently in the pool.
                                                                                                                              Scaling in can result in the unavailability of resources associated with a node, such as local storage and workloads that were scheduled to that node. Exercise caution when performing this operation to avoid impact on running services.
                                                                                                                              
+
                                                                                                                              1. Log in to the CCE console.
                                                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                              3. Choose Resize next to the target node pool.
                                                                                                                              4. In the Resize Node Pool dialog box, configure scaling parameters.
                                                                                                                                • Resize: Add or reduce nodes for scaling.
                                                                                                                                • Use the selected flavor to increase or decrease the number of nodes.
                                                                                                                                • Configure the number of nodes to be added or deleted.
                                                                                                                                  • When scaling out a node pool, make sure that the total number of nodes, both existing and new, does not exceed the management scale of the current cluster.
                                                                                                                                  • When scaling in a node pool, make sure that the number of nodes to be removed does not exceed the number of nodes currently in the pool.
                                                                                                                                    Scaling in can result in the unavailability of resources associated with a node, such as local storage and workloads that were scheduled to that node. Exercise caution when performing this operation to avoid impact on running services.
                                                                                                                                    
 
                                                                                                                                  
 
                                                                                                                                
 
                                                                                                                              5. Click OK.
                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0659.html b/docs/cce/umn/cce_10_0659.html
index 52bab6dfe..1dc0b50c6 100644
--- a/docs/cce/umn/cce_10_0659.html
+++ b/docs/cce/umn/cce_10_0659.html
@@ -25,12 +25,12 @@
 
                                                                                                                    
 
                                                                                                                    Disabling scheduling
                                                                                                                    
 
                                                                                                                    Kubernetes events are reported and the NoSchedule taint is added to the node.
                                                                                                                    
+
                                                                                                                    Kubernetes events are reported and the NoSchedule taint is added to the node.
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    
 
                                                                                                                    Evict Node Load
                                                                                                                    
 
                                                                                                                    Kubernetes events are reported and the NoExecute taint is added to the node. This operation will evict workloads on the node and interrupt services. Exercise caution when performing this operation.
                                                                                                                    
+
                                                                                                                    Kubernetes events are reported and the NoExecute taint is added to the node. This operation will evict workloads on the node and interrupt services. Exercise caution when performing this operation.
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    
 
 
 
                                                                                                                    Warning event
                                                                                                                    
-
                                                                                                                    Listening object: /dev/kmsg
                                                                                                                    
+
                                                                                                                    Listening object: /dev/kmsg
                                                                                                                    
 
                                                                                                                    Matching rule: "task \\S+:\\w+ blocked for more than \\w+ seconds\\."
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    
 
 
                                                                                                                    Warning event
                                                                                                                    
-
                                                                                                                    Listening object: /dev/kmsg
                                                                                                                    
+
                                                                                                                    Listening object: /dev/kmsg
                                                                                                                    
 
                                                                                                                    Matching rule: Remounting filesystem read-only
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    
 
                                                                                                                    Check whether PID process resources are exhausted.
                                                                                                                    
 
                                                                                                                    • Default threshold: 90%
                                                                                                                    • Usage: nr_threads in /proc/loadavg
                                                                                                                    • Maximum value: smaller value between /proc/sys/kernel/pid_max and /proc/sys/kernel/threads-max.
                                                                                                                    
+
                                                                                                                    • Default threshold: 90%
                                                                                                                    • Usage: denominator of the fourth value in /proc/loadavg, which indicates the total number of processes that can run
                                                                                                                    • Maximum value: smaller value between /proc/sys/kernel/pid_max and /proc/sys/kernel/threads-max.
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    
 
 
 
                                                                                                                    • Detection period: 30s
                                                                                                                    • Source:
                                                                                                                      vgs -o vg_name, vg_attr
                                                                                                                      
-
                                                                                                                    • Principle: Check whether the VG (storage pool) is in the P state. If yes, some PVs (data disks) are lost.
                                                                                                                    • Joint scheduling: The scheduler can automatically identify a PV storage pool error and prevent pods that depend on the storage pool from being scheduled to the node.
                                                                                                                    • Exceptional scenario: The NPD add-on cannot detect the loss of all PVs (data disks), resulting in the loss of VGs (storage pools). In this case, kubelet automatically isolates the node, detects the loss of VGs (storage pools), and updates the corresponding resources in nodestatus.allocatable to 0. This prevents pods that depend on the storage pool from being scheduled to the node. The damage of a single PV cannot be detected by this check item, but by the ReadonlyFilesystem check item.
                                                                                                                    
+
                                                                                                                  3. Principle: Check whether the VG (storage pool) is in the P state. If yes, some PVs (data disks) are lost.
                                                                                                                  4. Joint scheduling: The scheduler can automatically identify a PV storage pool error and prevent pods that depend on the storage pool from being scheduled to the node.
                                                                                                                  5. Exceptional scenario: The NPD add-on cannot detect the loss of all PVs (data disks), resulting in the loss of VGs (storage pools). In this case, kubelet automatically isolates the node, detects the loss of VGs (storage pools), and updates the corresponding resources in nodestatus.allocatable to 0. This prevents pods that depend on the storage pool from being scheduled to the node. The damage of a single PV cannot be detected by this check item, but by the ReadonlyFilesystem check item.
                                                                                                                    6. 
                                                                                                                     		
 
                                                                                                                    
 
                                                                                                                    PV storage pool error
                                                                                                                    
@@ -255,7 +255,7 @@
 
                                                                                                                    MountPointProblem
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    Check the mount point on the node.
                                                                                                                    
-
                                                                                                                    Exceptional definition: You cannot access the mount point by running the cd command.
                                                                                                                    
+
                                                                                                                    Definition: You cannot access the mount point by running the cd command.
                                                                                                                    
 
                                                                                                                    Typical scenario: Network File System (NFS), for example, obsfs and s3fs is mounted to a node. When the connection is abnormal due to network or peer NFS server exceptions, all processes that access the mount point are suspended. For example, during a cluster upgrade, a kubelet is restarted, and all mount points are scanned. If the abnormal mount point is detected, the upgrade fails.
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    Alternatively, you can run the following command:
                                                                                                                    
@@ -272,7 +272,7 @@
 
                                                                                                                    • Check object: all data disks
                                                                                                                    • Source:
                                                                                                                      /proc/diskstat
                                                                                                                      
 
                                                                                                                      Alternatively, you can run the following command:
                                                                                                                      iostat -xmt 1
                                                                                                                      
 
                                                                                                                      
-
                                                                                                                    • Thresholds: (All following conditions must be met).
                                                                                                                      • Average usage (ioutil) ≥ 0.99
                                                                                                                      • Average I/O queue length (avgqu-sz) ≥ 1
                                                                                                                      • Average I/O transfer volume ≤ 1
                                                                                                                        Average I/O transfer volume = Number of writes completed per second (iops, unit: w/s) + Amount of data written per second (ioth, unit: wMB/s)
                                                                                                                        
+
                                                                                                                      • Thresholds: (All following conditions must be met.)
                                                                                                                        • Average usage (ioutil) ≥ 0.99
                                                                                                                        • Average I/O queue length (avgqu-sz) ≥ 1
                                                                                                                        • Average I/O transfer volume ≤ 1
                                                                                                                          Average I/O transfer volume = Number of writes completed per second (iops, unit: w/s) + Amount of data written per second (ioth, unit: wMB/s)
                                                                                                                          
 
                                                                                                                        
 
                                                                                                                         NOTE: 
                                                                                                                        In some OSs, no data changes during I/O. In this case, calculate the CPU I/O time usage. The value of iowait should be greater than 0.8.
                                                                                                                        
 
                                                                                                                        
@@ -336,7 +336,7 @@
 
                                                                                                                    		
 
                                                                                                                    Check whether the ResolvConf file is lost.
                                                                                                                    
 
                                                                                                                    Check whether the ResolvConf file is normal.
                                                                                                                    
-
                                                                                                                    Exceptional definition: No upstream domain name resolution server (nameserver) is included.
                                                                                                                    
+
                                                                                                                    Definition: No upstream domain name resolution server (nameserver) is included.
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    Object: /etc/resolv.conf
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    Check whether the allocable memory for the containers is sufficient.
                                                                                                                    
 
                                                                                                                    • Interval: 10 seconds
                                                                                                                    • Threshold: max. 100 MiB
                                                                                                                    • Allocable = Total memory of a node – Reserved memory of a node
                                                                                                                    • Defect: This check item checks only the memory consumed by containers, and does not consider that consumed by other elements on the node.
                                                                                                                    
+
                                                                                                                    • Interval: 10 seconds
                                                                                                                    • Threshold: Maximum value – 100 MiB
                                                                                                                    • Allocable = Total memory of a node – Reserved memory of a node
                                                                                                                    • Defect: This check item checks only the memory consumed by containers, and does not consider that consumed by other elements on the node.
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    
 
                                                                                                                    Insufficient disk resources
                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0672.html b/docs/cce/umn/cce_10_0672.html
index 6c772973d..ead170e41 100644
--- a/docs/cce/umn/cce_10_0672.html
+++ b/docs/cce/umn/cce_10_0672.html
@@ -1,7 +1,8 @@
 
 
 
                                                                                                                    Management Nodes
                                                                                                                    
-
                                                                                                                    
+
                                                                                                                    
+
                                                                                                                    
 
                                                                                                                    
 
 
diff --git a/docs/cce/umn/cce_10_0674.html b/docs/cce/umn/cce_10_0674.html
index 586385b99..2090a41f9 100644
--- a/docs/cce/umn/cce_10_0674.html
+++ b/docs/cce/umn/cce_10_0674.html
@@ -1,7 +1,11 @@
 
 
-
                                                                                                                    Scheduling
                                                                                                                    
-
                                                                                                                    
+
+  
                                                                                                                    Scheduling
                                                                                                                    
+
+  
                                                                                                                    
+
                                                                                                                    
+
 
                                                                                                                    
 
 
 
                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0678.html b/docs/cce/umn/cce_10_0678.html
index 865d4aa34..6a7258e35 100644
--- a/docs/cce/umn/cce_10_0678.html
+++ b/docs/cce/umn/cce_10_0678.html
@@ -5,9 +5,9 @@
 
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    Notes and Constraints
                                                                                                                    • This function is available only for clusters of v1.19 or later using a VPC network.
                                                                                                                    • An added container CIDR block cannot be deleted.
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Adding a Container CIDR Block for a CCE Standard Cluster
                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                    2. On the Overview page, locate the Networking Configuration area and click Add.
                                                                                                                    3. Configure the container CIDR block to be added. You can click  to add multiple container CIDR blocks at a time.
                                                                                                                       
                                                                                                                      New container CIDR blocks cannot conflict with service CIDR blocks, VPC CIDR blocks, and existing container CIDR blocks.
                                                                                                                      
+
                                                                                                                      Adding a Container CIDR Block for a CCE Standard Cluster
                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                      2. On the Overview page, locate the Networking Configuration area and click Add.
                                                                                                                      3. Configure the container CIDR block to be added. You can click  to add multiple container CIDR blocks at a time.
                                                                                                                         
                                                                                                                        New container CIDR blocks cannot conflict with service CIDR blocks, VPC CIDR blocks, and existing container CIDR blocks.
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                      4. Click OK.
                                                                                                                      
 
                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0681.html b/docs/cce/umn/cce_10_0681.html
index 56eceebcc..747884b8d 100644
--- a/docs/cce/umn/cce_10_0681.html
+++ b/docs/cce/umn/cce_10_0681.html
@@ -3,16 +3,16 @@
 
                                                                                                                      Creating a LoadBalancer Service
                                                                                                                      
 
                                                                                                                      Scenario
                                                                                                                      LoadBalancer Services can access workloads from the public network through a load balancer, which is more reliable than EIP-based access. The LoadBalancer access address is in the format of IP address of public network load balancer:Access port, for example, 10.117.117.117:80.
                                                                                                                      
 
                                                                                                                      In this access mode, requests are transmitted through an ELB load balancer to a node and then forwarded to the destination pod through the Service.
                                                                                                                      
-
                                                                                                                      Figure 1 LoadBalancer
                                                                                                                      
+
                                                                                                                      Figure 1 LoadBalancer
                                                                                                                      
 
                                                                                                                      When CCE Turbo clusters and dedicated load balancers are used, passthrough networking is supported to reduce service latency and ensure zero performance loss.
                                                                                                                      
 
                                                                                                                      External access requests are directly forwarded from a load balancer to pods. Internal access requests can be forwarded to a pod through a Service.
                                                                                                                      
-
                                                                                                                      Figure 2 Passthrough networking
                                                                                                                      
+
                                                                                                                      Figure 2 Passthrough networking
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      Notes and Constraints
                                                                                                                      • LoadBalancer Services allow workloads to be accessed from public networks through ELB. This access mode has the following restrictions:
                                                                                                                        • Automatically created load balancers should not be used by other resources. Otherwise, these load balancers cannot be completely deleted.
                                                                                                                        • Do not change the listener name for the load balancer in clusters of v1.15 and earlier. Otherwise, the load balancer cannot be accessed.
                                                                                                                        
-
                                                                                                                      • After a Service is created, if the affinity setting is switched from the cluster level to the node level, the connection tracing table will not be cleared. Do not modify the Service affinity setting after the Service is created. To modify it, create a Service again.
                                                                                                                      • If service affinity is set to the node level (that is, externalTrafficPolicy is set to Local), the cluster may fail to access the Service by using the ELB address. For details, see Why a Service Fail to Be Accessed from Within the Cluster.
                                                                                                                      • In a CCE Turbo cluster that utilizes a Cloud Native 2.0 network model, node-level affinity is supported only when the Service backend is connected to a HostNetwork pod.
                                                                                                                      • Dedicated ELB load balancers can be used only in clusters of v1.17 and later.
                                                                                                                      • A dedicated load balancer must be of the network type (TCP/UDP) and support private networks (with a private IP address). If the Service needs to support HTTP, the dedicated load balancers must be of the network (TCP/UDP) or application load balancing (HTTP/HTTPS) type.
                                                                                                                      • When the cluster service forwarding (proxy) mode is IPVS, the node IP cannot be configured as the external IP of the Service. Otherwise, the node is unavailable.
                                                                                                                      • In a cluster using the IPVS proxy mode, if the ingress and Service use the same ELB load balancer, the ingress cannot be accessed from the nodes and containers in the cluster because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge. This bridge intercepts the traffic of the load balancer connected to the ingress. Use different load balancers for the ingress and Service.
                                                                                                                      
+
                                                                                                                    4. After a Service is created, if the affinity setting is switched from the cluster level to the node level, the connection tracing table will not be cleared. Do not modify the Service affinity setting after the Service is created. To modify it, create a Service again.
                                                                                                                    5. If service affinity is set to the node level (that is, externalTrafficPolicy is set to Local), the cluster may fail to access the Service by using the ELB address. For details, see Why a Service Fail to Be Accessed from Within the Cluster.
                                                                                                                    6. In a CCE Turbo cluster that utilizes Cloud Native Network 2.0, node-level affinity is supported only when the Service backend is connected to a hostNetwork pod.
                                                                                                                    7. Dedicated ELB load balancers can be used only in clusters of v1.17 and later.
                                                                                                                    8. Dedicated load balancers must support private networks (with private IP addresses). If the Service needs to support HTTP, the dedicated load balancers must be of the application (HTTP/HTTPS) type.
                                                                                                                    9. When the cluster service forwarding (proxy) mode is IPVS, the node IP cannot be configured as the external IP of the Service. Otherwise, the node is unavailable.
                                                                                                                    10. If you have an IPVS-backed cluster and use the same ELB load balancer for both the ingress and Service in the same cluster or for the Service ports in different clusters, you will not be able to access the ingress from the nodes or containers in the cluster, or the Service ports in other clusters. This is because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge, which intercepts the load balancer traffic. Use separate load balancers for these ingresses and Services.
                                                                                                                      11. 
 
                                                                                                                    
-
                                                                                                                    Using the Console
                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                    2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                    3. Configure parameters.
                                                                                                                      • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                      • Service Type: Select LoadBalancer.
                                                                                                                      • Namespace: namespace that the workload belongs to.
                                                                                                                      • Service Affinity: For details, see externalTrafficPolicy (Service Affinity).
                                                                                                                        • Cluster-level: The IP addresses and access ports of all nodes in a cluster can access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                                                                                                        • Node-level: Only the IP address and access port of the node where the workload is located can access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                                                                                                                        
-
                                                                                                                      • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                      • Protocol Version: This function is disabled by default. After this function is enabled, the cluster IP address of the Service can be set to an IPv6 address. This parameter is available only in clusters of v1.15 or later with IPv6 enabled (set during cluster creation).
                                                                                                                      • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                        A load balancer can be dedicated or shared. A dedicated load balancer supports Network (TCP/UDP), Application (HTTP/HTTPS), or Network (TCP/UDP) & Application (HTTP/HTTPS).
                                                                                                                        
+
                                                                                                                        Using the Console
                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                        2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                        3. Configure parameters.
                                                                                                                          • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                          • Service Type: Select LoadBalancer.
                                                                                                                          • Namespace: namespace that the workload belongs to.
                                                                                                                          • Service Affinity: For details, see externalTrafficPolicy (Service Affinity).
                                                                                                                            • Cluster level: The IP addresses and access ports of all nodes in a cluster can access the workload associated with the Service. Accessing the Service will result in a decrease in performance due to route redirection, and the source IP address of the client cannot be obtained.
                                                                                                                            • Node level: Only the IP address and access port of the node where the workload is located can access the workload associated with the Service. Accessing the Service will not result in a decrease in performance due to route redirection, and the source IP address of the client can be obtained.
                                                                                                                            
+
                                                                                                                          • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                          • Protocol Version: This function is disabled by default. After this function is enabled, the cluster IP address of the Service can be set to an IPv6 address.  This parameter is available only in clusters of v1.15 or later with IPv6 enabled (set during cluster creation).
                                                                                                                          • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                            A load balancer can be dedicated or shared. A dedicated load balancer supports Network (TCP/UDP), Application (HTTP/HTTPS), or Network (TCP/UDP) & Application (HTTP/HTTPS).
                                                                                                                            
 
                                                                                                                            You can select Use existing or Auto create to obtain a load balancer. For details about the configuration of different creation modes, see Table 1.
 
                                                                                                                            
@@ -28,7 +28,7 @@
 
@@ -38,10 +38,11 @@
 
                                                                                                                            Set ELB: You can click Edit and configure the load balancing algorithm and sticky session.
                                                                                                                            • Algorithm: Three algorithms are available: weighted round robin, weighted least connections algorithm, or source IP hash.
                                                                                                                               
                                                                                                                              • Weighted round robin: Requests are forwarded to different servers based on their weights, which indicate server processing performance. Backend servers with higher weights receive proportionately more requests, whereas equal-weighted servers receive the same number of requests. This algorithm is often used for short connections, such as HTTP services.
                                                                                                                              • Weighted least connections: In addition to the weight assigned to each server, the number of connections processed by each backend server is considered. Requests are forwarded to the server with the lowest connections-to-weight ratio. Building on least connections, the weighted least connections algorithm assigns a weight to each server based on their processing capability. This algorithm is often used for persistent connections, such as database connections.
                                                                                                                              • Source IP hash: The source IP address of each request is calculated using the hash algorithm to obtain a unique hash key, and all backend servers are numbered. The generated key allocates the client to a particular server. This enables requests from different clients to be distributed in load balancing mode and ensures that requests from the same client are forwarded to the same server. This algorithm applies to TCP connections without cookies.
                                                                                                                              
 
                                                                                                                              
-
                                                                                                                            • Sticky Session: This function is disabled by default. You can use source IP addresses. Source IP address-based sticky session means that access requests from the same IP address are forwarded to the same backend server.
                                                                                                                               
                                                                                                                              When the distribution policy uses the source IP hash, sticky session cannot be set.
                                                                                                                              
+
                                                                                                                            • Sticky Session: This function is disabled by default.
                                                                                                                              If the listener's frontend protocol is TCP or UDP, sticky sessions can use source IP addresses. This means that access requests from the same IP address will be directed to the same backend server or pod.
                                                                                                                              
+
                                                                                                                               
                                                                                                                              When the distribution policy uses the source IP hash, sticky session cannot be set.
                                                                                                                              
 
                                                                                                                              
 
                                                                                                                            
-
                                                                                                                          • Health Check: Configure health check for the load balancer.
+
                                                                                                                          • Health Check: Configure health check for the load balancer.
 
 
                                                                                                                            • Table 1 Load balancer configurations
                                                                                                                            How to Create
                                                                                                                            
 
                                                                                                                            Auto create
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            • Instance Name: Enter a load balancer name.
                                                                                                                            • AZ: available only to dedicated load balancers. You can create load balancers in multiple AZs to improve service availability. You can deploy a load balancer in multiple AZs for high availability.
                                                                                                                            • Frontend Subnet: available only to dedicated load balancers. It is used to allocate IP addresses for load balancers to provide services externally.
                                                                                                                            • Backend Subnet: available only to dedicated load balancers. It is used to allocate IP addresses for load balancers to access the backend service.
                                                                                                                            • Network Specifications, Application-oriented Specifications, or Specifications (available only to dedicated load balancers)
                                                                                                                              • Elastic: applies to fluctuating traffic, billed based on total traffic. Clusters of v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, and later versions support elastic specifications.
                                                                                                                              • Fixed: applies to stable traffic, billed based on specifications.
                                                                                                                              
-
                                                                                                                            • EIP: If you select Auto create, you can configure the size of the public network bandwidth.
                                                                                                                            • Resource Tag: You can add resource tags to classify resources. You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency.
                                                                                                                            
+
                                                                                                                          • EIP: If you select Auto create, you can configure the size of the public network bandwidth.
                                                                                                                          • Resource Tag: You can add resource tags to classify resources. You can create predefined tags on the TMS console. These tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency.
                                                                                                                            • 
                                                                                                                             		
 
                                                                                                                            
 
 
                                                                                                                            
@@ -58,7 +59,7 @@
 
-
                                                                                                                            Table 2 Health check parameters
                                                                                                                            Parameter
                                                                                                                            
 
                                                                                                                            Port
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            By default, the service port (NodePort or container port of the Service) is used for health check. You can also specify another port for health check. After the port is specified, a service port named cce-healthz will be added for the Service.
                                                                                                                            
-
                                                                                                                            • Node Port: If a shared load balancer is used or no ENI instance is associated, the node port is used as the health check port. If this parameter is not specified, a random port is used. The value ranges from 30000 to 32767.
                                                                                                                            • Container Port: When a dedicated load balancer is associated with an ENI instance, the container port is used for health check. The value ranges from 1 to 65535.
                                                                                                                            
+
                                                                                                                            • Node Port: If a shared or dedicated load balancer is used without an associated ENI, the node port will be used as the health check port. If the port is not specified, a random port will be used. The value ranges from 30000 to 32767.
                                                                                                                            • Container Port: When a dedicated load balancer is associated with an ENI instance, the container port is used for health check. The value ranges from 1 to 65535.
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            
 
                                                                                                                            Check Period (s)
                                                                                                                            
@@ -68,7 +69,7 @@
 
                                                                                                                            
 
                                                                                                                            Timeout (s)
                                                                                                                            
 
                                                                                                                            Specifies the maximum timeout duration for each health check. The value ranges from 1 to 50.
                                                                                                                            
+
                                                                                                                            Specifies the maximum timeout for each health check. The value ranges from 1 to 50.
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            
 
                                                                                                                            Max. Retries
                                                                                                                            
@@ -84,7 +85,9 @@
 
 
                                                                                                                          • Listener
                                                                                                                            • SSL Authentication: Select this option if HTTPS/TLS is enabled on the listener port. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                              • One-way authentication: Only the backend server is authenticated. If you also need to authenticate the identity of the client, select mutual authentication.
                                                                                                                              • Mutual authentication: If you want the clients and the load balancer to authenticate each other, select this option. Only authenticated clients will be allowed to access the load balancer.
                                                                                                                              
 
                                                                                                                            • CA Certificate: If SSL Authentication is set to Mutual authentication, add a CA certificate to authenticate the client. A CA certificate is issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.
                                                                                                                            • Server Certificate: If HTTPS/TLS is enabled on the listener port, you must select a server certificate. 
                                                                                                                            • SNI: If HTTPS/TLS is enabled on the listener port, you must determine whether to add an SNI certificate. Before adding an SNI certificate, ensure the certificate contains a domain name. 
                                                                                                                              If an SNI certificate cannot be found based on the domain name requested by the client, the server certificate will be returned by default.
                                                                                                                              
-
                                                                                                                            • Security Policy: If HTTPS/TLS is enabled on the listener port, you can select a security policy. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                            • Backend Protocol: If HTTPS is enabled on the listener port, HTTP or HTTPS can be used to access the backend server. The default value is HTTP. If TLS is enabled on the listener port, TCP or TLS can be used to access the backend server. The default value is TCP. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                            • Access Control
                                                                                                                              • Inherit ELB Configurations: CCE does not modify the existing access control configurations on the ELB console.
                                                                                                                              • Allow all IP addresses: No access control is configured.
                                                                                                                              • Trustlist: Only the selected IP address group can access the load balancer.
                                                                                                                              • Blocklist: The selected IP address group cannot access the load balancer.
                                                                                                                              
+
                                                                                                                            • Security Policy: If HTTPS/TLS is enabled on the listener port, you can select a security policy. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                            • Backend Protocol: If HTTPS is enabled on the listener port, HTTP or HTTPS can be used to access the backend server. The default value is HTTP. If TLS is enabled on the listener port, TCP or TLS can be used to access the backend server. The default value is TCP. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                            • Access Control
                                                                                                                              • Inherit ELB Configurations: CCE does not modify the existing access control configurations on the ELB console.
                                                                                                                              • Allow all IP addresses: No access control is configured.
                                                                                                                              • Trustlist: Only the selected IP address group can access the load balancer.
                                                                                                                              • Blocklist: The selected IP address group cannot access the load balancer.
                                                                                                                              
+
                                                                                                                               
                                                                                                                              For clusters of v1.25.16-r10, v1.27.16-r10, v1.28.15-r0, v1.29.10-r0, v1.30.6-r0, v1.31.1-r0, or later, when using a dedicated load balancer, you can select a maximum of five IP address groups at a time for access control.
                                                                                                                              
+
                                                                                                                              
 
                                                                                                                            • Advanced Options
 
                                                                                                                              
@@ -130,10 +133,9 @@
 
                                                                                                                            • Annotation: The LoadBalancer Service has some advanced CCE functions, which are implemented by annotations. For details, see Configuring LoadBalancer Services Using Annotations.
                                                                                                                            • Click OK.
                                                                                                                              • 
-
                                                                                                                              Using kubectl to Create a Service (Using an Existing Load Balancer)
                                                                                                                              You can configure Service access using kubectl when creating a workload. This section uses an Nginx workload as an example to describe how to add a LoadBalancer Service using kubectl.
                                                                                                                              
-
                                                                                                                              1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                              2. Create and edit the nginx-deployment.yaml and nginx-elb-svc.yaml files.
                                                                                                                                The file names are user-defined. nginx-deployment.yaml and nginx-elb-svc.yaml are merely example file names.
                                                                                                                                
-
                                                                                                                                vi nginx-deployment.yaml
                                                                                                                                
-
                                                                                                                                apiVersion: apps/v1
+
                                                                                                                                Using kubectl to Create a Service (Using an Existing Load Balancer)
                                                                                                                                You can configure LoadBalancer Service access using kubectl when creating a workload. If you already have a load balancer in the same VPC and want to use it as the application access entry when creating a Service in the cluster, follow the following steps to associate the load balancer with the Service:
                                                                                                                                
+
                                                                                                                                1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                2. Create and edit the nginx-deployment.yaml file to configure the sample workload. For details, see Creating a Deployment. nginx-deployment.yaml is an example file name. You can rename it as needed.
                                                                                                                                  vi nginx-deployment.yaml
                                                                                                                                  
+
                                                                                                                                  File content:
                                                                                                                                  apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx
@@ -148,14 +150,13 @@ spec:
         app: nginx
     spec:
       containers:
-      - image: nginx 
+      - image: nginx:latest
         name: nginx
       imagePullSecrets:
       - name: default-secret
                                                                                                                                  
-
                                                                                                                                  
-
                                                                                                                                  vi nginx-elb-svc.yaml
                                                                                                                                  
-
                                                                                                                                   
                                                                                                                                  To enable sticky session, ensure anti-affinity is configured for the workload pods so that the pods are deployed onto different nodes. For details, see Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity).
                                                                                                                                  
-
                                                                                                                                  
+
                                                                                                                                  
+
                                                                                                                                3. Create and edit the nginx-elb-svc.yaml file to configure Service parameters. nginx-elb-svc.yaml is an example file name. You can rename it as needed.
                                                                                                                                  vi nginx-elb-svc.yaml
                                                                                                                                  
+
                                                                                                                                  File content:
                                                                                                                                  
 
                                                                                                                                  apiVersion: v1 
 kind: Service 
 metadata: 
@@ -165,7 +166,7 @@ metadata:
     kubernetes.io/elb.class: union                   # Load balancer type
     kubernetes.io/elb.lb-algorithm: ROUND_ROBIN                   # Load balancer algorithm
     kubernetes.io/elb.session-affinity-mode: SOURCE_IP          # The sticky session type is source IP address.
-    kubernetes.io/elb.session-affinity-option: '{"persistence_timeout": "30"}'     # Stickiness duration (min)
+    kubernetes.io/elb.session-affinity-option: '{"persistence_timeout": "30"}'     # Stickiness duration, which is measured in minutes
     kubernetes.io/elb.health-check-flag: 'on'                   # Enable ELB health check.
     kubernetes.io/elb.health-check-option: '{
       "protocol":"TCP",
@@ -183,28 +184,29 @@ spec:
     targetPort: 80  # Port used by a Service to access the target container. This port is closely related to the applications running in a container.
     nodePort: 31128  # Port number of the node. If this parameter is not specified, a random port number ranging from 30000 to 32767 is generated.
   type: LoadBalancer
                                                                                                                                  
-
                                                                                                                                  
+
                                                                                                                                   
                                                                                                                                  To enable sticky sessions, ensure anti-affinity is configured for the workload pods so that the pods are deployed onto different nodes. For details, see Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity).
                                                                                                                                  
+
                                                                                                                                  
 
                                                                                                                                  The preceding example uses annotations to implement some advanced functions of load balancing, such as sticky session and health check. For details, see Table 3.
                                                                                                                                  
 
                                                                                                                                  For more annotations and examples related to advanced functions, see Configuring LoadBalancer Services Using Annotations.
                                                                                                                                  
 
-
                                                                                                                              Configuration
                                                                                                                              
                                                                                                                               		
 
 
                                                                                                                              Table 3 annotations parameters
                                                                                                                              Parameter
                                                                                                                              
+
                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                              Table 3 annotations parameters
                                                                                                                              Parameter
                                                                                                                              
 
                                                                                                                              Mandatory
                                                                                                                              
+
                                                                                                                              Mandatory
                                                                                                                              
 
                                                                                                                              Type
                                                                                                                              
+
                                                                                                                              Type
                                                                                                                              
 
                                                                                                                              Description
                                                                                                                              
+
                                                                                                                              Description
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              
 
                                                                                                                              kubernetes.io/elb.id
                                                                                                                              
+
                                                                                                                              kubernetes.io/elb.id
                                                                                                                              
 
                                                                                                                              Yes
                                                                                                                              
+
                                                                                                                              Yes
                                                                                                                              
 
                                                                                                                              String
                                                                                                                              
+
                                                                                                                              String
                                                                                                                              
 
                                                                                                                              ID of a load balancer.
                                                                                                                              
-
                                                                                                                              Mandatory when an existing load balancer is to be associated.
                                                                                                                              
+
                                                                                                                              ID of a load balancer.
                                                                                                                              
+
                                                                                                                              Mandatory when an existing load balancer is associated.
                                                                                                                              
 
                                                                                                                              How to obtain:
                                                                                                                              
 
                                                                                                                              On the management console, click Service List, and choose Networking > Elastic Load Balance. Click the name of the target load balancer. On the Summary tab page, find and copy the ID.
                                                                                                                              
 
                                                                                                                               NOTE: 
                                                                                                                              The system preferentially connects to the load balancer based on the kubernetes.io/elb.id field. If this field is not specified, the spec.loadBalancerIP field is used (optional and available only in 1.23 and earlier versions).
                                                                                                                              
@@ -212,94 +214,92 @@ spec:
 
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              kubernetes.io/elb.class
                                                                                                                              
+
                                                                                                                              kubernetes.io/elb.class
                                                                                                                              
 
                                                                                                                              Yes
                                                                                                                              
+
                                                                                                                              Yes
                                                                                                                              
 
                                                                                                                              String
                                                                                                                              
+
                                                                                                                              String
                                                                                                                              
 
                                                                                                                              Select a proper load balancer type.
                                                                                                                              
-
                                                                                                                              The value can be:
                                                                                                                              
+
                                                                                                                              Select a proper load balancer type.
                                                                                                                              
+
                                                                                                                              Options:
                                                                                                                              
 
                                                                                                                              • union: shared load balancer
                                                                                                                              • performance: dedicated load balancer, which can be used only in clusters of v1.17 and later.
                                                                                                                              
-
                                                                                                                               NOTE: 
                                                                                                                              If a LoadBalancer Service accesses an existing dedicated load balancer, the dedicated load balancer must support TCP/UDP networking.
                                                                                                                              
-
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              kubernetes.io/elb.lb-algorithm
                                                                                                                              
+
                                                                                                                              kubernetes.io/elb.lb-algorithm
                                                                                                                              
 
                                                                                                                              No
                                                                                                                              
+
                                                                                                                              No
                                                                                                                              
 
                                                                                                                              String
                                                                                                                              
+
                                                                                                                              String
                                                                                                                              
 
                                                                                                                              Specifies the load balancing algorithm of the backend server group. The default value is ROUND_ROBIN.
                                                                                                                              
+
                                                                                                                              Specifies the load balancing algorithm of the backend server group. The default value is ROUND_ROBIN.
                                                                                                                              
 
                                                                                                                              Options:
                                                                                                                              
 
                                                                                                                              • ROUND_ROBIN: weighted round robin algorithm
                                                                                                                              • LEAST_CONNECTIONS: weighted least connections algorithm
                                                                                                                              • SOURCE_IP: source IP hash algorithm
                                                                                                                              
 
                                                                                                                               NOTE: 
                                                                                                                              If this parameter is set to SOURCE_IP, the weight setting (weight field) of backend servers bound to the backend server group is invalid, and sticky session cannot be enabled.
                                                                                                                              
 
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              kubernetes.io/elb.session-affinity-mode
                                                                                                                              
+
                                                                                                                              kubernetes.io/elb.session-affinity-mode
                                                                                                                              
 
                                                                                                                              No
                                                                                                                              
+
                                                                                                                              No
                                                                                                                              
 
                                                                                                                              String
                                                                                                                              
+
                                                                                                                              String
                                                                                                                              
 
                                                                                                                              Source IP address-based sticky session means that access requests from the same IP address are forwarded to the same backend server.
                                                                                                                              
-
                                                                                                                              • Disabling sticky session: Do not configure this parameter.
                                                                                                                              • Enabling sticky session: Set this parameter to SOURCE_IP, indicating that the sticky session is based on the source IP address.
                                                                                                                              
+
                                                                                                                              Source IP address-based sticky session means that access requests from the same IP address are forwarded to the same backend server.
                                                                                                                              
+
                                                                                                                              • To disable sticky sessions, leave this parameter unconfigured.
                                                                                                                              • To enable sticky sessions, ensure the frontend protocol is TCP or UDP and set the sticky session type to SOURCE_IP.
                                                                                                                              
 
                                                                                                                               NOTE: 
                                                                                                                              When kubernetes.io/elb.lb-algorithm is set to SOURCE_IP (source IP hash), sticky session cannot be enabled.
                                                                                                                              
 
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              kubernetes.io/elb.session-affinity-option
                                                                                                                              
+
                                                                                                                              kubernetes.io/elb.session-affinity-option
                                                                                                                              
 
                                                                                                                              No
                                                                                                                              
+
                                                                                                                              No
                                                                                                                              
 
                                                                                                                              Table 4 object
                                                                                                                              
+
                                                                                                                              Table 4 object
                                                                                                                              
 
                                                                                                                              Sticky session timeout.
                                                                                                                              
+
                                                                                                                              Sticky session timeout.
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              kubernetes.io/elb.health-check-flag
                                                                                                                              
+
                                                                                                                              kubernetes.io/elb.health-check-flag
                                                                                                                              
 
                                                                                                                              No
                                                                                                                              
+
                                                                                                                              No
                                                                                                                              
 
                                                                                                                              String
                                                                                                                              
+
                                                                                                                              String
                                                                                                                              
 
                                                                                                                              Whether to enable the ELB health check.
                                                                                                                              
-
                                                                                                                              • Enabling health check: Leave blank this parameter or set it to on.
                                                                                                                              • Disabling health check: Set this parameter to off.
                                                                                                                              
-
                                                                                                                              If this parameter is enabled, the kubernetes.io/elb.health-check-option field must also be specified at the same time.
                                                                                                                              
+
                                                                                                                              Whether to enable the ELB health check.
                                                                                                                              
+
                                                                                                                              • Enabling health check: Leave this parameter blank or set it to on.
                                                                                                                              • Disabling health check: Set this parameter to off.
                                                                                                                              
+
                                                                                                                              If this parameter is enabled, the kubernetes.io/elb.health-check-option field must also be specified.
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              kubernetes.io/elb.health-check-option
                                                                                                                              
+
                                                                                                                              kubernetes.io/elb.health-check-option
                                                                                                                              
 
                                                                                                                              No
                                                                                                                              
+
                                                                                                                              No
                                                                                                                              
 
                                                                                                                              Table 5 object
                                                                                                                              
+
                                                                                                                              Table 5 object
                                                                                                                              
 
                                                                                                                              ELB health check configuration items.
                                                                                                                              
+
                                                                                                                              ELB health check configuration items.
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              
                                                                                                                               
 
                                                                                                                              
 
                                                                                                                              
 
-
                                                                                                                              Table 4 elb.session-affinity-option data structure
                                                                                                                              Parameter
                                                                                                                              
+
                                                                                                                              
-
-
-
-
-
-
-
@@ -307,63 +307,63 @@ spec:
 
                                                                                                                              Table 4 elb.session-affinity-option data structure
                                                                                                                              Parameter
                                                                                                                              
 
                                                                                                                              Mandatory
                                                                                                                              
+
                                                                                                                              Mandatory
                                                                                                                              
 
                                                                                                                              Type
                                                                                                                              
+
                                                                                                                              Type
                                                                                                                              
 
                                                                                                                              Description
                                                                                                                              
+
                                                                                                                              Description
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              
 
                                                                                                                              persistence_timeout
                                                                                                                              
+
                                                                                                                              persistence_timeout
                                                                                                                              
 
                                                                                                                              Yes
                                                                                                                              
+
                                                                                                                              Yes
                                                                                                                              
 
                                                                                                                              String
                                                                                                                              
+
                                                                                                                              String
                                                                                                                              
 
                                                                                                                              Sticky session timeout, in minutes. This parameter is valid only when elb.session-affinity-mode is set to SOURCE_IP.
                                                                                                                              
+
                                                                                                                              Sticky session timeout, in minutes. This parameter is valid only when elb.session-affinity-mode is set to SOURCE_IP.
                                                                                                                              
 
                                                                                                                              Value range: 1 to 60. Default value: 60
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              
 
                                                                                                                              
 
-
                                                                                                                              Table 5 elb.health-check-option data structure
                                                                                                                              Parameter
                                                                                                                              
+
                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -371,28 +371,30 @@ spec:
 
                                                                                                                              Table 5 elb.health-check-option data structure
                                                                                                                              Parameter
                                                                                                                              
 
                                                                                                                              Mandatory
                                                                                                                              
+
                                                                                                                              Mandatory
                                                                                                                              
 
                                                                                                                              Type
                                                                                                                              
+
                                                                                                                              Type
                                                                                                                              
 
                                                                                                                              Description
                                                                                                                              
+
                                                                                                                              Description
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              
 
                                                                                                                              delay
                                                                                                                              
+
                                                                                                                              delay
                                                                                                                              
 
                                                                                                                              No
                                                                                                                              
+
                                                                                                                              No
                                                                                                                              
 
                                                                                                                              String
                                                                                                                              
+
                                                                                                                              String
                                                                                                                              
 
                                                                                                                              Health check interval (s)
                                                                                                                              
+
                                                                                                                              Health check interval (s)
                                                                                                                              
 
                                                                                                                              Value range: 1 to 50. Default value: 5
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              timeout
                                                                                                                              
+
                                                                                                                              timeout
                                                                                                                              
 
                                                                                                                              No
                                                                                                                              
+
                                                                                                                              No
                                                                                                                              
 
                                                                                                                              String
                                                                                                                              
+
                                                                                                                              String
                                                                                                                              
 
                                                                                                                              Health check timeout, in seconds.
                                                                                                                              
+
                                                                                                                              Health check timeout, in seconds.
                                                                                                                              
 
                                                                                                                              Value range: 1 to 50. Default value: 10
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              max_retries
                                                                                                                              
+
                                                                                                                              max_retries
                                                                                                                              
 
                                                                                                                              No
                                                                                                                              
+
                                                                                                                              No
                                                                                                                              
 
                                                                                                                              String
                                                                                                                              
+
                                                                                                                              String
                                                                                                                              
 
                                                                                                                              Maximum number of health check retries.
                                                                                                                              
+
                                                                                                                              Maximum number of health check retries.
                                                                                                                              
 
                                                                                                                              Value range: 1 to 10. Default value: 3
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              protocol
                                                                                                                              
+
                                                                                                                              protocol
                                                                                                                              
 
                                                                                                                              No
                                                                                                                              
+
                                                                                                                              No
                                                                                                                              
 
                                                                                                                              String
                                                                                                                              
+
                                                                                                                              String
                                                                                                                              
 
                                                                                                                              Health check protocol.
                                                                                                                              
-
                                                                                                                              Value options: TCP or HTTP
                                                                                                                              
+
                                                                                                                              Health check protocol.
                                                                                                                              
+
                                                                                                                              Options: TCP, UDP, or HTTP
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              path
                                                                                                                              
+
                                                                                                                              path
                                                                                                                              
 
                                                                                                                              No
                                                                                                                              
+
                                                                                                                              No
                                                                                                                              
 
                                                                                                                              String
                                                                                                                              
+
                                                                                                                              String
                                                                                                                              
 
                                                                                                                              Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                                                              
+
                                                                                                                              Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                                                              
 
                                                                                                                              Default value: /
                                                                                                                              
 
                                                                                                                              Value range: 1-80 characters
                                                                                                                              
 
                                                                                                                              
 
                                                                                                                              
 
                                                                                                                              
-
                                                                                                                            • Create a workload.
                                                                                                                              kubectl create -f nginx-deployment.yaml
                                                                                                                              
-
                                                                                                                              If information similar to the following is displayed, the workload has been created.
                                                                                                                              
-
                                                                                                                              deployment/nginx created
                                                                                                                              
-
                                                                                                                              kubectl get pod
                                                                                                                              
-
                                                                                                                              If information similar to the following is displayed, the workload is running.
                                                                                                                              
-
                                                                                                                              NAME                     READY     STATUS             RESTARTS   AGE
-nginx-2601814895-c1xhw   1/1       Running            0          6s
                                                                                                                              
-
                                                                                                                            • Create a Service.
                                                                                                                              kubectl create -f nginx-elb-svc.yaml
                                                                                                                              
+
                                                                                                                            • Create a workload.
                                                                                                                              kubectl create -f nginx-deployment.yaml
                                                                                                                              
+
                                                                                                                              If information similar to the following is displayed, the workload has been created:
                                                                                                                              
+
                                                                                                                              deployment/nginx created
                                                                                                                              
+
                                                                                                                              Check the created workload.
                                                                                                                              
+
                                                                                                                              kubectl get pod
                                                                                                                              
+
                                                                                                                              If information similar to the following is displayed, the workload is running:
                                                                                                                              
+
                                                                                                                              NAME                     READY     STATUS             RESTARTS   AGE
+nginx-2601814895-znhbr   1/1       Running            0          15s
                                                                                                                              
+
                                                                                                                            • Create a Service.
                                                                                                                              kubectl create -f nginx-elb-svc.yaml
                                                                                                                              
 
                                                                                                                              If information similar to the following is displayed, the Service has been created.
                                                                                                                              
 
                                                                                                                              service/nginx created
                                                                                                                              
-
                                                                                                                              kubectl get svc
                                                                                                                              
-
                                                                                                                              If information similar to the following is displayed, the workload's access mode has been configured.
                                                                                                                              
+
                                                                                                                              View the created Service.
                                                                                                                              
+
                                                                                                                              kubectl get svc
                                                                                                                              
+
                                                                                                                              If information similar to the following is displayed, the workload's access mode has been configured:
                                                                                                                              
 
                                                                                                                              NAME         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
 kubernetes   ClusterIP      10.247.0.1       <none>        443/TCP        3d
 nginx        LoadBalancer   10.247.130.196   10.78.42.242   80:31540/TCP   51s
                                                                                                                              
 
                                                                                                                            • Enter the URL in the address box of the browser, for example, 10.78.42.242:80. 10.78.42.242 indicates the IP address of the load balancer, and 80 indicates the access port displayed on the CCE console.
                                                                                                                              The Nginx is accessible.
                                                                                                                              
-
                                                                                                                              Figure 3 Accessing Nginx through the LoadBalancer Service
                                                                                                                              
+
                                                                                                                              Figure 3 Accessing Nginx through the LoadBalancer Service
                                                                                                                              
 
                                                                                                                              • 
 
-
                                                                                                                              Using kubectl to Create a Service (Automatically Creating a Load Balancer)
                                                                                                                              You can configure Service access using kubectl when creating a workload. This section uses an Nginx workload as an example to describe how to add a LoadBalancer Service using kubectl.
                                                                                                                              
-
                                                                                                                              1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                              2. Create and edit the nginx-deployment.yaml and nginx-elb-svc.yaml files.
                                                                                                                                The file names are user-defined. nginx-deployment.yaml and nginx-elb-svc.yaml are merely example file names.
                                                                                                                                
-
                                                                                                                                vi nginx-deployment.yaml
                                                                                                                                apiVersion: apps/v1
+
                                                                                                                                Using kubectl to Create a Service (Automatically Creating a Load Balancer)
                                                                                                                                You can configure LoadBalancer Service access using kubectl when creating a workload. If no load balancer is available when you create a Service, perform the following operations to automatically create a load balancer and associate it with the Service:
                                                                                                                                
+
                                                                                                                                1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                2. Create and edit the nginx-deployment.yaml file to configure the sample workload. For details, see Creating a Deployment. nginx-deployment.yaml is an example file name. You can rename it as needed.
                                                                                                                                  vi nginx-deployment.yaml
                                                                                                                                  
+
                                                                                                                                  File content:
                                                                                                                                  apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx
@@ -407,14 +409,13 @@ spec:
         app: nginx
     spec:
       containers:
-      - image: nginx 
+      - image: nginx:latest
         name: nginx
       imagePullSecrets:
       - name: default-secret
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  
-
                                                                                                                                  vi nginx-elb-svc.yaml
                                                                                                                                  
-
                                                                                                                                   
                                                                                                                                  To enable sticky session, ensure anti-affinity is configured for the workload pods so that the pods are deployed onto different nodes. For details, see Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity).
                                                                                                                                  
+
                                                                                                                                3. Create and edit the nginx-elb-svc.yaml file to configure Service parameters. nginx-elb-svc.yaml is an example file name. You can rename it as needed.
                                                                                                                                  vi nginx-elb-svc.yaml
                                                                                                                                  
+
                                                                                                                                   
                                                                                                                                  To enable sticky sessions, ensure anti-affinity is configured for the workload pods so that the pods are deployed onto different nodes. For details, see Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity).
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                  Example of a Service using a public network shared load balancer:
                                                                                                                                  apiVersion: v1 
 kind: Service 
@@ -431,10 +432,9 @@ metadata:
       "vip_address": "**.**.**.**",
       "eip_type": "5_bgp"
     }'
-
     kubernetes.io/elb.lb-algorithm: ROUND_ROBIN                   # Load balancer algorithm
     kubernetes.io/elb.session-affinity-mode: SOURCE_IP          # The sticky session type is source IP address.
-    kubernetes.io/elb.session-affinity-option: '{"persistence_timeout": "30"}'     # Stickiness duration (min)
+    kubernetes.io/elb.session-affinity-option: '{"persistence_timeout": "30"}'     # Stickiness duration, which is measured in minutes
     kubernetes.io/elb.health-check-flag: 'on'                   # Enable ELB health check.
     kubernetes.io/elb.health-check-option: '{
       "protocol":"TCP",
@@ -481,10 +481,9 @@ metadata:
       ],
       "l4_flavor_name": "L4_flavor.elb.s1.small"
     }'
-
     kubernetes.io/elb.lb-algorithm: ROUND_ROBIN                   # Load balancer algorithm
     kubernetes.io/elb.session-affinity-mode: SOURCE_IP          # The sticky session type is source IP address.
-    kubernetes.io/elb.session-affinity-option: '{"persistence_timeout": "30"}'     # Stickiness duration (min)
+    kubernetes.io/elb.session-affinity-option: '{"persistence_timeout": "30"}'     # Stickiness duration, which is measured in minutes
     kubernetes.io/elb.health-check-flag: 'on'                   # Enable ELB health check.
     kubernetes.io/elb.health-check-option: '{
       "protocol":"TCP",
@@ -508,292 +507,303 @@ spec:
 
                                                                                                                                  The preceding example uses annotations to implement some advanced functions of load balancing, such as sticky session and health check. For details, see Table 6.
                                                                                                                                  
 
                                                                                                                                  For more annotations and examples related to advanced functions, see Configuring LoadBalancer Services Using Annotations.
                                                                                                                                  
 
-
                                                                                                                                  Table 6 annotations parameters
                                                                                                                                  Parameter
                                                                                                                                  
+
                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                  Table 6 annotations parameters
                                                                                                                                  Parameter
                                                                                                                                  
 
                                                                                                                                  Mandatory
                                                                                                                                  
+
                                                                                                                                  Mandatory
                                                                                                                                  
 
                                                                                                                                  Type
                                                                                                                                  
+
                                                                                                                                  Type
                                                                                                                                  
 
                                                                                                                                  Description
                                                                                                                                  
+
                                                                                                                                  Description
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  
 
                                                                                                                                  kubernetes.io/elb.class
                                                                                                                                  
+
                                                                                                                                  kubernetes.io/elb.class
                                                                                                                                  
 
                                                                                                                                  Yes
                                                                                                                                  
+
                                                                                                                                  Yes
                                                                                                                                  
 
                                                                                                                                  String
                                                                                                                                  
+
                                                                                                                                  String
                                                                                                                                  
 
                                                                                                                                  Select a proper load balancer type.
                                                                                                                                  
-
                                                                                                                                  The value can be:
                                                                                                                                  
+
                                                                                                                                  Select a proper load balancer type.
                                                                                                                                  
+
                                                                                                                                  Options:
                                                                                                                                  
 
                                                                                                                                  • union: shared load balancer
                                                                                                                                  • performance: dedicated load balancer, which can be used only in clusters of v1.17 and later.
                                                                                                                                  
+
                                                                                                                                  The default value is union.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  kubernetes.io/elb.autocreate
                                                                                                                                  
+
                                                                                                                                  kubernetes.io/elb.autocreate
                                                                                                                                  
 
                                                                                                                                  Yes
                                                                                                                                  
+
                                                                                                                                  Yes
                                                                                                                                  
 
                                                                                                                                  elb.autocreate object
                                                                                                                                  
+
                                                                                                                                  elb.autocreate object
                                                                                                                                  
 
                                                                                                                                  Whether to automatically create a load balancer associated with the Service.
                                                                                                                                  
+
                                                                                                                                  Whether to automatically create a load balancer associated with the Service.
                                                                                                                                  
 
                                                                                                                                  Example
                                                                                                                                  
-
                                                                                                                                  • Automatically created shared load balancer with an EIP bound:
                                                                                                                                    '{"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"traffic,"bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
                                                                                                                                    
+
                                                                                                                                    • Automatically created dedicated load balancer with an EIP bound:
                                                                                                                                      '{"type":"public","bandwidth_name":"cce-bandwidth-1741230802502","bandwidth_chargemode":"traffic","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","available_zone":["*****"],"elb_virsubnet_ids":["*****"],"l7_flavor_name":"","l4_flavor_name":"L4_flavor.elb.pro.max","vip_subnet_cidr_id":"*****"}'
                                                                                                                                      
+
                                                                                                                                    • Automatically created dedicated load balancer with no EIP bound:
                                                                                                                                      '{"type":"inner","available_zone":["*****"],"elb_virsubnet_ids":["*****"],"l7_flavor_name":"","l4_flavor_name":"L4_flavor.elb.pro.max","vip_subnet_cidr_id":"*****"}'
                                                                                                                                      
+
                                                                                                                                    • Automatically created shared load balancer with an EIP bound:
                                                                                                                                      '{"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"traffic,"bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
                                                                                                                                      
 
                                                                                                                                    • Automatically created shared load balancer with no EIP bound:
                                                                                                                                      {"type":"inner","name":"A-location-d-test"}
                                                                                                                                      
 
                                                                                                                                    
 
                                                                                                                                  		
 
                                                                                                                                  kubernetes.io/elb.subnet-id
                                                                                                                                  
+
                                                                                                                                  kubernetes.io/elb.subnet-id
                                                                                                                                  
 
                                                                                                                                  None
                                                                                                                                  
+
                                                                                                                                  None
                                                                                                                                  
 
                                                                                                                                  String
                                                                                                                                  
+
                                                                                                                                  String
                                                                                                                                  
 
                                                                                                                                  ID of the subnet where the cluster is located. The value can contain 1 to 100 characters.
                                                                                                                                  
-
                                                                                                                                  • Mandatory when a cluster of v1.11.7-r0 or earlier is to be automatically created.
                                                                                                                                  • Optional for clusters later than v1.11.7-r0.
                                                                                                                                  
+
                                                                                                                                  ID of the subnet where the cluster is located. The value can contain 1 to 100 characters.
                                                                                                                                  
+
                                                                                                                                  • Mandatory when a cluster of v1.11.7-r0 or earlier is to be automatically created.
                                                                                                                                  • Optional for clusters of a version later than v1.11.7-r0.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  kubernetes.io/elb.lb-algorithm
                                                                                                                                  
+
                                                                                                                                  kubernetes.io/elb.lb-algorithm
                                                                                                                                  
 
                                                                                                                                  No
                                                                                                                                  
+
                                                                                                                                  No
                                                                                                                                  
 
                                                                                                                                  String
                                                                                                                                  
+
                                                                                                                                  String
                                                                                                                                  
 
                                                                                                                                  Specifies the load balancing algorithm of the backend server group. The default value is ROUND_ROBIN.
                                                                                                                                  
+
                                                                                                                                  Specifies the load balancing algorithm of the backend server group. The default value is ROUND_ROBIN.
                                                                                                                                  
 
                                                                                                                                  Options:
                                                                                                                                  
-
                                                                                                                                  • ROUND_ROBIN: weighted round robin algorithm
                                                                                                                                  • LEAST_CONNECTIONS: weighted least connections algorithm
                                                                                                                                  • SOURCE_IP: source IP hash algorithm
                                                                                                                                  
+
                                                                                                                                  • ROUND_ROBIN: weighted round robin algorithm
                                                                                                                                  • LEAST_CONNECTIONS: weighted least connections algorithm
                                                                                                                                  • SOURCE_IP: source IP hash algorithm
                                                                                                                                  
 
                                                                                                                                   NOTE: 
                                                                                                                                  If this parameter is set to SOURCE_IP, the weight setting (weight field) of backend servers bound to the backend server group is invalid, and sticky session cannot be enabled.
                                                                                                                                  
 
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  kubernetes.io/elb.session-affinity-mode
                                                                                                                                  
+
                                                                                                                                  kubernetes.io/elb.session-affinity-mode
                                                                                                                                  
 
                                                                                                                                  No
                                                                                                                                  
+
                                                                                                                                  No
                                                                                                                                  
 
                                                                                                                                  String
                                                                                                                                  
+
                                                                                                                                  String
                                                                                                                                  
 
                                                                                                                                  Source IP address-based sticky session means that access requests from the same IP address are forwarded to the same backend server.
                                                                                                                                  
-
                                                                                                                                  • Disabling sticky session: Do not configure this parameter.
                                                                                                                                  • Enabling sticky session: Set this parameter to SOURCE_IP, indicating that the sticky session is based on the source IP address.
                                                                                                                                  
+
                                                                                                                                  Source IP address-based sticky session means that access requests from the same IP address are forwarded to the same backend server.
                                                                                                                                  
+
                                                                                                                                  • To disable sticky sessions, leave this parameter unconfigured.
                                                                                                                                  • To enable sticky session, add this parameter and set it to SOURCE_IP, indicating that the sticky session is based on the source IP address.
                                                                                                                                  
 
                                                                                                                                   NOTE: 
                                                                                                                                  When kubernetes.io/elb.lb-algorithm is set to SOURCE_IP (source IP hash), sticky session cannot be enabled.
                                                                                                                                  
 
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  kubernetes.io/elb.session-affinity-option
                                                                                                                                  
+
                                                                                                                                  kubernetes.io/elb.session-affinity-option
                                                                                                                                  
 
                                                                                                                                  No
                                                                                                                                  
+
                                                                                                                                  No
                                                                                                                                  
 
                                                                                                                                  Table 4 object
                                                                                                                                  
+
                                                                                                                                  Table 4 object
                                                                                                                                  
 
                                                                                                                                  Sticky session timeout.
                                                                                                                                  
+
                                                                                                                                  Sticky session timeout.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  kubernetes.io/elb.health-check-flag
                                                                                                                                  
+
                                                                                                                                  kubernetes.io/elb.health-check-flag
                                                                                                                                  
 
                                                                                                                                  No
                                                                                                                                  
+
                                                                                                                                  No
                                                                                                                                  
 
                                                                                                                                  String
                                                                                                                                  
+
                                                                                                                                  String
                                                                                                                                  
 
                                                                                                                                  Whether to enable the ELB health check.
                                                                                                                                  
-
                                                                                                                                  • Enabling health check: Leave blank this parameter or set it to on.
                                                                                                                                  • Disabling health check: Set this parameter to off.
                                                                                                                                  
-
                                                                                                                                  If this parameter is enabled, the kubernetes.io/elb.health-check-option field must also be specified at the same time.
                                                                                                                                  
+
                                                                                                                                  Whether to enable the ELB health check.
                                                                                                                                  
+
                                                                                                                                  • Enabling health check: Leave this parameter blank or set it to on.
                                                                                                                                  • Disabling health check: Set this parameter to off.
                                                                                                                                  
+
                                                                                                                                  If this parameter is enabled, the kubernetes.io/elb.health-check-option field must also be specified.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  kubernetes.io/elb.health-check-option
                                                                                                                                  
+
                                                                                                                                  kubernetes.io/elb.health-check-option
                                                                                                                                  
 
                                                                                                                                  No
                                                                                                                                  
+
                                                                                                                                  No
                                                                                                                                  
 
                                                                                                                                  Table 5 object
                                                                                                                                  
+
                                                                                                                                  Table 5 object
                                                                                                                                  
 
                                                                                                                                  ELB health check configuration items.
                                                                                                                                  
+
                                                                                                                                  ELB health check configuration items.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  
                                                                                                                                   
 
                                                                                                                                  
 
                                                                                                                                  
 
-
                                                                                                                                  Table 7 elb.autocreate data structure
                                                                                                                                  Parameter
                                                                                                                                  
+
                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                  Table 7 elb.autocreate data structure
                                                                                                                                  Parameter
                                                                                                                                  
 
                                                                                                                                  Mandatory
                                                                                                                                  
+
                                                                                                                                  Mandatory
                                                                                                                                  
 
                                                                                                                                  Type
                                                                                                                                  
+
                                                                                                                                  Type
                                                                                                                                  
 
                                                                                                                                  Description
                                                                                                                                  
+
                                                                                                                                  Description
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  
 
                                                                                                                                  name
                                                                                                                                  
+
                                                                                                                                  name
                                                                                                                                  
 
                                                                                                                                  No
                                                                                                                                  
+
                                                                                                                                  No
                                                                                                                                  
 
                                                                                                                                  String
                                                                                                                                  
+
                                                                                                                                  String
                                                                                                                                  
 
                                                                                                                                  Name of the automatically created load balancer.
                                                                                                                                  
+
                                                                                                                                  Name of the automatically created load balancer.
                                                                                                                                  
 
                                                                                                                                  The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                                  
 
                                                                                                                                  Default: cce-lb+service.UID
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  type
                                                                                                                                  
+
                                                                                                                                  type
                                                                                                                                  
 
                                                                                                                                  No
                                                                                                                                  
+
                                                                                                                                  No
                                                                                                                                  
 
                                                                                                                                  String
                                                                                                                                  
+
                                                                                                                                  String
                                                                                                                                  
 
                                                                                                                                  Network type of the load balancer.
                                                                                                                                  
+
                                                                                                                                  Network type of the load balancer.
                                                                                                                                  
 
                                                                                                                                  • public: public network load balancer
                                                                                                                                  • inner: private network load balancer
                                                                                                                                  
 
                                                                                                                                  Default: inner
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  bandwidth_name
                                                                                                                                  
+
                                                                                                                                  bandwidth_name
                                                                                                                                  
 
                                                                                                                                  Yes for public network load balancers
                                                                                                                                  
+
                                                                                                                                  Yes for public network load balancers
                                                                                                                                  
 
                                                                                                                                  String
                                                                                                                                  
+
                                                                                                                                  String
                                                                                                                                  
 
                                                                                                                                  Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                                  
+
                                                                                                                                  Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                                  
 
                                                                                                                                  The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  bandwidth_chargemode
                                                                                                                                  
+
                                                                                                                                  bandwidth_chargemode
                                                                                                                                  
 
                                                                                                                                  No
                                                                                                                                  
+
                                                                                                                                  No
                                                                                                                                  
 
                                                                                                                                  String
                                                                                                                                  
+
                                                                                                                                  String
                                                                                                                                  
 
                                                                                                                                  Bandwidth mode.
                                                                                                                                  
+
                                                                                                                                  Bandwidth mode.
                                                                                                                                  
 
                                                                                                                                  • traffic: billed by traffic
                                                                                                                                  
-
                                                                                                                                  Default: traffic
                                                                                                                                  
+
                                                                                                                                  Default: traffic
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  bandwidth_size
                                                                                                                                  
+
                                                                                                                                  bandwidth_size
                                                                                                                                  
 
                                                                                                                                  Yes for public network load balancers
                                                                                                                                  
+
                                                                                                                                  Yes for public network load balancers
                                                                                                                                  
 
                                                                                                                                  Integer
                                                                                                                                  
+
                                                                                                                                  Integer
                                                                                                                                  
 
                                                                                                                                  Bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                                                  
+
                                                                                                                                  Bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                                                  
 
                                                                                                                                  The minimum increment for bandwidth adjustment varies depending on the bandwidth range.
                                                                                                                                  • The minimum increment is 1 Mbit/s if the allowed bandwidth does not exceed 300 Mbit/s.
                                                                                                                                  • The minimum increment is 50 Mbit/s if the allowed bandwidth ranges from 300 Mbit/s to 1000 Mbit/s.
                                                                                                                                  • The minimum increment is 500 Mbit/s if the allowed bandwidth exceeds 1000 Mbit/s.
                                                                                                                                  
 
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  bandwidth_sharetype
                                                                                                                                  
+
                                                                                                                                  bandwidth_sharetype
                                                                                                                                  
 
                                                                                                                                  Yes for public network load balancers
                                                                                                                                  
+
                                                                                                                                  Yes for public network load balancers
                                                                                                                                  
 
                                                                                                                                  String
                                                                                                                                  
+
                                                                                                                                  String
                                                                                                                                  
 
                                                                                                                                  Bandwidth sharing mode.
                                                                                                                                  
+
                                                                                                                                  Bandwidth sharing mode.
                                                                                                                                  
 
                                                                                                                                  • PER: dedicated bandwidth
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  eip_type
                                                                                                                                  
+
                                                                                                                                  eip_type
                                                                                                                                  
 
                                                                                                                                  Yes for public network load balancers
                                                                                                                                  
+
                                                                                                                                  Yes for public network load balancers
                                                                                                                                  
 
                                                                                                                                  String
                                                                                                                                  
+
                                                                                                                                  String
                                                                                                                                  
 
                                                                                                                                  EIP type.
                                                                                                                                  
+
                                                                                                                                  EIP type.
                                                                                                                                  
 
                                                                                                                                  • 5_bgp: dynamic BGP
                                                                                                                                  
 
                                                                                                                                  The specific type varies with regions. For details, see the EIP console.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  vip_subnet_cidr_id
                                                                                                                                  
+
                                                                                                                                  vip_subnet_cidr_id
                                                                                                                                  
 
                                                                                                                                  No
                                                                                                                                  
+
                                                                                                                                  No
                                                                                                                                  
 
                                                                                                                                  String
                                                                                                                                  
+
                                                                                                                                  String
                                                                                                                                  
 
                                                                                                                                  Subnet where a load balancer is located. The subnet must belong to the VPC where the cluster resides.
                                                                                                                                  
-
                                                                                                                                  If this parameter is not specified, the ELB load balancer and the cluster are in the same subnet.
                                                                                                                                  
+
                                                                                                                                  The ID of the IPv4 subnet where the load balancer resides. This subnet is used to allocate IP addresses for the load balancer to provide external services. The IPv4 subnet must belong to the cluster's VPC.
                                                                                                                                  
+
                                                                                                                                  If this parameter is not specified, the load balancer and the cluster will be in the same subnet by default.
                                                                                                                                  
 
                                                                                                                                  This field can be specified only for clusters of v1.21 or later.
                                                                                                                                  
+
                                                                                                                                  How to Obtain
                                                                                                                                  
+
                                                                                                                                  Log in to the VPC console. In the navigation pane, choose Subnets. Filter the target subnet by the cluster's VPC name, click the subnet name, and copy the IPv4 Subnet ID on the Summary tab page.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  vip_address
                                                                                                                                  
+
                                                                                                                                  ipv6_vip_virsubnet_id
                                                                                                                                  
 
                                                                                                                                  No
                                                                                                                                  
+
                                                                                                                                  No
                                                                                                                                  
 
                                                                                                                                  String
                                                                                                                                  
+
                                                                                                                                  String
                                                                                                                                  
 
                                                                                                                                  Private IP address of the load balancer. Only IPv4 addresses are supported.
                                                                                                                                  
+
                                                                                                                                  The ID of the IPv6 subnet where the load balancer is deployed. IPv6 must be enabled for the subnet.
                                                                                                                                  
+
                                                                                                                                  This parameter is available only for dedicated load balancers.
                                                                                                                                  
+
                                                                                                                                  How to Obtain
                                                                                                                                  
+
                                                                                                                                  Log in to the VPC console. In the navigation pane, choose Subnets. Filter the target subnet by the cluster's VPC name, click the subnet name, and copy the Network ID on the Summary tab page.
                                                                                                                                  
+
                                                                                                                                  elb_virsubnet_ids
                                                                                                                                  
+
                                                                                                                                  No
                                                                                                                                  
+
                                                                                                                                  Array of strings
                                                                                                                                  
+
                                                                                                                                  The network ID of the subnet where the load balancer is located. This subnet is used to allocate IP addresses for accessing the backend server. If this parameter is not specified, the subnet specified by vip_subnet_cidr_id will be used by default. Load balancers occupy varying numbers of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters or nodes) as the load balancer's CIDR block.
                                                                                                                                  
+
                                                                                                                                  This parameter is available only for dedicated load balancers.
                                                                                                                                  
+
                                                                                                                                  Example:
                                                                                                                                  
+
                                                                                                                                  "elb_virsubnet_ids": [
+   "14567f27-8ae4-42b8-ae47-9f847a4690dd"
+ ]
                                                                                                                                  
+
                                                                                                                                  How to Obtain
                                                                                                                                  
+
                                                                                                                                  Log in to the VPC console. In the navigation pane, choose Subnets. Filter the target subnet by the cluster's VPC name, click the subnet name, and copy the Network ID on the Summary tab page.
                                                                                                                                  
+
                                                                                                                                  vip_address
                                                                                                                                  
+
                                                                                                                                  No
                                                                                                                                  
+
                                                                                                                                  String
                                                                                                                                  
+
                                                                                                                                  Private IP address of the load balancer. Only IPv4 addresses are supported.
                                                                                                                                  
 
                                                                                                                                  The IP address must be in the ELB CIDR block. If this parameter is not specified, an IP address will be automatically assigned from the ELB CIDR block.
                                                                                                                                  
 
                                                                                                                                  This parameter is available only in clusters of v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later versions.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  available_zone
                                                                                                                                  
+
                                                                                                                                  available_zone
                                                                                                                                  
 
                                                                                                                                  Yes
                                                                                                                                  
+
                                                                                                                                  Yes
                                                                                                                                  
 
                                                                                                                                  Array of strings
                                                                                                                                  
+
                                                                                                                                  Array of strings
                                                                                                                                  
 
                                                                                                                                  AZ where the load balancer is located.
                                                                                                                                  
+
                                                                                                                                  AZ where the load balancer is located.
                                                                                                                                  
 
                                                                                                                                  You can obtain all supported AZs by getting the AZ list.
                                                                                                                                  
 
                                                                                                                                  This parameter is available only for dedicated load balancers.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  l4_flavor_name
                                                                                                                                  
+
                                                                                                                                  l4_flavor_name
                                                                                                                                  
 
                                                                                                                                  Yes
                                                                                                                                  
+
                                                                                                                                  No
                                                                                                                                  
 
                                                                                                                                  String
                                                                                                                                  
+
                                                                                                                                  String
                                                                                                                                  
 
                                                                                                                                  Flavor name of the layer-4 load balancer.
                                                                                                                                  
+
                                                                                                                                  Flavor name of the layer-4 load balancer. This parameter is mandatory when TCP or UDP is used.
                                                                                                                                  
 
                                                                                                                                  You can obtain all supported types by getting the flavor list.
                                                                                                                                  
 
                                                                                                                                  This parameter is available only for dedicated load balancers.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  l7_flavor_name
                                                                                                                                  
+
                                                                                                                                  l7_flavor_name
                                                                                                                                  
 
                                                                                                                                  No
                                                                                                                                  
+
                                                                                                                                  No
                                                                                                                                  
 
                                                                                                                                  String
                                                                                                                                  
+
                                                                                                                                  String
                                                                                                                                  
 
                                                                                                                                  Flavor name of the layer-7 load balancer.
                                                                                                                                  
+
                                                                                                                                  Flavor name of the layer-7 load balancer. This parameter is mandatory when HTTP is used.
                                                                                                                                  
 
                                                                                                                                  You can obtain all supported types by getting the flavor list.
                                                                                                                                  
-
                                                                                                                                  This parameter is available only for dedicated load balancers. The value of this parameter must be the same as that of l4_flavor_name, that is, both are elastic specifications or fixed specifications.
                                                                                                                                  
-
                                                                                                                                  elb_virsubnet_ids
                                                                                                                                  
-
                                                                                                                                  No
                                                                                                                                  
-
                                                                                                                                  Array of strings
                                                                                                                                  
-
                                                                                                                                  Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                                                                                  
-
                                                                                                                                  This parameter is available only for dedicated load balancers.
                                                                                                                                  
-
                                                                                                                                  Example:
                                                                                                                                  
-
                                                                                                                                  "elb_virsubnet_ids": [
-   "14567f27-8ae4-42b8-ae47-9f847a4690dd"
- ]
                                                                                                                                  
-
                                                                                                                                  ipv6_vip_virsubnet_id
                                                                                                                                  
-
                                                                                                                                  No
                                                                                                                                  
-
                                                                                                                                  String
                                                                                                                                  
-
                                                                                                                                  ID of the IPv6 subnet where the load balancer resides. IPv6 must be enabled for the corresponding subnet. This parameter is mandatory only when the dual-stack clusters are used.
                                                                                                                                  
-
                                                                                                                                  This parameter is available only for dedicated load balancers.
                                                                                                                                  
+
                                                                                                                                  This parameter is available only for dedicated load balancers. Its value must match that of l4_flavor_name, meaning both must be either elastic specifications or fixed specifications.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  
                                                                                                                                   
 
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                4. Create a workload.
                                                                                                                                  kubectl create -f nginx-deployment.yaml
                                                                                                                                  
-
                                                                                                                                  If information similar to the following is displayed, the workload is being created.
                                                                                                                                  
-
                                                                                                                                  deployment/nginx created
                                                                                                                                  
-
                                                                                                                                  kubectl get pod
                                                                                                                                  
-
                                                                                                                                  If information similar to the following is displayed, the workload is running.
                                                                                                                                  
-
                                                                                                                                  NAME                     READY     STATUS             RESTARTS   AGE
-nginx-2601814895-c1xhw   1/1       Running            0          6s
                                                                                                                                  
-
                                                                                                                                5. Create a Service.
                                                                                                                                  kubectl create -f nginx-elb-svc.yaml
                                                                                                                                  
-
                                                                                                                                  If information similar to the following is displayed, the Service has been created.
                                                                                                                                  
-
                                                                                                                                  service/nginx created
                                                                                                                                  
-
                                                                                                                                  kubectl get svc
                                                                                                                                  
-
                                                                                                                                  If information similar to the following is displayed, the workload's access mode has been configured.
                                                                                                                                  
-
                                                                                                                                  NAME         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
+
                                                                                                                                6. Create a workload.
                                                                                                                                  kubectl create -f nginx-deployment.yaml
                                                                                                                                  
+
                                                                                                                                  If information similar to the following is displayed, the workload has been created:
                                                                                                                                  
+
                                                                                                                                  deployment/nginx created
                                                                                                                                  
+
                                                                                                                                  Check the created workload.
                                                                                                                                  
+
                                                                                                                                  kubectl get pod
                                                                                                                                  
+
                                                                                                                                  If information similar to the following is displayed, the workload is running:
                                                                                                                                  
+
                                                                                                                                  NAME                     READY     STATUS             RESTARTS   AGE
+nginx-2601814895-znhbr   1/1       Running            0          15s
                                                                                                                                  
+
                                                                                                                                7. Create a Service.
                                                                                                                                  kubectl create -f nginx-elb-svc.yaml
                                                                                                                                  
+
                                                                                                                                  If information similar to the following is displayed, the Service has been created.
                                                                                                                                  
+
                                                                                                                                  service/nginx created
                                                                                                                                  
+
                                                                                                                                  View the created Service.
                                                                                                                                  
+
                                                                                                                                  kubectl get svc
                                                                                                                                  
+
                                                                                                                                  If information similar to the following is displayed, the workload's access mode has been configured:
                                                                                                                                  
+
                                                                                                                                  NAME         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
 kubernetes   ClusterIP      10.247.0.1       <none>        443/TCP        3d
-nginx        LoadBalancer   10.247.130.196   10.78.42.242   80:31540/TCP   51s
                                                                                                                                  
-
                                                                                                                                8. Enter the URL in the address box of the browser, for example, 10.78.42.242:80. 10.78.42.242 indicates the IP address of the load balancer, and 80 indicates the access port displayed on the CCE console.
                                                                                                                                  The Nginx is accessible.
                                                                                                                                  
-
                                                                                                                                  Figure 4 Accessing Nginx through the LoadBalancer Service
                                                                                                                                  
+nginx        LoadBalancer   10.247.130.196   10.78.42.242   80:31540/TCP   51s
+
                                                                                                                                9. Enter the URL in the address box of the browser, for example, 10.78.42.242:80. 10.78.42.242 indicates the IP address of the load balancer, and 80 indicates the access port displayed on the CCE console.
                                                                                                                                  The Nginx is accessible.
                                                                                                                                  
+
                                                                                                                                  Figure 4 Accessing Nginx through the LoadBalancer Service
                                                                                                                                  
 
                                                                                                                                  10. 
 
 
diff --git a/docs/cce/umn/cce_10_0683.html b/docs/cce/umn/cce_10_0683.html
index 4b4bc6e55..556dd55b7 100644
--- a/docs/cce/umn/cce_10_0683.html
+++ b/docs/cce/umn/cce_10_0683.html
@@ -4,7 +4,7 @@
 
                                                                                                                                  Notes and Constraints
                                                                                                                                  • Only clusters of v1.19.16 or later support HTTP or HTTPS.
 
                                                                                                                                    
-
@@ -16,14 +16,14 @@
 
-
-
@@ -34,14 +34,14 @@
 
-
-
@@ -117,7 +117,7 @@ spec:
 
diff --git a/docs/cce/umn/cce_10_0684.html b/docs/cce/umn/cce_10_0684.html
index 44c2f3141..c69a718a8 100644
--- a/docs/cce/umn/cce_10_0684.html
+++ b/docs/cce/umn/cce_10_0684.html
@@ -1,11 +1,12 @@
 
 
-
                                                                                                                                    Configuring Health Check on Multiple Ports of a LoadBalancer Service
                                                                                                                                    
-
                                                                                                                                    The annotation field related to the health check of the LoadBalancer Service is upgraded from Kubernetes.io/elb.health-check-option to Kubernetes.io/elb.health-check-options. Each Service port can be configured separately, and you can configure only some ports. If the port protocol does not need to be configured separately, the original annotation field is still available and does not need to be modified.
                                                                                                                                    
+
                                                                                                                                    Configuring Health Check on Multiple LoadBalancer Service Ports
                                                                                                                                    
+
                                                                                                                                    The health check annotation field of LoadBalancer Services has been upgraded from kubernetes.io/elb.health-check-option to kubernetes.io/elb.health-check-options. You can now specify unique health check configurations for specific Service ports if needed. These tailored settings do not affect other ports. If all ports use the same health check parameters, the old annotation will continue to work as expected, and you do not need to make any changes.
                                                                                                                                    
 
                                                                                                                                    Notes and Constraints
                                                                                                                                    • This feature is available in the following versions:
                                                                                                                                      • v1.19: v1.19.16-r5 or later
                                                                                                                                      • v1.21: v1.21.8-r0 or later
                                                                                                                                      • v1.23: v1.23.6-r0 or later
                                                                                                                                      • v1.25: v1.25.2-r0 or later
                                                                                                                                      • Versions later than v1.25
                                                                                                                                      
 
                                                                                                                                    • Either kubernetes.io/elb.health-check-option or kubernetes.io/elb.health-check-options can be configured.
                                                                                                                                    • The target_service_port field is mandatory and must be unique.
                                                                                                                                    • For a TCP port, the health check protocol can only be TCP or HTTP. For a UDP port, the health check protocol must be UDP.
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    Procedure
                                                                                                                                    The following is an example of using the kubernetes.io/elb.health-check-options annotation:
                                                                                                                                    apiVersion: v1
+
                                                                                                                                    Procedure
                                                                                                                                    Configure health check for different Service ports. The following is an example using the kubernetes.io/elb.health-check-options annotation:
                                                                                                                                    
+
                                                                                                                                    apiVersion: v1
 kind: Service
 metadata:
   name: nginx
@@ -35,7 +36,7 @@ metadata:
 		"path": "/",
 		"target_service_port": "TCP:2",
 		"monitor_port": "22",
-                "expected_codes": "200-399,401,404"
+                "expected_codes": "200-399"
 	}
     ]'
 spec:
@@ -55,86 +56,87 @@ spec:
       port: 2
       protocol: TCP
   type: LoadBalancer
-  loadBalancerIP: **.**.**.**
                                                                                                                                    
+  loadBalancerIP: **.**.**.**
+
                                                                                                                                    
 
-
                                                                                                                                    Table 1 Scenarios where a load balancer supports HTTP or HTTPS
                                                                                                                                    ELB Type
                                                                                                                                    
 
                                                                                                                                    Application scenario
                                                                                                                                    
+
                                                                                                                                    Application
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    Whether to Support HTTP or HTTPS
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    Interconnecting with an existing load balancer
                                                                                                                                    
 
                                                                                                                                    Yes
                                                                                                                                    
+
                                                                                                                                    Supported
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    None
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    Automatically creating a load balancer
                                                                                                                                    
 
                                                                                                                                    Yes
                                                                                                                                    
+
                                                                                                                                    Supported
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    None
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    Supported
                                                                                                                                    
 
                                                                                                                                    • For versions earlier than v1.19.16-r50, v1.21.11-r10, v1.23.9-r10, v1.25.4-r10 and v1.27.1-r10, the load balancer flavor must support both the layer-4 and layer-7 routing.
                                                                                                                                    • For v1.19.16-r50, v1.21.11-r10, v1.23.9-r10, v1.25.4-r10, v1.27.1-r10, and later versions, the load balancer flavor must support layer-7 routing.
                                                                                                                                    
+
                                                                                                                                    • For versions earlier than v1.19.16-r50, v1.21.11-r10, v1.23.9-r10, v1.25.4-r10, or v1.27.1-r10, the load balancer flavor must support both the layer-4 and layer-7 routing.
                                                                                                                                    • For v1.19.16-r50, v1.21.11-r10, v1.23.9-r10, v1.25.4-r10, v1.27.1-r10, and later versions, the load balancer flavor must support layer-7 routing.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    Automatically creating a load balancer
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    Supported
                                                                                                                                    
 
                                                                                                                                    • For versions earlier than v1.19.16-r50, v1.21.11-r10, v1.23.9-r10, v1.25.4-r10 and v1.27.1-r10, the load balancer flavor must support both the layer-4 and layer-7 routing.
                                                                                                                                    • For v1.19.16-r50, v1.21.11-r10, v1.23.9-r10, v1.25.4-r10, v1.27.1-r10, and later versions, the load balancer flavor must support layer-7 routing.
                                                                                                                                    
+
                                                                                                                                    • For versions earlier than v1.19.16-r50, v1.21.11-r10, v1.23.9-r10, v1.25.4-r10, or v1.27.1-r10, the load balancer flavor must support both the layer-4 and layer-7 routing.
                                                                                                                                    • For v1.19.16-r50, v1.21.11-r10, v1.23.9-r10, v1.25.4-r10, v1.27.1-r10, and later versions, the load balancer flavor must support layer-7 routing.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    If a Service is TLS/HTTP/HTTPS-compliant, configure the protocol and port number in the format of "protocol:port".
                                                                                                                                    
-
                                                                                                                                    Specifically:
                                                                                                                                    
+
                                                                                                                                    where,
                                                                                                                                    
 
                                                                                                                                    • protocol: specifies the protocol used by the listener port. The value can be tls, http, or https.
                                                                                                                                    • port: Service port specified by spec.ports[].port.
                                                                                                                                    
 
                                                                                                                                    In this example, ports 443 and 80 are enabled with HTTPS and HTTP, respectively. Therefore, the parameter value is https:443,http:80.
                                                                                                                                    
 
                                                                                                                                    Table 1 elb.health-check-options
                                                                                                                                    Parameter
                                                                                                                                    
+
                                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -144,7 +146,6 @@ spec:
 
-
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    Parent topic: LoadBalancer
                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0686.html b/docs/cce/umn/cce_10_0686.html
index f29b14b7b..3763d5218 100644
--- a/docs/cce/umn/cce_10_0686.html
+++ b/docs/cce/umn/cce_10_0686.html
@@ -16,6 +16,10 @@
 
 
                                                                                                                                  • Advanced Setting Examples of LoadBalancer Ingresses
                                                                                                                                    
 
                                                                                                                                    • 
+
                                                                                                                                  • Forwarding Policy Priorities of LoadBalancer Ingresses
                                                                                                                                    
+
                                                                                                                                    • 
+
                                                                                                                                  • Configuring Multiple Ingresses to Use the Same External ELB Port
                                                                                                                                    
+
                                                                                                                                    • 
 
 
 
                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0687.html b/docs/cce/umn/cce_10_0687.html
index 440356e99..6aa2f1b87 100644
--- a/docs/cce/umn/cce_10_0687.html
+++ b/docs/cce/umn/cce_10_0687.html
@@ -2,9 +2,9 @@
 
 
                                                                                                                                    Configuring an HTTPS Certificate for a LoadBalancer Ingress
                                                                                                                                    
 
                                                                                                                                    Ingresses support SSL or TLS certificates, allowing you to secure your Services with HTTPS.
                                                                                                                                    
-
                                                                                                                                    You are allowed to use either of the following ways to configure an ingress certificate in a cluster:
                                                                                                                                    • Using a TLS certificate: You need to first import a certificate to a Secret. CCE will then automatically handle the certificate configurations on the ELB console and give a name to the certificate (started with k8s_plb_default). This certificate, which is generated by CCE, cannot be modified or deleted from the ELB console. To modify the certificate, update the secret where the certificate is imported to on CCE.
                                                                                                                                    • Using a certificate created on the ELB console: You are allowed to directly use certificates created on the ELB console. There is no need to manually configure the cluster Secrets, and you can modify the certificates on the ELB console.
                                                                                                                                    
+
                                                                                                                                    You are allowed to use either of the following ways to configure an ingress certificate in a cluster:
                                                                                                                                    • Using a TLS certificate: You need to first import a certificate to a secret. CCE will then automatically handle the certificate configurations on the ELB console and give a name to the certificate (started with k8s_plb_default). This certificate, which is generated by CCE, cannot be modified or deleted from the ELB console. To modify the certificate, update the secret where the certificate is imported to on CCE.
                                                                                                                                    • Using a certificate created on the ELB console: You are allowed to directly use certificates created on the ELB console. There is no need to manually configure the cluster Secrets, and you can modify the certificates on the ELB console.
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                     
                                                                                                                                    If HTTPS is enabled for the same port of the same load balancer of multiple ingresses, you must select the same certificate. For details, see Configuring a Same Port for Multiple Ingresses.
                                                                                                                                    
+
                                                                                                                                     
                                                                                                                                    If multiple ingresses share the same external port on a load balancer, you are advised to use the same certificate and security policy for these ingresses. Otherwise, the configuration of the first created ingress will take precedence. For details, see Configuring a Same Port for Multiple Ingresses.
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    Prerequisites
                                                                                                                                    
 
                                                                                                                                    
@@ -43,7 +43,7 @@
 
                                                                                                                                    
-
@@ -53,7 +53,7 @@
 
                                                                                                                                  • Click OK.
                                                                                                                                    • 
-
                                                                                                                                    Using kubectl to Configure a TLS Certificate
                                                                                                                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                    2. Ingress supports two TLS secret types: kubernetes.io/tls and IngressTLS. IngressTLS is used as an example. For details, see Creating a Secret. For details about examples of the kubernetes.io/tls secret and its description, see TLS secrets.
                                                                                                                                      Create a YAML file named ingress-test-secret.yaml. The file name can be customized.
                                                                                                                                      
+
                                                                                                                                      Using kubectl to Configure a TLS Certificate
                                                                                                                                      1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                      2. Ingress supports two TLS secret types: kubernetes.io/tls and IngressTLS. IngressTLS is used as an example. For details, see Creating a Secret. For details about examples of the kubernetes.io/tls secret and its description, see TLS secrets.
                                                                                                                                        Create a YAML file named ingress-test-secret.yaml. The file name can be customized.
                                                                                                                                        
 
                                                                                                                                        vi ingress-test-secret.yaml
                                                                                                                                        
 
                                                                                                                                        The YAML file is configured as follows:
                                                                                                                                        apiVersion: v1
 data:
@@ -176,7 +176,7 @@ spec:
 
 
                                                                                                                                    
@@ -203,7 +203,7 @@ spec:
 
                                                                                                                                    Table 1 elb.health-check-options
                                                                                                                                    Parameter
                                                                                                                                    
 
                                                                                                                                    Mandatory
                                                                                                                                    
+
                                                                                                                                    Mandatory
                                                                                                                                    
 
                                                                                                                                    Type
                                                                                                                                    
+
                                                                                                                                    Type
                                                                                                                                    
 
                                                                                                                                    Description
                                                                                                                                    
+
                                                                                                                                    Description
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    target_service_port
                                                                                                                                    
+
                                                                                                                                    target_service_port
                                                                                                                                    
 
                                                                                                                                    Yes
                                                                                                                                    
+
                                                                                                                                    Yes
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Port for health check specified by spec.ports. The value consists of the protocol and port number, for example, TCP:80.
                                                                                                                                    
+
                                                                                                                                    Port for health check specified by spec.ports. The value consists of the protocol and port number, for example, TCP:80.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    monitor_port
                                                                                                                                    
+
                                                                                                                                    monitor_port
                                                                                                                                    
 
                                                                                                                                    No
                                                                                                                                    
+
                                                                                                                                    No
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Re-specified port for health check. If this parameter is not specified, the service port is used by default.
                                                                                                                                    
+
                                                                                                                                    Re-specified port for health check. If this parameter is not specified, the service port is used by default.
                                                                                                                                    
 
                                                                                                                                     NOTE: 
                                                                                                                                    Ensure that the port is in the listening state on the node where the pod is located. Otherwise, the health check result will be affected.
                                                                                                                                    
 
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    delay
                                                                                                                                    
+
                                                                                                                                    delay
                                                                                                                                    
 
                                                                                                                                    No
                                                                                                                                    
+
                                                                                                                                    No
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Health check interval (s)
                                                                                                                                    
+
                                                                                                                                    Health check interval (s)
                                                                                                                                    
 
                                                                                                                                    Value range: 1 to 50. Default value: 5
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    timeout
                                                                                                                                    
+
                                                                                                                                    timeout
                                                                                                                                    
 
                                                                                                                                    No
                                                                                                                                    
+
                                                                                                                                    No
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Health check timeout, in seconds.
                                                                                                                                    
+
                                                                                                                                    Health check timeout, in seconds.
                                                                                                                                    
 
                                                                                                                                    Value range: 1 to 50. Default value: 10
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    max_retries
                                                                                                                                    
+
                                                                                                                                    max_retries
                                                                                                                                    
 
                                                                                                                                    No
                                                                                                                                    
+
                                                                                                                                    No
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Maximum number of health check retries.
                                                                                                                                    
+
                                                                                                                                    Maximum number of health check retries.
                                                                                                                                    
 
                                                                                                                                    Value range: 1 to 10. Default value: 3
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    protocol
                                                                                                                                    
+
                                                                                                                                    protocol
                                                                                                                                    
 
                                                                                                                                    No
                                                                                                                                    
+
                                                                                                                                    No
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Health check protocol.
                                                                                                                                    
+
                                                                                                                                    Health check protocol.
                                                                                                                                    
 
                                                                                                                                    Default value: protocol of the associated Service
                                                                                                                                    
-
                                                                                                                                    Value options: TCP, UDP, or HTTP
                                                                                                                                    
+
                                                                                                                                    Options: TCP, UDP, and HTTP
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    path
                                                                                                                                    
+
                                                                                                                                    path
                                                                                                                                    
 
                                                                                                                                    No
                                                                                                                                    
+
                                                                                                                                    No
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                                                                    
+
                                                                                                                                    Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                                                                    
 
                                                                                                                                    Default value: /
                                                                                                                                    
 
                                                                                                                                    Value range: 1-80 characters
                                                                                                                                    
                                                                                                                                     		
 
 
 
                                                                                                                                    
 
                                                                                                                                    Forwarding Policy
                                                                                                                                    
 
                                                                                                                                    • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                    • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                    • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                    • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                    • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                    
+
                                                                                                                                    • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                    • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                    • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                    • Destination Service: Select an existing Service. Only Services that meet the requirements are automatically displayed in the Service list. 
                                                                                                                                    • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    • Domain Name: You do not need to configure this parameter.
                                                                                                                                    • Path Matching Rule: Prefix match
                                                                                                                                    • Path: /
                                                                                                                                    • Destination Service: nginx
                                                                                                                                    • Destination Service Port: 80
                                                                                                                                    
                                                                                                                                     		
 
 
                                                                                                                                    The default value is tls-1-2, which is the default security policy used by the listener and takes effect only when HTTPS is used.
                                                                                                                                    
 
                                                                                                                                    Options:
                                                                                                                                    
-
                                                                                                                                    • tls-1-0
                                                                                                                                    • tls-1-1
                                                                                                                                    • tls-1-2
                                                                                                                                    • tls-1-2-strict
                                                                                                                                    
+
                                                                                                                                    • tls-1-0
                                                                                                                                    • tls-1-1
                                                                                                                                    • tls-1-2
                                                                                                                                    • tls-1-2-strict
                                                                                                                                    • tls-1-0-with-1-3 (dedicated load balancer)
                                                                                                                                    • tls-1-2-fs (dedicated load balancer)
                                                                                                                                    • tls-1-2-fs-with-1-3 (dedicated load balancer)
                                                                                                                                    
 
                                                                                                                                    For details of cipher suites for each security policy, see Table 3.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    
 
-
                                                                                                                                    Table 3 tls_ciphers_policy parameter description
                                                                                                                                    Security Policy
                                                                                                                                    
+
                                                                                                                                    
@@ -211,7 +211,7 @@ spec:
 
-
-
-
@@ -238,7 +238,7 @@ spec:
 
-
-
-
-
@@ -324,10 +324,10 @@ ingress-test  cce      *         121.**.**.**     80,443  10s
                                                                                                                                  • Click OK.
                                                                                                                                    • 
-
                                                                                                                                    Using kubectl to Configure a Certificate Created on the ELB Console
                                                                                                                                    To use an ELB certificate, you can specify the kubernetes.io/elb.tls-certificate-ids annotation.
                                                                                                                                    
+
                                                                                                                                    Using kubectl to Configure a Certificate Created on the ELB Console
                                                                                                                                    To use an ELB certificate, you can specify the kubernetes.io/elb.tls-certificate-ids annotation.
                                                                                                                                    
 
                                                                                                                                     
                                                                                                                                    • If both an ELB certificate and a TLS certificate are specified for the same ingress, the ingress will use the ELB certificate.
                                                                                                                                    • CCE does not check whether an ELB certificate is valid. It only checks whether the certificate is present.
                                                                                                                                    • Only ingresses in clusters of v1.19.16-r2, v1.21.5-r0, v1.23.3-r0, or later support ELB certificates.
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                    2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                      vi ingress-test.yaml
                                                                                                                                      
+
                                                                                                                                      1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                      2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                        vi ingress-test.yaml
                                                                                                                                        
 
                                                                                                                                        An example YAML file of an ingress associated with an existing load balancer is as follows:
                                                                                                                                        
 
                                                                                                                                        For clusters of v1.21 or earlier:
                                                                                                                                        
 
                                                                                                                                        apiVersion: networking.k8s.io/v1beta1
@@ -407,7 +407,7 @@ spec:
 ingress-test  cce      *         121.**.**.**     80,443  10s
                                                                                                                                        
 
                                                                                                                                      
 
                                                                                                                                    
-
                                                                                                                                    Configuring a Same Port for Multiple Ingresses
                                                                                                                                    In a cluster, multiple ingresses can share a listener, allowing them to use the same port on a single load balancer. When two ingresses are set up with HTTPS certificates, the server certificate that is used will be based on the configuration of the earliest ingress.
                                                                                                                                    
+
                                                                                                                                    Configuring a Same Port for Multiple Ingresses
                                                                                                                                    In a cluster, multiple ingresses can share a listener, allowing them to use the same port on a single load balancer. When two ingresses are set up with HTTPS certificates, the server certificate that is used will be based on the configuration of the earliest ingress. 
                                                                                                                                    
 
                                                                                                                                    Starting from v1.21.15-r0, v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, v1.29.1-r0, and later, the YAML file of ingresses includes annotation: kubernetes.io/elb.listener-master-ingress. This annotation specifies the server certificate configured and used by ingresses.
                                                                                                                                    
 
                                                                                                                                    For example, the configurations of two ingresses are as follows:
                                                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0688.html b/docs/cce/umn/cce_10_0688.html
index b1e6b1a2a..17ee7d17a 100644
--- a/docs/cce/umn/cce_10_0688.html
+++ b/docs/cce/umn/cce_10_0688.html
@@ -46,7 +46,7 @@
 
                                                                                                                                    
-
@@ -60,7 +60,7 @@
 
                                                                                                                                    • Only one domain name can be specified for each SNI certificate. Wildcard-domain certificates are supported.
                                                                                                                                    • Security policy (kubernetes.io/elb.tls-ciphers-policy) is supported only in clusters of v1.17.11 or later.
                                                                                                                                    In this example, the sni-test-secret SNI certificate is used as an example. The specified domain name must be the same as that of the SNI certificate.
                                                                                                                                    
-
                                                                                                                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                    2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                      vi ingress-test.yaml
                                                                                                                                      
+
                                                                                                                                      1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                      2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                        vi ingress-test.yaml
                                                                                                                                        
 
                                                                                                                                        An example YAML file of an ingress associated with an automatically created load balancer is as follows:
                                                                                                                                        
 
                                                                                                                                        For clusters of v1.21 or earlier:
                                                                                                                                        apiVersion: networking.k8s.io/v1beta1
 kind: Ingress 
@@ -87,9 +87,9 @@ metadata:
     kubernetes.io/elb.tls-ciphers-policy: tls-1-2
 spec:
   tls: 
-  - secretName: ingress-test-secret
+  - secretName: ingress-test-secret # A server certificate must be specified.
   - hosts:
-      - example.com  # Domain name specified when a certificate is issued
+      - example.com  # Domain name specified when an SNI certificate is issued
     secretName: sni-test-secret   #SNI certificate
   rules: 
   - host: example.com   #The domain name must be the same as the value of hosts in the tls field.
@@ -126,12 +126,12 @@ metadata:
     kubernetes.io/elb.tls-ciphers-policy: tls-1-2
 spec:
   tls: 
-  - secretName: ingress-test-secret 
+  - secretName: ingress-test-secret  # A server certificate must be specified.
   - hosts:
-      - example.com  # Domain name specified when a certificate is issued
-    secretName: sni-test-secret #SNI certificate
+      - example.com  # Domain name specified when an SNI certificate is issued
+    secretName: sni-test-secret # SNI certificate
   rules: 
-  - host: example.com   #The domain name must be the same as the value of hosts in the tls field.
+  - host: example.com   # The domain name must be the same as the value of hosts in the tls field.
     http: 
       paths: 
       - path: '/'
@@ -194,7 +194,7 @@ ingress-test   cce    example.com    121.**.**.**     80,443  10s
                                                                                                                                        
 
                                                                                                                                    
-
@@ -207,7 +207,7 @@ ingress-test   cce    example.com    121.**.**.**     80,443  10s
                                                                                                                                    Using kubectl to Configure an SNI Certificate Created on the ELB Console
                                                                                                                                    To use an ELB certificate for an ingress, you can specify the kubernetes.io/elb.tls-certificate-ids annotation.
                                                                                                                                    
 
                                                                                                                                     
                                                                                                                                    • If both an ELB certificate and a TLS certificate are specified for the same ingress, the ingress will use the ELB certificate.
                                                                                                                                    • CCE does not check whether an ELB certificate is valid. It only checks whether the certificate is present.
                                                                                                                                    • Only ingresses in clusters of v1.19.16-r2, v1.21.5-r0, v1.23.3-r0, or later support ELB certificates.
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                    2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                      vi ingress-test.yaml
                                                                                                                                      
+
                                                                                                                                      1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                      2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                        vi ingress-test.yaml
                                                                                                                                        
 
                                                                                                                                        An example YAML file of an ingress associated with an existing load balancer is as follows:
                                                                                                                                        
 
                                                                                                                                        For clusters of v1.21 or earlier:
                                                                                                                                        
 
                                                                                                                                        apiVersion: networking.k8s.io/v1beta1
@@ -227,11 +227,11 @@ spec:
       paths: 
       - path: '/'
         backend: 
-          serviceName: <your_service_name>  # Replace it with the name of your target Service.
+          serviceName: <your_service_name>  # Replace it with the name of your target Service.
           servicePort: 80
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                                        
-
                                                                                                                                        For clusters of v1.23 or later:
                                                                                                                                        apiVersion: networking.k8s.io/v1
+
                                                                                                                                        For clusters of v1.23 or later:
                                                                                                                                        apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: ingress-test
@@ -249,7 +249,7 @@ spec:
           - path: '/'
             backend:
               service:
-            name: <your_service_name>  # Replace it with the name of your target Service.
+            name: <your_service_name>  # Replace it with the name of your target Service.
                 port: 
                   number: 80             # Replace 80 with the port number of your target Service.
             property:
diff --git a/docs/cce/umn/cce_10_0689.html b/docs/cce/umn/cce_10_0689.html
index 033b78d07..26c445f17 100644
--- a/docs/cce/umn/cce_10_0689.html
+++ b/docs/cce/umn/cce_10_0689.html
@@ -41,7 +41,7 @@
 
                                                                                                                                    
-
-
@@ -53,7 +53,7 @@
 
                                                                                                                                  • Click OK.
                                                                                                                                    • 
-
                                                                                                                                    Using kubectl to Configure an HTTPS Backend Service
                                                                                                                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                    2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                      vi ingress-test.yaml
                                                                                                                                      
+
                                                                                                                                      Using kubectl to Configure an HTTPS Backend Service
                                                                                                                                      1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                      2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                        vi ingress-test.yaml
                                                                                                                                        
 
                                                                                                                                        An example YAML file of an ingress associated with an existing load balancer is as follows:
                                                                                                                                        
 
                                                                                                                                        apiVersion: networking.k8s.io/v1
 kind: Ingress
diff --git a/docs/cce/umn/cce_10_0692.html b/docs/cce/umn/cce_10_0692.html
index 155112913..518f8e184 100644
--- a/docs/cce/umn/cce_10_0692.html
+++ b/docs/cce/umn/cce_10_0692.html
@@ -16,6 +16,8 @@
 
                                                                                                                                        3. 
 
                                                                                                                                      3. Advanced Setting Examples of Nginx Ingresses
                                                                                                                                        
 
                                                                                                                                        4. 
+
                                                                                                                                      4. NGINX Ingress Controller Upgrade Compatibility
                                                                                                                                        
+
                                                                                                                                        5. 
 
 
 
                                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0693.html b/docs/cce/umn/cce_10_0693.html
index 50d60ac7e..412a369d2 100644
--- a/docs/cce/umn/cce_10_0693.html
+++ b/docs/cce/umn/cce_10_0693.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                        Configuring an HTTPS Certificate for an Nginx Ingress
                                                                                                                                        
 
                                                                                                                                        HTTPS certificates can be configured for ingresses to provide security services.
                                                                                                                                        
-
                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                        2. Ingress supports two TLS secret types: kubernetes.io/tls and IngressTLS. IngressTLS is used as an example. For details, see Creating a Secret. For details about examples of the kubernetes.io/tls secret and its description, see TLS secrets.
                                                                                                                                          Create a YAML file named ingress-test-secret.yaml. The file name can be customized.
                                                                                                                                          
+
                                                                                                                                          1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                          2. Ingress supports two TLS secret types: kubernetes.io/tls and IngressTLS. IngressTLS is used as an example. For details, see Creating a Secret. For details about examples of the kubernetes.io/tls secret and its description, see TLS secrets.
                                                                                                                                            Create a YAML file named ingress-test-secret.yaml. The file name can be customized.
                                                                                                                                            
 
                                                                                                                                            vi ingress-test-secret.yaml
                                                                                                                                            
 
                                                                                                                                            The YAML file is configured as follows:
                                                                                                                                            apiVersion: v1
 data:
@@ -35,10 +35,10 @@ metadata:
 spec:
   tls: 
   - hosts: 
-    - foo.bar.com
+    - example.com
     secretName: ingress-test-secret  # Replace it with your TLS key certificate.
   rules:
-    - host: foo.bar.com
+    - host: example.com
       http:
         paths:
           - path: /
@@ -61,26 +61,25 @@ metadata:
 spec:
   tls: 
   - hosts: 
-    - foo.bar.com
+    - example.com
     secretName: ingress-test-secret   # Replace it with your TLS key certificate.
   rules: 
-  - host: foo.bar.com
+  - host: example.com
     http: 
       paths: 
       - path: '/'
         backend: 
           serviceName: <your_service_name>  # Replace it with the name of your target Service.
-          servicePort: <your_service_port>  # Replace it with the port number of your target Service.
-  ingressClassName: nginx
                                                                                                                                            
+          servicePort: <your_service_port>  # Replace it with the port number of your target Service.
 
                                                                                                                                            
 
                                                                                                                                          3. Create an ingress.
                                                                                                                                            kubectl create -f ingress-test.yaml
                                                                                                                                            
 
                                                                                                                                            If information similar to the following is displayed, the ingress has been created:
                                                                                                                                            
 
                                                                                                                                            ingress/ingress-test created
                                                                                                                                            
 
                                                                                                                                          4. Check the created ingress.
                                                                                                                                            kubectl get ingress
                                                                                                                                            
 
                                                                                                                                            If information similar to the following is displayed, the ingress has been created:
                                                                                                                                            
-
                                                                                                                                            NAME          CLASS   HOSTS     ADDRESS          PORTS   AGE
-ingress-test  nginx   *         121.**.**.**     80      10s
                                                                                                                                            
-
                                                                                                                                          5. Enter https://121.**.**.**:443 in the address box of the browser to access the workload (for example, Nginx workload).
                                                                                                                                            121.**.**.** indicates the IP address of the unified load balancer.
                                                                                                                                            
+
                                                                                                                                            NAME          CLASS   HOSTS         ADDRESS    PORTS   AGE
+ingress-test  nginx   example.com              80,443  10s
                                                                                                                                            
+
                                                                                                                                          6. Enter https://example.com in the address box of the browser to access the workload (for example, Nginx workload).
                                                                                                                                            Replace example.com with your domain name.
                                                                                                                                            
 
                                                                                                                                          
 
                                                                                                                                        
 
                                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0694.html b/docs/cce/umn/cce_10_0694.html
index b07f29c2f..b217f10fa 100644
--- a/docs/cce/umn/cce_10_0694.html
+++ b/docs/cce/umn/cce_10_0694.html
@@ -1,51 +1,50 @@
 
 
 
                                                                                                                                        Configuring HTTP/2 for a LoadBalancer Ingress
                                                                                                                                        
-
                                                                                                                                        Ingresses can use HTTP/2 to expose Services. Connections from the load balancer to your application use HTTP/1.x by default. If your application is capable of receiving HTTP/2 requests, you can add the following configuration to the annotation to enable the use of HTTP/2:
                                                                                                                                        
-
                                                                                                                                        kubernetes.io/elb.http2-enable: 'true'
                                                                                                                                        
+
                                                                                                                                        Ingresses can use HTTP/2 to expose Services. Connections from the load balancer to your application use HTTP/1.x by default. If your application is capable of receiving HTTP/2 requests, enable the use of HTTP/2 by referring to Using the CCE Console to Configure HTTP/2 or Using kubectl to Configure HTTP/2.
                                                                                                                                        
 
                                                                                                                                        Prerequisites
                                                                                                                                        • A CCE standard or Turbo cluster is available, and the cluster version meets the following requirements:
                                                                                                                                          • v1.23: v1.23.13-r0 or later
                                                                                                                                          • v1.25: v1.25.8-r0 or later
                                                                                                                                          • v1.27: v1.27.5-r0 or later
                                                                                                                                          • v1.28: v1.28.3-r0 or later
                                                                                                                                          • Other clusters of later versions
                                                                                                                                          
 
                                                                                                                                        • An available workload has been deployed in the cluster for external access. If no workload is available, deploy a workload by referring to Creating a Deployment, Creating a StatefulSet, or Creating a DaemonSet.
                                                                                                                                        • A Service for external access has been configured for the workload. Services Supported by LoadBalancer Ingresses lists the Service types supported by LoadBalancer ingresses.
                                                                                                                                        • You can obtain a trusted certificate from a certificate provider. 
                                                                                                                                        
 
                                                                                                                                        
-
                                                                                                                                        Notes and Constraints
                                                                                                                                        • Only an HTTPS-compliant load balancer supports HTTP/2.
                                                                                                                                        • After HTTP/2 is configured, if you delete the advanced configuration for enabling HTTP/2 on the CCE console or delete the target annotation from the YAML file, HTTP/2 will be disabled on the ELB.
                                                                                                                                        
+
                                                                                                                                        Notes and Constraints
                                                                                                                                        • Only an HTTPS-compliant load balancer supports HTTP/2.
                                                                                                                                        • After HTTP/2 is configured, if you delete the advanced configuration for enabling HTTP/2 on the CCE console or delete the target annotation from the YAML file, HTTP/2 will be disabled on the ELB.
                                                                                                                                        • If multiple ingresses share the same external port on a load balancer, you are advised to use the same HTTP/2 configuration for these ingresses. Otherwise, the configuration of the first created ingress will take precedence. For details, see Configuring Multiple Ingresses to Use the Same External ELB Port.
                                                                                                                                        
 
                                                                                                                                        
-
                                                                                                                                        Using the CCE Console to Configure HTTP/2
                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                        2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                                                                                        3. Configure ingress parameters.
                                                                                                                                           
                                                                                                                                          This example explains only key parameters for configuring HTTP/2. You can configure other parameters as required. For details, see Creating a LoadBalancer Ingress on the Console.
                                                                                                                                          
+
                                                                                                                                          Using the CCE Console to Configure HTTP/2
                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                          2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                                                                                          3. Configure ingress parameters.
                                                                                                                                             
                                                                                                                                            This example explains only key parameters for configuring HTTP/2. You can configure other parameters as required. For details, see Creating a LoadBalancer Ingress on the Console.
                                                                                                                                            
 
                                                                                                                                            
 
-
                                                                                                                                    Table 3 tls_ciphers_policy parameters
                                                                                                                                    Security Policy
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    TLS Version
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    tls-1-0
                                                                                                                                    
+
                                                                                                                                    tls-1-0
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    TLS 1.2
                                                                                                                                    
 
                                                                                                                                    TLS 1.1
                                                                                                                                    
@@ -220,13 +220,13 @@ spec:
 
                                                                                                                                    ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-SHA:AES256-SHA
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    tls-1-1
                                                                                                                                    
+
                                                                                                                                    tls-1-1
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    TLS 1.2
                                                                                                                                    
 
                                                                                                                                    TLS 1.1
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    tls-1-2
                                                                                                                                    
+
                                                                                                                                    tls-1-2
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    TLS 1.2
                                                                                                                                    
 
                                                                                                                                    ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    TLS-1-0-WITH-1-3 (dedicated load balancer)
                                                                                                                                    
+
                                                                                                                                    tls-1-0-with-1-3 (dedicated load balancer)
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    TLS 1.3
                                                                                                                                    
 
                                                                                                                                    TLS 1.2
                                                                                                                                    
@@ -248,7 +248,7 @@ spec:
 
                                                                                                                                    ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-SHA:AES256-SHA:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    TLS-1-2-FS (dedicated load balancer)
                                                                                                                                    
+
                                                                                                                                    tls-1-2-fs (dedicated load balancer)
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    TLS 1.3
                                                                                                                                    
 
                                                                                                                                    TLS 1.2
                                                                                                                                    
@@ -256,7 +256,7 @@ spec:
 
                                                                                                                                    ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    TLS-1-2-FS-WITH-1-3 (dedicated load balancer)
                                                                                                                                    
+
                                                                                                                                    tls-1-2-fs-with-1-3 (dedicated load balancer)
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    TLS 1.3
                                                                                                                                    
 
                                                                                                                                    TLS 1.2
                                                                                                                                    
@@ -314,7 +314,7 @@ ingress-test  cce      *         121.**.**.**     80,443  10s
 
                                                                                                                                    
 
                                                                                                                                    Forwarding Policy
                                                                                                                                    
 
                                                                                                                                    • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                    • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                    • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                    • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                    • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                    
+
                                                                                                                                    • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                    • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                    • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                    • Destination Service: Select an existing Service. Only Services that meet the requirements are automatically displayed in the Service list. 
                                                                                                                                    • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    • Domain Name: You do not need to configure this parameter.
                                                                                                                                    • Path Matching Rule: Prefix match
                                                                                                                                    • Path: /
                                                                                                                                    • Destination Service: nginx
                                                                                                                                    • Destination Service Port: 80
                                                                                                                                    
                                                                                                                                     		
 
 
 
                                                                                                                                    
 
                                                                                                                                    Forwarding Policy
                                                                                                                                    
 
                                                                                                                                    • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                    • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                    • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                    • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                    • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                    
+
                                                                                                                                    • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                    • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                    • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                    • Destination Service: Select an existing Service. Only Services that meet the requirements are automatically displayed in the Service list. 
                                                                                                                                    • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    • Domain Name: example.com
                                                                                                                                    • Path Matching Rule: Prefix match
                                                                                                                                    • Path: /
                                                                                                                                    • Destination Service: nginx
                                                                                                                                    • Destination Service Port: 80
                                                                                                                                    
                                                                                                                                     		
 
 
                                                                                                                                    
 
                                                                                                                                    Forwarding Policy
                                                                                                                                    
 
                                                                                                                                    • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                    • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                    • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                    • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                    • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                    
+
                                                                                                                                    • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                    • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                    • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                    • Destination Service: Select an existing Service. Only Services that meet the requirements are automatically displayed in the Service list. 
                                                                                                                                    • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    • Domain Name: You do not need to configure this parameter.
                                                                                                                                    • Path Matching Rule: Prefix match
                                                                                                                                    • Path: /
                                                                                                                                    • Destination Service: nginx
                                                                                                                                    • Destination Service Port: 80
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    Forwarding Policy
                                                                                                                                    
 
                                                                                                                                    • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                    • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                    • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                    • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                    • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                    
+
                                                                                                                                    • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                    • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                    • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                    • Destination Service: Select an existing Service. Only Services that meet the requirements are automatically displayed in the Service list. 
                                                                                                                                    • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    Forwarding rule 1:
                                                                                                                                    
 
                                                                                                                                    • Domain Name: www.example.com
                                                                                                                                    • Path Matching Rule: Prefix match
                                                                                                                                    • Path: /foo
                                                                                                                                    • Destination Service: nginx
                                                                                                                                    • Destination Service Port: 80
                                                                                                                                    
@@ -56,7 +56,7 @@
 
 
                                                                                                                                  • Click OK.
                                                                                                                                    • 
 
-
                                                                                                                                    Using kubectl
                                                                                                                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                    2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                      vi ingress-test.yaml
                                                                                                                                      
+
                                                                                                                                      Using kubectl
                                                                                                                                      1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                      2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                        vi ingress-test.yaml
                                                                                                                                        
 
                                                                                                                                        An example YAML file of an ingress associated with an existing load balancer is as follows:
                                                                                                                                        
 
                                                                                                                                        For clusters of v1.23 or later:
                                                                                                                                        apiVersion: networking.k8s.io/v1
 kind: Ingress 
diff --git a/docs/cce/umn/cce_10_0691.html b/docs/cce/umn/cce_10_0691.html
index 9b16575bc..55a27d101 100644
--- a/docs/cce/umn/cce_10_0691.html
+++ b/docs/cce/umn/cce_10_0691.html
@@ -43,7 +43,7 @@
 
                                                                                                                                    
 
                                                                                                                                    Forwarding Policy
                                                                                                                                    
 
                                                                                                                                    • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                    • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                    • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                    • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                    • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                    
+
                                                                                                                                    • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                    • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                    • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                    • Destination Service: Select an existing Service. Only Services that meet the requirements are automatically displayed in the Service list. 
                                                                                                                                    • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    • Domain Name: You do not need to configure this parameter.
                                                                                                                                    • Path Matching Rule: Prefix match
                                                                                                                                    • Path: /
                                                                                                                                    • Destination Service: nginx
                                                                                                                                    • Destination Service Port: 80
                                                                                                                                    
                                                                                                                                     		
 
 
                                                                                                                                    Table 1 Key parameters
                                                                                                                                    Parameter
                                                                                                                                    
+
                                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -53,7 +52,7 @@
 
                                                                                                                                  • Click OK.
                                                                                                                                    • 
-
                                                                                                                                    Using kubectl to Configure HTTP/2
                                                                                                                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                    2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                      vi ingress-test.yaml
                                                                                                                                      
+
                                                                                                                                      Using kubectl to Configure HTTP/2
                                                                                                                                      1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                      2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                        vi ingress-test.yaml
                                                                                                                                        
 
                                                                                                                                        An example YAML file of an ingress associated with an existing load balancer is as follows:
                                                                                                                                        apiVersion: networking.k8s.io/v1
 kind: Ingress 
 metadata: 
@@ -82,23 +81,23 @@ spec:
   ingressClassName: cce 
                                                                                                                                        
 
                                                                                                                                        
 
-
                                                                                                                                    Table 1 Key parameters
                                                                                                                                    Parameter
                                                                                                                                    
 
                                                                                                                                    Description
                                                                                                                                    
+
                                                                                                                                    Description
                                                                                                                                    
 
                                                                                                                                    Example
                                                                                                                                    
+
                                                                                                                                    Example
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    Name
                                                                                                                                    
+
                                                                                                                                    Name
                                                                                                                                    
 
                                                                                                                                    Enter an ingress name.
                                                                                                                                    
+
                                                                                                                                    Enter an ingress name.
                                                                                                                                    
 
                                                                                                                                    ingress-test
                                                                                                                                    
+
                                                                                                                                    ingress-test
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    Load Balancer
                                                                                                                                    
+
                                                                                                                                    Load Balancer
                                                                                                                                    
 
                                                                                                                                    Select a load balancer to be associated with the ingress or automatically create a load balancer.
                                                                                                                                    
+
                                                                                                                                    Select a load balancer to be associated with the ingress or automatically create a load balancer.
                                                                                                                                    
 
                                                                                                                                    Shared
                                                                                                                                    
+
                                                                                                                                    Shared
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    Listener
                                                                                                                                    
+
                                                                                                                                    Listener
                                                                                                                                    
 
                                                                                                                                    • External Protocol: Select HTTPS.
                                                                                                                                    • External Port: specifies the port of the load balancer listener. The default HTTPS port is 443.
                                                                                                                                    • Certificate Source: Select ELB server certificate.
                                                                                                                                    • Server Certificate: Use a certificate created on ELB.
                                                                                                                                      If no certificate is available, go to the ELB console and create one.
                                                                                                                                      
+
                                                                                                                                    • External Protocol: Select HTTPS.
                                                                                                                                    • External Port: specifies the port of the load balancer listener. The default HTTPS port is 443.
                                                                                                                                    • Certificate Source: Select ELB server certificate.
                                                                                                                                    • Server Certificate: Use a certificate created on ELB.
                                                                                                                                      If no certificate is available, go to the ELB console and create one.
                                                                                                                                      
 
                                                                                                                                    • Advanced Options: Add advanced configurations, select HTTP2, and set its status to Enable.
                                                                                                                                    
 
                                                                                                                                    • External Protocol: HTTPS
                                                                                                                                    • External Port: 443
                                                                                                                                    • Certificate Source: ELB server certificate
                                                                                                                                    • Server Certificate: cert-test
                                                                                                                                    • Advanced Options: HTTP2 enabled
                                                                                                                                    
+
                                                                                                                                    • External Protocol: HTTPS
                                                                                                                                    • External Port: 443
                                                                                                                                    • Certificate Source: ELB server certificate
                                                                                                                                    • Server Certificate: cert-test
                                                                                                                                    • Advanced Options: HTTP2 enabled
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    Forwarding Policy
                                                                                                                                    
+
                                                                                                                                    Forwarding Policy
                                                                                                                                    
 
                                                                                                                                    • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                    • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                    • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                    • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                    • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                    
+
                                                                                                                                    • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                    • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                    • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                    • Destination Service: Select an existing Service. Only Services that meet the requirements are automatically displayed in the Service list. 
                                                                                                                                    • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                    
 
                                                                                                                                    • Domain Name: You do not need to configure this parameter.
                                                                                                                                    • Path Matching Rule: Prefix match
                                                                                                                                    • Path: /
                                                                                                                                    • Destination Service: nginx
                                                                                                                                    • Destination Service Port: 80
                                                                                                                                    
+
                                                                                                                                    • Domain Name: You do not need to configure this parameter.
                                                                                                                                    • Path Matching Rule: Prefix match
                                                                                                                                    • Path: /
                                                                                                                                    • Destination Service: nginx
                                                                                                                                    • Destination Service Port: 80
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
                                                                                                                                     
 
 
                                                                                                                                    
-
-
@@ -198,12 +227,12 @@
 
-
-
@@ -212,23 +241,23 @@
 
                                                                                                                                    Interconnecting with HTTPS Backend Services
                                                                                                                                    For details about application scenarios and use cases, see Configuring HTTPS Backend Services for a LoadBalancer Ingress.
                                                                                                                                    
 
-
                                                                                                                                    Table 2 HTTP/2 parameters
                                                                                                                                    Parameter
                                                                                                                                    
+
                                                                                                                                    
-
-
-
-
-
-
-
-
                                                                                                                                    Table 2 HTTP/2 parameters
                                                                                                                                    Parameter
                                                                                                                                    
 
                                                                                                                                    Mandatory
                                                                                                                                    
+
                                                                                                                                    Mandatory
                                                                                                                                    
 
                                                                                                                                    Type
                                                                                                                                    
+
                                                                                                                                    Type
                                                                                                                                    
 
                                                                                                                                    Description
                                                                                                                                    
+
                                                                                                                                    Description
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    kubernetes.io/elb.http2-enable
                                                                                                                                    
+
                                                                                                                                    kubernetes.io/elb.http2-enable
                                                                                                                                    
 
                                                                                                                                    No
                                                                                                                                    
+
                                                                                                                                    No
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Whether HTTP/2 is enabled. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.
                                                                                                                                    
+
                                                                                                                                    Whether HTTP/2 is enabled. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.
                                                                                                                                    
 
                                                                                                                                    Options:
                                                                                                                                    
 
                                                                                                                                    • true: enabled
                                                                                                                                    • false: disabled (default value)
                                                                                                                                    
 
                                                                                                                                    Note: HTTP/2 can be enabled or disabled only when the listener uses HTTPS. This parameter is invalid and defaults to false when the listener protocol is HTTP.
                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0695.html b/docs/cce/umn/cce_10_0695.html
index f376347d2..c5b8328ee 100644
--- a/docs/cce/umn/cce_10_0695.html
+++ b/docs/cce/umn/cce_10_0695.html
@@ -26,103 +26,111 @@
 
                                                                                                                                    
 
                                                                                                                                    Forwarding policy
                                                                                                                                    
                                                                                                                                     		
+
 
 
                                                                                                                                    
                                                                                                                                     
 
                                                                                                                                    
 
                                                                                                                                    
+
                                                                                                                                     
                                                                                                                                    In a cluster, multiple ingresses can share a listener, allowing them to use the same port on a single load balancer. If two ingresses have different listener configurations, the listener configuration of the earlier ingress (known as the first route) will be used. 
                                                                                                                                    
+
                                                                                                                                    This case involves the following scenarios:
                                                                                                                                    
+
+
                                                                                                                                    Ensure that the configurations of different listeners for various ingresses are synchronized. 
                                                                                                                                    
+
                                                                                                                                    
 
 
                                                                                                                                    Basic Configurations for Interconnecting with ELB
                                                                                                                                    Application scenarios and use cases:
 
                                                                                                                                    
 
 
                                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -130,13 +138,13 @@
 
                                                                                                                                    Table 1 Annotations for interconnecting with ELB
                                                                                                                                    Parameter
                                                                                                                                    
 
                                                                                                                                    Type
                                                                                                                                    
+
                                                                                                                                    Type
                                                                                                                                    
 
                                                                                                                                    Description
                                                                                                                                    
+
                                                                                                                                    Description
                                                                                                                                    
 
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
+
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
                                                                                                                                     
 
                                                                                                                                    kubernetes.io/elb.class
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Select a proper load balancer type.
                                                                                                                                    
+
                                                                                                                                    Select a proper load balancer type.
                                                                                                                                    
 
                                                                                                                                    • union: shared load balancer
                                                                                                                                    • performance: dedicated load balancer, which can be used only in clusters of v1.17 and later.
                                                                                                                                    
 
                                                                                                                                    v1.9 or later
                                                                                                                                    
+
                                                                                                                                    v1.9 or later
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    kubernetes.io/ingress.class
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    • cce: A proprietary LoadBalancer ingress is used.
                                                                                                                                    • nginx: Nginx Ingress is used.
                                                                                                                                    
+
                                                                                                                                    • cce: A proprietary LoadBalancer ingress is used.
                                                                                                                                    • nginx: indicates that Nginx Ingress is used. This option is available only after NGINX Ingress Controller is installed. For details, see Creating an Nginx Ingress Using kubectl.
                                                                                                                                      Multiple NGINX Ingress Controller add-ons can be installed in a single cluster if the add-on version is 2.5.4 or later. In this case, the value of this parameter must be the controller name customized during controller installation, indicating that the ingress is managed by that specific controller.
                                                                                                                                      
+
                                                                                                                                    
 
                                                                                                                                    This parameter is mandatory when an ingress is created by calling the API.
                                                                                                                                    
 
                                                                                                                                    For clusters of v1.23 or later, use the parameter ingressClassName. For details, see Creating a LoadBalancer Ingress Using kubectl.
                                                                                                                                    
 
                                                                                                                                    Only clusters of v1.21 or earlier
                                                                                                                                    
+
                                                                                                                                    Only clusters of v1.21 or earlier
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    kubernetes.io/elb.port
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    This parameter indicates the external port registered with the address of the LoadBalancer Service.
                                                                                                                                    
-
                                                                                                                                    The value ranges from 1 to 65535.
                                                                                                                                    
-
                                                                                                                                     NOTE: 
                                                                                                                                    Some ports are high-risk ports and are blocked by default, for example, port 21.
                                                                                                                                    
+
                                                                                                                                    This parameter indicates the external port registered with the address of the LoadBalancer Service.
                                                                                                                                    
+
                                                                                                                                    The value ranges from 1 to 65535. The default value is 80 for HTTP and 443 for HTTPS.
                                                                                                                                    
+
                                                                                                                                     NOTE: 
                                                                                                                                    Some ports on a shared load balancer are highly risky and blocked by default, for example, port 21.
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    v1.9 or later
                                                                                                                                    
+
                                                                                                                                    v1.9 or later
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    kubernetes.io/elb.id
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Mandatory when an existing load balancer is to be interconnected.
                                                                                                                                    
-
                                                                                                                                    ID of a load balancer.
                                                                                                                                    
+
                                                                                                                                    When associating only existing load balancers, you can use either this parameter or kubernetes.io/elb.ip. If they conflict, kubernetes.io/elb.id will take precedence.
                                                                                                                                    
+
                                                                                                                                    This parameter indicates the ID of a load balancer.
                                                                                                                                    
 
                                                                                                                                    How to obtain:
                                                                                                                                    
 
                                                                                                                                    On the management console, click Service List, and choose Networking > Elastic Load Balance. Click the name of the target load balancer. On the Summary tab page, find and copy the ID.
                                                                                                                                    
 
                                                                                                                                    v1.9 or later
                                                                                                                                    
+
                                                                                                                                    v1.9 or later
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    kubernetes.io/elb.ip
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Mandatory when an existing load balancer is to be interconnected.
                                                                                                                                    
-
                                                                                                                                    Service address of a load balancer. The value can be the public IP address of a public network load balancer or the private IP address of a private network load balancer.
                                                                                                                                    
+
                                                                                                                                    When associating only existing load balancers, you can use either this parameter or kubernetes.io/elb.id. If they conflict, kubernetes.io/elb.id will take precedence.
                                                                                                                                    
+
                                                                                                                                    This parameter indicates the service address of a load balancer. The value can be the public IP address of a public network load balancer or the private IP address of a private network load balancer.
                                                                                                                                    
 
                                                                                                                                    v1.9 or later
                                                                                                                                    
+
                                                                                                                                    v1.9 or later
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    kubernetes.io/elb.autocreate
                                                                                                                                    
 
                                                                                                                                    Table 14 Object
                                                                                                                                    
+
                                                                                                                                    Table 15 object
                                                                                                                                    
 
                                                                                                                                    Mandatory when load balancers are automatically created.
                                                                                                                                    
+
                                                                                                                                    Mandatory when load balancers are automatically created.
                                                                                                                                    
 
                                                                                                                                    Example
                                                                                                                                    
-
                                                                                                                                    • Automatically created shared load balancer with an EIP bound:
                                                                                                                                      '{"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"traffic","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
                                                                                                                                      
-
                                                                                                                                    • Automatically created shared load balancer with no EIP bound:
                                                                                                                                      {"type":"inner","name":"A-location-d-test"}
                                                                                                                                      
+
                                                                                                                                      • Automatically created dedicated load balancer with an EIP bound:
                                                                                                                                        '{"type":"public","bandwidth_name":"cce-bandwidth-1741230802502","bandwidth_chargemode":"traffic","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","available_zone":["*****"],"elb_virsubnet_ids":["*****"],"l7_flavor_name":"L7_flavor.elb.pro.max","l4_flavor_name":"","vip_subnet_cidr_id":"*****"}'
                                                                                                                                        
+
                                                                                                                                      • Automatically created dedicated load balancer with no EIP bound:
                                                                                                                                        '{"type":"inner","available_zone":["*****"],"elb_virsubnet_ids":["*****"],"l7_flavor_name":"L7_flavor.elb.pro.max","l4_flavor_name":"","vip_subnet_cidr_id":"*****"}'
                                                                                                                                        
+
                                                                                                                                      • Automatically created shared load balancer with an EIP bound:
                                                                                                                                        '{"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"traffic,"bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
                                                                                                                                        
+
                                                                                                                                      • Automatically created shared load balancer with no EIP bound:
                                                                                                                                        {"type":"inner","name":"A-location-d-test"}
                                                                                                                                        
 
                                                                                                                                      
 
                                                                                                                                    v1.9 or later
                                                                                                                                    
+
                                                                                                                                    v1.9 or later
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    kubernetes.io/elb.subnet-id
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Optional when load balancers are automatically created.
                                                                                                                                    
+
                                                                                                                                    Optional when load balancers are automatically created.
                                                                                                                                    
 
                                                                                                                                    ID of the subnet where the cluster is located. The value can contain 1 to 100 characters.
                                                                                                                                    
 
                                                                                                                                    • Mandatory when a cluster of v1.11.7-r0 or earlier is to be automatically created.
                                                                                                                                    • Optional for clusters of a version later than v1.11.7-r0.
                                                                                                                                    
 
                                                                                                                                    Mandatory for clusters earlier than v1.11.7-r0
                                                                                                                                    
+
                                                                                                                                    Mandatory for clusters of a version earlier than v1.11.7-r0
                                                                                                                                    
 
                                                                                                                                    Discarded in clusters of a version later than v1.11.7-r0
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    Configuring ELB Certificates
                                                                                                                                    For details about application scenarios and use cases, see Using kubectl to Configure a Certificate Created on the ELB Console.
                                                                                                                                    
+
                                                                                                                                    Configuring ELB Certificates
                                                                                                                                    For details about application scenarios and use cases, see Configuring an HTTPS Certificate for a LoadBalancer Ingress.
                                                                                                                                    
 
 
                                                                                                                                    
-
-
@@ -144,14 +152,35 @@
 
-
-
+
+
+
+
+
+
+
+
+
+
                                                                                                                                    Table 2 ELB certificate annotations
                                                                                                                                    Parameter
                                                                                                                                    
 
                                                                                                                                    Type
                                                                                                                                    
+
                                                                                                                                    Type
                                                                                                                                    
 
                                                                                                                                    Description
                                                                                                                                    
+
                                                                                                                                    Description
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    kubernetes.io/elb.tls-certificate-ids
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    ELB certificate IDs, which are separated by comma (,). The list length is greater than or equal to 1. The first ID in the list is the server certificate, and the other IDs are SNI certificates in which a domain name must be contained.
                                                                                                                                    
+
                                                                                                                                    ELB certificate IDs, which are separated by comma (,). The list length is greater than or equal to 1. The first ID in the list is the server certificate, and the other IDs are SNI certificates in which a domain name must be contained.
                                                                                                                                    
 
                                                                                                                                    To obtain the certificate, log in to the CCE console, choose Service List > Networking > Elastic Load Balance, and click Certificates in the navigation pane. In the load balancer list, copy the ID under the target certificate name.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    v1.19.16-r2, v1.21.5-r0, v1.23.3-r0, or later
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    kubernetes.io/elb.tls-ciphers-policy
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    The default value is tls-1-2, which is the default security policy used by the listener and takes effect only when HTTPS is used.
                                                                                                                                    
+
                                                                                                                                    Options:
                                                                                                                                    
+
                                                                                                                                    • tls-1-0
                                                                                                                                    • tls-1-1
                                                                                                                                    • tls-1-2
                                                                                                                                    • tls-1-2-strict
                                                                                                                                    • tls-1-0-with-1-3 (dedicated load balancer)
                                                                                                                                    • tls-1-2-fs (dedicated load balancer)
                                                                                                                                    • tls-1-2-fs-with-1-3 (dedicated load balancer)
                                                                                                                                    
+
                                                                                                                                    For details of cipher suites for each security policy, see Table 3.
                                                                                                                                    
+
                                                                                                                                    Clusters of v1.17.17 or later
                                                                                                                                    
+
                                                                                                                                    kubernetes.io/elb.security_policy_id
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    The ID of the custom security group policy on ELB. Obtain it on the ELB console. This field takes effect only when HTTPS is used and has a higher priority than the default security policy.
                                                                                                                                    
+
                                                                                                                                    Clusters of v1.17.17 or later
                                                                                                                                    
+
                                                                                                                                    
                                                                                                                                     
 
                                                                                                                                    
 
                                                                                                                                    
@@ -188,9 +217,9 @@
 
                                                                                                                                    		
 
                                                                                                                                    Type
                                                                                                                                    
 
                                                                                                                                    Description
                                                                                                                                    
+
                                                                                                                                    Description
                                                                                                                                    
 
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
+
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
                                                                                                                                     
 
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Whether HTTP/2 is enabled. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.
                                                                                                                                    
+
                                                                                                                                    Whether HTTP/2 is enabled. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.
                                                                                                                                    
 
                                                                                                                                    Options:
                                                                                                                                    
 
                                                                                                                                    • true: enabled
                                                                                                                                    • false: disabled (default value)
                                                                                                                                    
 
                                                                                                                                    Note: HTTP/2 can be enabled or disabled only when the listener uses HTTPS. This parameter is invalid and defaults to false when the listener protocol is HTTP.
                                                                                                                                    
 
                                                                                                                                    v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later
                                                                                                                                    
+
                                                                                                                                    v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
                                                                                                                                     
 
                                                                                                                                    Table 5 Annotations for interconnecting with HTTPS backend services
                                                                                                                                    Parameter
                                                                                                                                    
+
                                                                                                                                    
-
-
-
-
-
-
-
@@ -241,9 +270,9 @@
 
-
-
@@ -251,12 +280,10 @@
 
-
-
@@ -267,10 +294,6 @@
 
@@ -295,9 +314,9 @@
 
-
-
@@ -305,13 +324,13 @@
 
-
-
@@ -324,9 +343,9 @@
 
-
-
@@ -334,31 +353,33 @@
 
-
-
-
-
-
-
@@ -366,27 +387,28 @@
 
                                                                                                                                    Configuring a Range of Listening Ports
                                                                                                                                    A custom listening port can be configured for an ingress. In this way, both ports 80 and 443 can be exposed.
                                                                                                                                    
+
                                                                                                                                    For details about application scenarios and use cases, see Configuring a Range of Listening Ports for a LoadBalancer Ingress.
                                                                                                                                    
 
-
                                                                                                                                    Table 5 Annotations for interconnecting with HTTPS backend services
                                                                                                                                    Parameter
                                                                                                                                    
 
                                                                                                                                    Type
                                                                                                                                    
+
                                                                                                                                    Type
                                                                                                                                    
 
                                                                                                                                    Description
                                                                                                                                    
+
                                                                                                                                    Description
                                                                                                                                    
 
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
+
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    kubernetes.io/elb.pool-protocol
                                                                                                                                    
+
                                                                                                                                    kubernetes.io/elb.pool-protocol
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    To interconnect with HTTPS backend services, set this parameter to https.
                                                                                                                                    
+
                                                                                                                                    To interconnect with HTTPS backend services, set this parameter to https.
                                                                                                                                    
 
                                                                                                                                    v1.23.8, v1.25.3, or later
                                                                                                                                    
+
                                                                                                                                    v1.23.8, v1.25.3, or later
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
                                                                                                                                     
 
                                                                                                                                    Type
                                                                                                                                    
 
                                                                                                                                    Description
                                                                                                                                    
+
                                                                                                                                    Description
                                                                                                                                    
 
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
+
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
 
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Timeout for client connections. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                    
-
                                                                                                                                    Value:
                                                                                                                                    
-
                                                                                                                                    • For TCP listeners, the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                                                                    • For HTTP or HTTPS listeners, the value ranges from 0 to 4000 (in seconds). The default value is 60.
                                                                                                                                    
-
                                                                                                                                    For UDP listeners, this parameter does not take effect.
                                                                                                                                    
+
                                                                                                                                    Timeout for client connections. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                    
+
                                                                                                                                    The value ranges from 0 to 4000 (in seconds). The default value is 60.
                                                                                                                                    
 
                                                                                                                                    Dedicated load balancers: v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later
                                                                                                                                    
+
                                                                                                                                    Dedicated load balancers: v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later
                                                                                                                                    
 
                                                                                                                                    Shared load balancers: v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    Timeout for waiting for a request from a client. There are two cases:
                                                                                                                                    
 
                                                                                                                                    • If the client fails to send a request header to the load balancer during the timeout duration, the request will be interrupted.
                                                                                                                                    • If the interval between two consecutive request bodies reaching the load balancer is greater than the timeout duration, the connection will be disconnected.
                                                                                                                                    
 
                                                                                                                                    The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                    
-
                                                                                                                                    This parameter is available only for HTTP and HTTPS listeners.
                                                                                                                                    
-
                                                                                                                                    Minimum value: 1
                                                                                                                                    
-
                                                                                                                                    Maximum value: 300
                                                                                                                                    
-
                                                                                                                                    Default value: 60
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    kubernetes.io/elb.member_timeout
                                                                                                                                    
@@ -278,11 +301,7 @@
 
                                                                                                                                    String
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond within the duration specified by member_timeout, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                    
-
                                                                                                                                    The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                    
-
                                                                                                                                    This parameter is available only for HTTP and HTTPS listeners.
                                                                                                                                    
-
                                                                                                                                    Minimum value: 1
                                                                                                                                    
-
                                                                                                                                    Maximum value: 300
                                                                                                                                    
-
                                                                                                                                    Default value: 60
                                                                                                                                    
+
                                                                                                                                    The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
                                                                                                                                     
 
                                                                                                                                    Type
                                                                                                                                    
 
                                                                                                                                    Description
                                                                                                                                    
+
                                                                                                                                    Description
                                                                                                                                    
 
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
+
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
 
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Duration of slow start, in seconds.
                                                                                                                                    
+
                                                                                                                                    Duration of slow start, in seconds.
                                                                                                                                    
 
                                                                                                                                    The slow start duration ranges from 30 to 1200.
                                                                                                                                    
-
                                                                                                                                    • This configuration applies only to dedicated load balancers.
                                                                                                                                    • Valid only when the allocation policy of the target Service is weighted round robin (WRR) and sticky session is disabled.
                                                                                                                                    
+
                                                                                                                                    • This configuration applies only to dedicated load balancers.
                                                                                                                                    • This parameter is valid only when the allocation policy of the target Service is weighted round robin (WRR) and sticky session is disabled.
                                                                                                                                    
 
                                                                                                                                     NOTE: 
                                                                                                                                    The load balancer linearly increases the proportion of requests to backend servers in slow start mode. When the configured slow start duration elapses, the load balancer sends full share of requests to backend servers and exits the slow start mode.
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    v1.23 or later
                                                                                                                                    
+
                                                                                                                                    v1.23 or later
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
                                                                                                                                     
 
                                                                                                                                    Type
                                                                                                                                    
 
                                                                                                                                    Description
                                                                                                                                    
+
                                                                                                                                    Description
                                                                                                                                    
 
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
+
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
 
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    • If this parameter is not specified, CCE does not modify access control on the ELB.
                                                                                                                                    • If this parameter is left empty, all IP addresses are allowed to access the load balancer.
                                                                                                                                    • If this parameter is set to the IP address group ID of the load balancer, access control is enabled and you need to configure an IP address blocklist or trustlist for the load balancer. Additionally, you need to configure both kubernetes.io/elb.acl-status and kubernetes.io/elb.acl-type.
                                                                                                                                      How to obtain:
                                                                                                                                      
+
                                                                                                                                    • If this parameter is not specified, CCE does not modify access control on the ELB.
                                                                                                                                    • If this parameter is left empty, all IP addresses are allowed to access the load balancer.
                                                                                                                                    • If this parameter is set to the IP address group ID of the load balancer, access control is enabled and you need to configure an IP address blocklist or trustlist for the load balancer. Additionally, you need to configure both kubernetes.io/elb.acl-status and kubernetes.io/elb.acl-type.
                                                                                                                                       NOTE: 
                                                                                                                                      For clusters of v1.25.16-r10, v1.27.16-r10, v1.28.15-r0, v1.29.10-r0, v1.30.6-r0, v1.31.1-r0, or later, when using a dedicated load balancer, you can select a maximum of five IP address groups at a time, separated by commas (,).
                                                                                                                                      
+
                                                                                                                                      
+
                                                                                                                                      How to obtain:
                                                                                                                                      
 
                                                                                                                                      Log in to the console. In the Service List, choose Networking > Elastic Load Balance. On the Network Console, choose Elastic Load Balance > IP Address Groups and copy the ID of the target IP address group. 
                                                                                                                                      
 
                                                                                                                                    
 
                                                                                                                                    v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                                                                    
+
                                                                                                                                    v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    kubernetes.io/elb.acl-status
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Access control status. This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                    
-
                                                                                                                                    • on: Access control is enabled.
                                                                                                                                    • off: Access control is disabled.
                                                                                                                                    
+
                                                                                                                                    Access control status. This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                    
+
                                                                                                                                    • on or true: Access control is enabled.
                                                                                                                                    • off or false: Access control is disabled.
                                                                                                                                    
 
                                                                                                                                    v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                                                                    
+
                                                                                                                                    v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    kubernetes.io/elb.acl-type
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    IP address list type. This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                    
+
                                                                                                                                    IP address list type. This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                    
 
                                                                                                                                    • black: indicates a blocklist. The selected IP address group cannot access the load balancer.
                                                                                                                                    • white: indicates a trustlist. Only the selected IP address group can access the load balancer.
                                                                                                                                    
 
                                                                                                                                    v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                                                                    
+
                                                                                                                                    v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
                                                                                                                                     
 
 
                                                                                                                                    Table 9 Annotations for a custom listening port
                                                                                                                                    Parameter
                                                                                                                                    
+
                                                                                                                                    
-
-
-
-
-
-
-
@@ -402,9 +424,9 @@
 
-
-
@@ -412,12 +434,12 @@
 
-
-
-
-
@@ -449,13 +471,13 @@
 
-
-
@@ -490,13 +512,13 @@
 
                                                                                                                                    Configuring Advanced Forwarding Rules
                                                                                                                                    For details about application scenarios and use cases, see Configuring Advanced Forwarding Rules for a LoadBalancer Ingress.
                                                                                                                                    
 
-
                                                                                                                                    Table 9 Annotations for a custom listening port
                                                                                                                                    Parameter
                                                                                                                                    
 
                                                                                                                                    Type
                                                                                                                                    
+
                                                                                                                                    Type
                                                                                                                                    
 
                                                                                                                                    Description
                                                                                                                                    
+
                                                                                                                                    Description
                                                                                                                                    
 
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
+
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    kubernetes.io/elb.listen-ports
                                                                                                                                    
+
                                                                                                                                    kubernetes.io/elb.listen-ports
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Configure multiple listening ports for an ingress. The port number ranges from 1 to 65535.
                                                                                                                                    
+
                                                                                                                                    Create multiple listening ports for an ingress. The port number ranges from 1 to 65535.
                                                                                                                                    
 
                                                                                                                                    The following is an example for JSON characters:
                                                                                                                                    
 
                                                                                                                                    kubernetes.io/elb.listen-ports: '[{"HTTP":80},{"HTTPS":443}]'
                                                                                                                                    
-
                                                                                                                                    • Only the listening ports that comply with both HTTP and HTTPS are allowed.
                                                                                                                                    • This function is available only for newly created ingresses in clusters of a version earlier than v1.23.18-r10, v1.25.16-r0, v1.27.16-r0, v1.28.13-r0, v1.29.8-r0, or v1.30.4-r0. Additionally, after you configure multiple listening ports, the annotations cannot be modified or deleted. In clusters of v1.23.18-r10, v1.25.16-r0, v1.27.16-r0, v1.28.13-r0, v1.29.8-r0, v1.30.4-r0, or later, the annotations can be modified or deleted.
                                                                                                                                    • If both kubernetes.io/elb.listen-ports and kubernetes.io/elb.port are configured, kubernetes.io/elb.listen-ports takes a higher priority.
                                                                                                                                    • Ingress configuration items such as the blocklist, trustlist, and timeout concurrently take effect on multiple listening ports. When HTTP/2 is enabled for an ingress, HTTP/2 takes effect only on the HTTPS port.
                                                                                                                                    
+
                                                                                                                                    • Only the listening ports that comply with both HTTP and HTTPS are allowed.
                                                                                                                                    • This function is available only for newly created ingresses in clusters of a version earlier than v1.23.18-r10, v1.25.16-r0, v1.27.16-r0, v1.28.13-r0, v1.29.8-r0, or v1.30.4-r0. Additionally, after you configure multiple listening ports, the annotations cannot be modified or deleted. In clusters of v1.23.18-r10, v1.25.16-r0, v1.27.16-r0, v1.28.13-r0, v1.29.8-r0, v1.30.4-r0, or later, the annotations can be modified and deleted.
                                                                                                                                    • If both kubernetes.io/elb.listen-ports and kubernetes.io/elb.port are configured, kubernetes.io/elb.listen-ports takes a higher priority.
                                                                                                                                    • Ingress configuration items such as the blocklist, trustlist, and timeout concurrently take effect on multiple listening ports. When HTTP/2 is enabled for an ingress, HTTP/2 takes effect only on the HTTPS port.
                                                                                                                                    
 
                                                                                                                                    v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later
                                                                                                                                    
+
                                                                                                                                    v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
                                                                                                                                     
 
                                                                                                                                    Type
                                                                                                                                    
 
                                                                                                                                    Description
                                                                                                                                    
+
                                                                                                                                    Description
                                                                                                                                    
 
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
+
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
 
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Specifies the sequence of forwarding rules of different ingresses. The value ranges from 1 to 1000. A smaller value indicates a higher priority. The priority of a forwarding rule must be unique under the same load balancer listener.
                                                                                                                                    
+
                                                                                                                                    Specifies the sequence of forwarding rules of different ingresses. The value ranges from 1 to 1000. A smaller value indicates a higher priority. The priority of a forwarding rule must be unique under the same load balancer listener.
                                                                                                                                    
 
                                                                                                                                    This parameter is available only for dedicated load balancers.
                                                                                                                                    
 
                                                                                                                                     NOTE: 
                                                                                                                                    When this annotation is configured, the kubernetes.io/elb.rule-priority-enabled annotation is enabled by default. The forwarding rules of each ingress will be sorted.
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    v1.23.15-r0, v1.25.10-r0, v1.27.7-r0, v1.28.5-r0, v1.29.1-r10, or later
                                                                                                                                    
+
                                                                                                                                    v1.23.15-r0, v1.25.10-r0, v1.27.7-r0, v1.28.5-r0, v1.29.1-r10, or later
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    kubernetes.io/elb.rule-priority-enabled
                                                                                                                                    
@@ -439,9 +461,9 @@
 
 
                                                                                                                                    Type
                                                                                                                                    
 
                                                                                                                                    Description
                                                                                                                                    
+
                                                                                                                                    Description
                                                                                                                                    
 
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
+
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
 
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Custom header of the Service associated with an ingress. ${svc_name} is the Service name.
                                                                                                                                    
+
                                                                                                                                    Custom header of the Service associated with an ingress. ${svc_name} is the Service name.
                                                                                                                                    
 
                                                                                                                                    Format: a JSON string, for example, {"key": "test", "values": ["value1", "value2"]}
                                                                                                                                    
 
                                                                                                                                    • key/value indicates the key-value pair of the custom header. A maximum of eight values can be configured.
                                                                                                                                      Enter 1 to 40 characters for a key. Only letters, digits, hyphens (-), and underscores (_) are allowed.
                                                                                                                                      
 
                                                                                                                                      Enter 1 to 128 characters for a value. Asterisks (*) and question marks (?) are allowed, but spaces and double quotation marks are not allowed. An asterisk can match zero or more characters, and a question mark can match one character.
                                                                                                                                      
 
                                                                                                                                    • Either a custom header or grayscale release can be configured.
                                                                                                                                    • Enter 1 to 51 characters for ${svc_name}.
                                                                                                                                    
 
                                                                                                                                    v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later
                                                                                                                                    
+
                                                                                                                                    v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
                                                                                                                                     
 
                                                                                                                                    Table 13 Annotations for writing or deleting a header
                                                                                                                                    Parameter
                                                                                                                                    
+
                                                                                                                                    
-
-
@@ -504,13 +526,41 @@
 
-
-
+
+
+
                                                                                                                                    Table 13 Annotations for advanced forwarding rules
                                                                                                                                    Parameter
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    Type
                                                                                                                                    
 
                                                                                                                                    Description
                                                                                                                                    
+
                                                                                                                                    Description
                                                                                                                                    
 
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
+
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
                                                                                                                                     
 
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Configure an advanced forwarding rule. ${svc_name} indicates the Service name, which contains a maximum of 51 characters.
                                                                                                                                    
-
                                                                                                                                    If the annotation value is set to [], the advanced forwarding rule is deleted.
                                                                                                                                    
-
                                                                                                                                    The annotation value is in the form of a JSON array. For details, see Table 2.
                                                                                                                                    
+
                                                                                                                                    Configure an advanced forwarding rule. ${svc_name} indicates the Service name, which can contain a maximum of 51 characters.
                                                                                                                                    
+
                                                                                                                                    If the annotation value is set to [], the advanced forwarding rule will be deleted.
                                                                                                                                    
+
                                                                                                                                    The annotation value is a JSON array. For details, see Table 2.
                                                                                                                                    
 
                                                                                                                                     NOTICE: 
                                                                                                                                    • Due to ELB API restrictions, a kubernetes.io/elb.conditions.{svcName} can contain a maximum of 10 key-value pairs.
                                                                                                                                    • The rules in a condition array are connected by an AND relationship, while the values in the same rule block are connected by an OR relationship. For example, if both Method and QueryString are configured, the target traffic can be distributed only when both rules are met. However, if the Method value is GET or POST, the target traffic can be distributed only when both rules are met and the Method value must be GET or POST.
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    v1.23.18-r10, v1.25.16-r0, v1.27.16-r0, v1.28.13-r0, v1.29.8-r0, v1.30.4-r0, or later
                                                                                                                                    
+
                                                                                                                                    v1.23.18-r10, v1.25.16-r0, v1.27.16-r0, v1.28.13-r0, v1.29.8-r0, v1.30.4-r0, or later
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    
+
+
                                                                                                                                    Configuring Advanced Forwarding Actions
                                                                                                                                    For details about application scenarios and use cases, see Configuring Advanced Forwarding Actions for a LoadBalancer Ingress.
                                                                                                                                    
+
+
                                                                                                                                    
+
+
+
+
+
+
+
+
+
@@ -518,168 +568,174 @@
 
                                                                                                                                    Parameters for Automatically Creating a Load Balancer
                                                                                                                                    
-
                                                                                                                                    Table 14 Annotations for configuring advanced forwarding actions
                                                                                                                                    Parameter
                                                                                                                                    
+
                                                                                                                                    Type
                                                                                                                                    
+
                                                                                                                                    Description
                                                                                                                                    
+
                                                                                                                                    Supported Cluster Version
                                                                                                                                    
+
                                                                                                                                    kubernetes.io/elb.actions.${svc_name}
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    Advanced forwarding action of the Service associated with an ingress. ${svc_name} indicates the Service name, which can contain a maximum of 51 characters.
                                                                                                                                    
+
                                                                                                                                    The annotation value is a JSON array. If it is set to [], the advanced forwarding action will be deleted.
                                                                                                                                    
+
                                                                                                                                    The following advanced forwarding actions are supported:
                                                                                                                                    
+
+
                                                                                                                                    The forwarding actions supported by clusters vary depending on the cluster version. For details, see Table 1.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
                                                                                                                                     
 
 
                                                                                                                                    Table 14 elb.autocreate data structure
                                                                                                                                    Parameter
                                                                                                                                    
+
                                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0697.html b/docs/cce/umn/cce_10_0697.html
index bc422b283..d2eb7c085 100644
--- a/docs/cce/umn/cce_10_0697.html
+++ b/docs/cce/umn/cce_10_0697.html
@@ -4,7 +4,7 @@
 
                                                                                                                                    Ingress can function as a proxy for backend services using different protocols. By default, the backend proxy channel of an ingress is an HTTP channel. To create an HTTPS channel, add the following configuration to the annotations field:
                                                                                                                                    
 
                                                                                                                                    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
                                                                                                                                    
 
                                                                                                                                    An ingress configuration example is as follows:
                                                                                                                                    
-
                                                                                                                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                    2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                      vi ingress-test.yaml
                                                                                                                                      
+
                                                                                                                                      1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                      2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                        vi ingress-test.yaml
                                                                                                                                        
 
                                                                                                                                        For clusters of v1.23 or later:
                                                                                                                                        apiVersion: networking.k8s.io/v1
 kind: Ingress 
 metadata: 
diff --git a/docs/cce/umn/cce_10_0698.html b/docs/cce/umn/cce_10_0698.html
index 0793db392..a82afa673 100644
--- a/docs/cce/umn/cce_10_0698.html
+++ b/docs/cce/umn/cce_10_0698.html
@@ -6,7 +6,7 @@
 
                                                                                                                                        Consistent hashing is a special hash algorithm, which constructs a ring hash space to replace the common linear hash space. When a node is added or deleted, only the target route is migrated clockwise, and other routes do not need to be changed. In this way, rerouting can be reduced as much as possible, resolving the load balancing issue caused by dynamic node addition and deletion.
                                                                                                                                        
 
                                                                                                                                        If a consistent hashing rule is configured, the newly added server will share the load of all other servers. Similarly, when a server is removed, all other servers can share the load of the removed server. This balances the load among nodes in the cluster and prevents the avalanche effect caused by the breakdown of a node.
                                                                                                                                        
 
                                                                                                                                        Configuring a Consistent Hashing Rule
                                                                                                                                        Nginx Ingress can use the nginx.ingress.kubernetes.io/upstream-hash-by annotation to configure consistent hashing rules. The following is an example:
                                                                                                                                        
-
                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                          vi ingress-test.yaml
                                                                                                                                          
+
                                                                                                                                          1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                          2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                            vi ingress-test.yaml
                                                                                                                                            
 
                                                                                                                                            For clusters of v1.23 or later:
                                                                                                                                            apiVersion: networking.k8s.io/v1
 kind: Ingress 
 metadata: 
diff --git a/docs/cce/umn/cce_10_0699.html b/docs/cce/umn/cce_10_0699.html
index 2b627a60b..c27be05ef 100644
--- a/docs/cce/umn/cce_10_0699.html
+++ b/docs/cce/umn/cce_10_0699.html
@@ -52,7 +52,7 @@
 
 
                                                                                                                                    Table 15 elb.autocreate data structure
                                                                                                                                    Parameter
                                                                                                                                    
 
                                                                                                                                    Mandatory
                                                                                                                                    
+
                                                                                                                                    Mandatory
                                                                                                                                    
 
                                                                                                                                    Type
                                                                                                                                    
+
                                                                                                                                    Type
                                                                                                                                    
 
                                                                                                                                    Description
                                                                                                                                    
+
                                                                                                                                    Description
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    name
                                                                                                                                    
+
                                                                                                                                    name
                                                                                                                                    
 
                                                                                                                                    No
                                                                                                                                    
+
                                                                                                                                    No
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Name of the automatically created load balancer.
                                                                                                                                    
+
                                                                                                                                    Name of the automatically created load balancer.
                                                                                                                                    
 
                                                                                                                                    The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                                    
 
                                                                                                                                    Default: cce-lb+service.UID
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    type
                                                                                                                                    
+
                                                                                                                                    type
                                                                                                                                    
 
                                                                                                                                    No
                                                                                                                                    
+
                                                                                                                                    No
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Network type of the load balancer.
                                                                                                                                    
+
                                                                                                                                    Network type of the load balancer.
                                                                                                                                    
 
                                                                                                                                    • public: public network load balancer
                                                                                                                                    • inner: private network load balancer
                                                                                                                                    
 
                                                                                                                                    Default: inner
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    bandwidth_name
                                                                                                                                    
+
                                                                                                                                    bandwidth_name
                                                                                                                                    
 
                                                                                                                                    Yes for public network load balancers
                                                                                                                                    
+
                                                                                                                                    Yes for public network load balancers
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                                    
+
                                                                                                                                    Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                                    
 
                                                                                                                                    The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    bandwidth_chargemode
                                                                                                                                    
+
                                                                                                                                    bandwidth_chargemode
                                                                                                                                    
 
                                                                                                                                    No
                                                                                                                                    
+
                                                                                                                                    No
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Bandwidth mode.
                                                                                                                                    
+
                                                                                                                                    Bandwidth mode.
                                                                                                                                    
 
                                                                                                                                    • traffic: billed by traffic
                                                                                                                                    
-
                                                                                                                                    Default: traffic
                                                                                                                                    
+
                                                                                                                                    Default: traffic
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    bandwidth_size
                                                                                                                                    
+
                                                                                                                                    bandwidth_size
                                                                                                                                    
 
                                                                                                                                    Yes for public network load balancers
                                                                                                                                    
+
                                                                                                                                    Yes for public network load balancers
                                                                                                                                    
 
                                                                                                                                    Integer
                                                                                                                                    
+
                                                                                                                                    Integer
                                                                                                                                    
 
                                                                                                                                    Bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                                                    
+
                                                                                                                                    Bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                                                    
 
                                                                                                                                    The minimum increment for bandwidth adjustment varies depending on the bandwidth range.
                                                                                                                                    • The minimum increment is 1 Mbit/s if the allowed bandwidth does not exceed 300 Mbit/s.
                                                                                                                                    • The minimum increment is 50 Mbit/s if the allowed bandwidth ranges from 300 Mbit/s to 1000 Mbit/s.
                                                                                                                                    • The minimum increment is 500 Mbit/s if the allowed bandwidth exceeds 1000 Mbit/s.
                                                                                                                                    
 
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    bandwidth_sharetype
                                                                                                                                    
+
                                                                                                                                    bandwidth_sharetype
                                                                                                                                    
 
                                                                                                                                    Yes for public network load balancers
                                                                                                                                    
+
                                                                                                                                    Yes for public network load balancers
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Bandwidth sharing mode.
                                                                                                                                    
+
                                                                                                                                    Bandwidth sharing mode.
                                                                                                                                    
 
                                                                                                                                    • PER: dedicated bandwidth
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    eip_type
                                                                                                                                    
+
                                                                                                                                    eip_type
                                                                                                                                    
 
                                                                                                                                    Yes for public network load balancers
                                                                                                                                    
+
                                                                                                                                    Yes for public network load balancers
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    EIP type.
                                                                                                                                    
+
                                                                                                                                    EIP type.
                                                                                                                                    
 
                                                                                                                                    • 5_bgp: dynamic BGP
                                                                                                                                    
 
                                                                                                                                    The specific type varies with regions. For details, see the EIP console.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    vip_subnet_cidr_id
                                                                                                                                    
+
                                                                                                                                    vip_subnet_cidr_id
                                                                                                                                    
 
                                                                                                                                    No
                                                                                                                                    
+
                                                                                                                                    No
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Subnet where a load balancer is located. The subnet must belong to the VPC where the cluster resides.
                                                                                                                                    
-
                                                                                                                                    If this parameter is not specified, the ELB load balancer and the cluster are in the same subnet.
                                                                                                                                    
+
                                                                                                                                    The ID of the IPv4 subnet where the load balancer resides. This subnet is used to allocate IP addresses for the load balancer to provide external services. The IPv4 subnet must belong to the cluster's VPC.
                                                                                                                                    
+
                                                                                                                                    If this parameter is not specified, the load balancer and the cluster will be in the same subnet by default.
                                                                                                                                    
 
                                                                                                                                    This field can be specified only for clusters of v1.21 or later.
                                                                                                                                    
+
                                                                                                                                    How to Obtain
                                                                                                                                    
+
                                                                                                                                    Log in to the VPC console. In the navigation pane, choose Subnets. Filter the target subnet by the cluster's VPC name, click the subnet name, and copy the IPv4 Subnet ID on the Summary tab page.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    vip_address
                                                                                                                                    
+
                                                                                                                                    ipv6_vip_virsubnet_id
                                                                                                                                    
 
                                                                                                                                    No
                                                                                                                                    
+
                                                                                                                                    No
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Private IP address of the load balancer. Only IPv4 addresses are supported.
                                                                                                                                    
+
                                                                                                                                    The ID of the IPv6 subnet where the load balancer is deployed. IPv6 must be enabled for the subnet.
                                                                                                                                    
+
                                                                                                                                    This parameter is available only for dedicated load balancers.
                                                                                                                                    
+
                                                                                                                                    How to Obtain
                                                                                                                                    
+
                                                                                                                                    Log in to the VPC console. In the navigation pane, choose Subnets. Filter the target subnet by the cluster's VPC name, click the subnet name, and copy the Network ID on the Summary tab page.
                                                                                                                                    
+
                                                                                                                                    elb_virsubnet_ids
                                                                                                                                    
+
                                                                                                                                    No
                                                                                                                                    
+
                                                                                                                                    Array of strings
                                                                                                                                    
+
                                                                                                                                    The network ID of the subnet where the load balancer is located. This subnet is used to allocate IP addresses for accessing the backend server. If this parameter is not specified, the subnet specified by vip_subnet_cidr_id will be used by default. Load balancers occupy varying numbers of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters or nodes) as the load balancer's CIDR block.
                                                                                                                                    
+
                                                                                                                                    This parameter is available only for dedicated load balancers.
                                                                                                                                    
+
                                                                                                                                    Example:
                                                                                                                                    
+
                                                                                                                                    "elb_virsubnet_ids": [
+   "14567f27-8ae4-42b8-ae47-9f847a4690dd"
+ ]
                                                                                                                                    
+
                                                                                                                                    How to Obtain
                                                                                                                                    
+
                                                                                                                                    Log in to the VPC console. In the navigation pane, choose Subnets. Filter the target subnet by the cluster's VPC name, click the subnet name, and copy the Network ID on the Summary tab page.
                                                                                                                                    
+
                                                                                                                                    vip_address
                                                                                                                                    
+
                                                                                                                                    No
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    Private IP address of the load balancer. Only IPv4 addresses are supported.
                                                                                                                                    
 
                                                                                                                                    The IP address must be in the ELB CIDR block. If this parameter is not specified, an IP address will be automatically assigned from the ELB CIDR block.
                                                                                                                                    
 
                                                                                                                                    This parameter is available only in clusters of v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later versions.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    available_zone
                                                                                                                                    
+
                                                                                                                                    available_zone
                                                                                                                                    
 
                                                                                                                                    Yes
                                                                                                                                    
+
                                                                                                                                    Yes
                                                                                                                                    
 
                                                                                                                                    Array of strings
                                                                                                                                    
+
                                                                                                                                    Array of strings
                                                                                                                                    
 
                                                                                                                                    AZ where the load balancer is located.
                                                                                                                                    
+
                                                                                                                                    AZ where the load balancer is located.
                                                                                                                                    
 
                                                                                                                                    You can obtain all supported AZs by getting the AZ list.
                                                                                                                                    
 
                                                                                                                                    This parameter is available only for dedicated load balancers.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    l4_flavor_name
                                                                                                                                    
+
                                                                                                                                    l4_flavor_name
                                                                                                                                    
 
                                                                                                                                    Yes
                                                                                                                                    
+
                                                                                                                                    No
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Flavor name of the layer-4 load balancer.
                                                                                                                                    
+
                                                                                                                                    Flavor name of the layer-4 load balancer. This parameter is mandatory when TCP or UDP is used.
                                                                                                                                    
 
                                                                                                                                    You can obtain all supported types by getting the flavor list.
                                                                                                                                    
 
                                                                                                                                    This parameter is available only for dedicated load balancers.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    l7_flavor_name
                                                                                                                                    
+
                                                                                                                                    l7_flavor_name
                                                                                                                                    
 
                                                                                                                                    No
                                                                                                                                    
+
                                                                                                                                    No
                                                                                                                                    
 
                                                                                                                                    String
                                                                                                                                    
+
                                                                                                                                    String
                                                                                                                                    
 
                                                                                                                                    Flavor name of the layer-7 load balancer.
                                                                                                                                    
+
                                                                                                                                    Flavor name of the layer-7 load balancer. This parameter is mandatory when HTTP is used.
                                                                                                                                    
 
                                                                                                                                    You can obtain all supported types by getting the flavor list.
                                                                                                                                    
-
                                                                                                                                    This parameter is available only for dedicated load balancers. The value of this parameter must be the same as that of l4_flavor_name, that is, both are elastic specifications or fixed specifications.
                                                                                                                                    
-
                                                                                                                                    elb_virsubnet_ids
                                                                                                                                    
-
                                                                                                                                    No
                                                                                                                                    
-
                                                                                                                                    Array of strings
                                                                                                                                    
-
                                                                                                                                    Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                                                                                    
-
                                                                                                                                    This parameter is available only for dedicated load balancers.
                                                                                                                                    
-
                                                                                                                                    Example:
                                                                                                                                    
-
                                                                                                                                    "elb_virsubnet_ids": [
-   "14567f27-8ae4-42b8-ae47-9f847a4690dd"
- ]
                                                                                                                                    
-
                                                                                                                                    ipv6_vip_virsubnet_id
                                                                                                                                    
-
                                                                                                                                    No
                                                                                                                                    
-
                                                                                                                                    String
                                                                                                                                    
-
                                                                                                                                    ID of the IPv6 subnet where the load balancer resides. IPv6 must be enabled for the corresponding subnet. This parameter is mandatory only when the dual-stack clusters are used.
                                                                                                                                    
-
                                                                                                                                    This parameter is available only for dedicated load balancers.
                                                                                                                                    
+
                                                                                                                                    This parameter is available only for dedicated load balancers. Its value must match that of l4_flavor_name, meaning both must be either elastic specifications or fixed specifications.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    For details, see Configuring HTTPS Backend Services for an Nginx Ingress.
                                                                                                                                    
+
                                                                                                                                    For details about application scenarios and use cases, see Configuring HTTPS Backend Services for an Nginx Ingress.
                                                                                                                                    
 
 
                                                                                                                                    Creating a Consistent Hashing Rule for Load Balancing
                                                                                                                                    
 
                                                                                                                                    Table 3 Annotation of consistent hashing for load balancing
                                                                                                                                    Parameter
                                                                                                                                    
@@ -74,7 +74,7 @@
 
 
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    For details, see Configuring Consistent Hashing for Load Balancing of an Nginx Ingress.
                                                                                                                                    
+
                                                                                                                                    For details about application scenarios and use cases, see Configuring Consistent Hashing for Load Balancing of an Nginx Ingress.
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    Customized Timeout Interval
                                                                                                                                    
 
                                                                                                                                    Table 4 Customized timeout interval annotations
                                                                                                                                    Parameter
                                                                                                                                    
@@ -122,14 +122,14 @@
 
 
 
                                                                                                                                    Two-Way HTTPS Authentication
                                                                                                                                    Nginx Ingress supports two-way HTTPS authentication between the server and client to ensure secure connections.
                                                                                                                                    
-
                                                                                                                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                    2. Run the following command to create a self-signed CA certificate:
                                                                                                                                      openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 356 -nodes -subj '/CN=Ingress Cert Authority'
                                                                                                                                      
+
                                                                                                                                      1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                      2. Run the following command to create a self-signed CA certificate:
                                                                                                                                        openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 356 -nodes -subj '/CN=Ingress Cert Authority'
                                                                                                                                        
 
                                                                                                                                        Expected output:
                                                                                                                                        
 
                                                                                                                                        Generating a RSA private key
 .............++++
 ................................................++++
 writing new private key to 'ca.key'
 -----
                                                                                                                                        
-
                                                                                                                                      3. Create a server certificate.
                                                                                                                                        1. Run the following command to create a request file for generating a server certificate:
                                                                                                                                          openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj '/CN=foo.bar.com'
                                                                                                                                          
+
                                                                                                                                        2. Create a server certificate.
                                                                                                                                          1. Run the following command to create a request file for generating a server certificate:
                                                                                                                                            openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj '/CN=example.com'
                                                                                                                                            
 
                                                                                                                                            Expected output:
                                                                                                                                            
 
                                                                                                                                            Generating a RSA private key
 .....................................................++++
@@ -139,7 +139,7 @@ writing new private key to 'server.key'
 
                                                                                                                                          2. Run the following command to issue the server request file using the root certificate to generate the server certificate:
                                                                                                                                            openssl x509 -req -sha256 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
                                                                                                                                            
 
                                                                                                                                            Expected output:
                                                                                                                                            
 
                                                                                                                                            Signature ok
-subject=CN = foo.bar.com
+subject=CN = example.com
 Getting CA Private Key
                                                                                                                                            
 
                                                                                                                                          
 
                                                                                                                                        3. Create a client certificate.
                                                                                                                                          1. Run the following command to create a request file for generating a client certificate:
                                                                                                                                            openssl req -new -newkey rsa:4096 -keyout client.key -out client.csr -nodes -subj '/CN=Ingress'
                                                                                                                                            
@@ -176,7 +176,7 @@ metadata:
   namespace: default
 spec:
   rules:
-  - host: foo.bar.com
+  - host: example.com
     http:
       paths:
       - backend:
@@ -188,7 +188,7 @@ spec:
         pathType: ImplementationSpecific
   tls:
   - hosts:
-    - foo.bar.com
+    - example.com
     secretName: tls-secret   # Replace it with your TLS certificate secret.
   ingressClassName: nginx
 
                                                                                                                                          2. For clusters of v1.21 or earlier:
                                                                                                                                            apiVersion: networking.k8s.io/v1beta1
@@ -204,7 +204,7 @@ metadata:
   namespace: default
 spec:
   rules: 
-  - host: foo.bar.com
+  - host: example.com
     http: 
       paths: 
       - path: '/'
@@ -213,8 +213,8 @@ spec:
           servicePort: 80  # Replace it with the port of your target Service.
   tls: 
   - hosts: 
-    - foo.bar.com
-    secretName: tls-secret   # Replace it with your TLS key certificate.
                                                                                                                                            
+    - example.com
+    secretName: tls-secret   # Replace it with your TLS certificate secret.
 
                                                                                                                                            3. 
 
                                                                                                                                          3. Run the following command to create an ingress:
                                                                                                                                            kubectl create -f ingress-test.yaml
                                                                                                                                            
 
                                                                                                                                            Expected output:
                                                                                                                                            
@@ -222,11 +222,11 @@ spec:
 
                                                                                                                                          4. Run the following command to obtain the IP address of the ingress:
                                                                                                                                            kubectl get ingress
                                                                                                                                            
 
                                                                                                                                            Expected output:
                                                                                                                                            
 
                                                                                                                                            NAME         CLASS   HOSTS         ADDRESS      PORTS     AGE
-nginx-test   nginx   foo.bar.com   10.3.xx.xx   80, 443   27m
                                                                                                                                            
-
                                                                                                                                          5. Run the following command to update the IP address of the ingress into the hosts file and replace the following IP address with the actual IP address of the ingress:
                                                                                                                                            echo "10.3.xx.xx  foo.bar.com" | sudo tee -a /etc/hosts
                                                                                                                                            
+nginx-test   nginx   example.com   10.3.xx.xx   80, 443   27m
+
                                                                                                                                          6. Run the following command to update the IP address of the ingress into the hosts file and replace the following IP address with the actual IP address of the ingress:
                                                                                                                                            echo "10.3.xx.xx  example.com" | sudo tee -a /etc/hosts
                                                                                                                                            
 
                                                                                                                                            Expected output:
                                                                                                                                            
-
                                                                                                                                            10.3.xx.xx  foo.bar.com
                                                                                                                                            
-
                                                                                                                                          7. Verify the configuration.
                                                                                                                                            • The client does not send the certificate for access.
                                                                                                                                              curl --cacert ./ca.crt  https://foo.bar.com
                                                                                                                                              
+
                                                                                                                                              10.3.xx.xx  example.com
                                                                                                                                              
+
                                                                                                                                            • Verify the configuration.
                                                                                                                                              • The client does not send the certificate for access.
                                                                                                                                                curl --cacert ./ca.crt  https://example.com -k
                                                                                                                                                
 
                                                                                                                                                Expected output:
                                                                                                                                                
 
                                                                                                                                                <html>
 <head><title>400 No required SSL certificate was sent</title></head>
@@ -236,7 +236,7 @@ nginx-test   nginx   foo.bar.com   10.3.xx.xx   80, 443   27m
                                                                                                                                                
 <hr><center>nginx</center>
 </body>
 </html>
-
                                                                                                                                              • The client sends the certificate for access.
                                                                                                                                                curl --cacert ./ca.crt --cert ./client.crt --key ./client.key https://foo.bar.com
                                                                                                                                                
+
                                                                                                                                              • The client sends the certificate for access.
                                                                                                                                                curl --cacert ./ca.crt --cert ./client.crt --key ./client.key https://example.com
                                                                                                                                                
 
                                                                                                                                                Expected output:
                                                                                                                                                
 
                                                                                                                                                <!DOCTYPE html>
 <html>
@@ -267,7 +267,7 @@ Commercial support is available at
 
                                                                                                                                          
 
                                                                                                                                    
 
                                                                                                                                    Domain Name Regularization
                                                                                                                                    Nginx Ingress allows you to configure the nginx.ingress.kubernetes.io/server-alias annotation to configure regular expressions for domain names.
                                                                                                                                    
-
                                                                                                                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                    2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                      vi ingress-test.yaml
                                                                                                                                      
+
                                                                                                                                      1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                      2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                        vi ingress-test.yaml
                                                                                                                                        
 
                                                                                                                                        For example, the regular expression ~^www\.\d+\.example\.com$,abc.example.com indicates that you can access the ingress using www.{One or more digits}.example.com and abc.example.com.
                                                                                                                                        
 
                                                                                                                                        • For clusters of v1.23 or later:
                                                                                                                                          apiVersion: networking.k8s.io/v1
 kind: Ingress
@@ -278,7 +278,7 @@ metadata:
   namespace: default
 spec:
   rules:
-  - host: foo.bar.com
+  - host: example.com
     http:
       paths:
       - backend:
@@ -294,12 +294,12 @@ kind: Ingress
 metadata: 
   annotations: 
     kubernetes.io/ingress.class: nginx
-    nginx.ingress.kubernetes.io/ server-alias: '~^www\.\d+\.example\.com$,abc.example.com'
+    nginx.ingress.kubernetes.io/server-alias: '~^www\.\d+\.example\.com$,abc.example.com'
   name: ingress-test
   namespace: default
 spec:
   rules: 
-  - host: foo.bar.com
+  - host: example.com
     http: 
       paths: 
       - path: '/'
@@ -314,11 +314,11 @@ spec:
 
                                                                                                                                          Expected output:
                                                                                                                                          
 
                                                                                                                                          cceaddon-nginx-ingress-controller-68d7bcc67-dxxxx        1/1     Running   0          18h
 cceaddon-nginx-ingress-controller-68d7bcc67-cxxxx        1/1     Running   0          18h
                                                                                                                                          
-
                                                                                                                                        • Run the following command to check the NGINX Ingress Controller configuration:
                                                                                                                                          kubectl exec -n kube-system cceaddon-nginx-ingress-controller-68d7bcc67-dxxxx cat /etc/nginx/nginx.conf | grep -C3 "foo.bar.com"
                                                                                                                                          
+
                                                                                                                                        • Run the following command to check the NGINX Ingress Controller configuration:
                                                                                                                                          kubectl exec -n kube-system cceaddon-nginx-ingress-controller-68d7bcc67-dxxxx -- bash -c 'cat /etc/nginx/nginx.conf | grep -C3 "example.com"'
                                                                                                                                          
 
                                                                                                                                          Expected output:
                                                                                                                                          
-
                                                                                                                                                   ## start server foo.bar.com
+
                                                                                                                                                   ## start server example.com
          server {
-                  server_name foo.bar.com abc.example.com ~^www\.\d+\.example\.com$ ;
+                  server_name example.com abc.example.com ~^www\.\d+\.example\.com$ ;
                   
                   listen 80  ;
                   listen [::]:80  ;
@@ -326,13 +326,13 @@ cceaddon-nginx-ingress-controller-68d7bcc67-cxxxx        1/1     Running   0
                   }
                   
          }
-         ## end server foo.bar.com
                                                                                                                                          
+         ## end server example.com
                                                                                                                                          
 
                                                                                                                                      
 
                                                                                                                                    3. Run the following command to obtain the IP address of the ingress:
                                                                                                                                      kubectl get ingress
                                                                                                                                      
 
                                                                                                                                      Expected output:
                                                                                                                                      
 
                                                                                                                                      NAME         CLASS   HOSTS         ADDRESS      PORTS   AGE
-nginx-test   nginx   foo.bar.com   10.3.xx.xx   80      14m
                                                                                                                                      
-
                                                                                                                                    4. Use different rules to test service access.
                                                                                                                                      • Run the following command to access the service through Host: foo.bar.com:
                                                                                                                                        curl -H "Host: foo.bar.com" 10.3.xx.xx/
                                                                                                                                        
+nginx-test   nginx   example.com   10.3.xx.xx   80      14m
+
                                                                                                                                      • Use different rules to test service access.
                                                                                                                                        
 
diff --git a/docs/cce/umn/cce_10_0705.html b/docs/cce/umn/cce_10_0705.html
index b7e81f7fe..8a5843eac 100644
--- a/docs/cce/umn/cce_10_0705.html
+++ b/docs/cce/umn/cce_10_0705.html
@@ -1,14 +1,20 @@
 
 
-
                                                                                                                                        Observability
                                                                                                                                        
-
                                                                                                                                        
+
+  
                                                                                                                                        O&M
                                                                                                                                        
+
+  
                                                                                                                                        
+
                                                                                                                                        
+
 
diff --git a/docs/cce/umn/cce_10_0709.html b/docs/cce/umn/cce_10_0709.html
index 06224189a..bd0ac1c0f 100644
--- a/docs/cce/umn/cce_10_0709.html
+++ b/docs/cce/umn/cce_10_0709.html
@@ -1,7 +1,11 @@
 
 
-
                                                                                                                                        Cloud Native Hybrid Deployment
                                                                                                                                        
-
                                                                                                                                        
+
+  
                                                                                                                                        Cloud Native Hybrid Deployment
                                                                                                                                        
+
+  
                                                                                                                                        
+
                                                                                                                                        
+
 
                                                                                                                                        
 
                                                                                                                                          
 
                                                                                                                                        • Dynamic Resource Oversubscription
                                                                                                                                          
diff --git a/docs/cce/umn/cce_10_0720.html b/docs/cce/umn/cce_10_0720.html
index 8769827c9..2058ebe72 100644
--- a/docs/cce/umn/cce_10_0720.html
+++ b/docs/cce/umn/cce_10_0720.html
@@ -1,11 +1,17 @@
 
 
-
                                                                                                                                          GPU Scheduling
                                                                                                                                          
-
                                                                                                                                          
+
+  
                                                                                                                                          GPU Scheduling
                                                                                                                                          
+
+  
                                                                                                                                          
+
                                                                                                                                          
+
 
                                                                                                                                          
 
 
 
                                                                                                                                          
diff --git a/docs/cce/umn/cce_10_0721.html b/docs/cce/umn/cce_10_0721.html
index 9f0626065..7f0835394 100644
--- a/docs/cce/umn/cce_10_0721.html
+++ b/docs/cce/umn/cce_10_0721.html
@@ -3,7 +3,7 @@
 
                                                                                                                                          Overview
                                                                                                                                          
 
                                                                                                                                          Volcano is a batch processing platform that runs on Kubernetes for machine learning, deep learning, bioinformatics, genomics, and other big data applications. It provides general-purpose, high-performance computing capabilities, such as job scheduling, heterogeneous chip management, and job running management.
                                                                                                                                          
 
                                                                                                                                          Volcano Scheduler
                                                                                                                                          Volcano Scheduler is a pod scheduling component, which consists of a series of actions and plugins. Actions should be executed in every step. Plugins provide the action algorithm details in different scenarios. Volcano Scheduler features high scalability. You can specify actions and plugins as needed.
                                                                                                                                          
-
                                                                                                                                          Figure 1 Volcano Scheduler workflow
                                                                                                                                          
+
                                                                                                                                          Figure 1 Volcano Scheduler workflow
                                                                                                                                          
 
                                                                                                                                          The working process of Volcano Scheduler is as follows:
                                                                                                                                          
 
                                                                                                                                          1. Identify and cache the job submitted by the client.
                                                                                                                                          2. Start a periodical session. A scheduling cycle begins.
                                                                                                                                          3. Send jobs that are not scheduled the to-be-scheduled queue of the session.
                                                                                                                                          4. Traverse all jobs to be scheduled and perform actions such as enqueue, allocate, preempt, reclaim, and backfill in the configured sequence to find the most appropriate node for each job. Bind the job to the node. The specific algorithm logic executed in action depends on the implementation of each function in the registered plugin.
                                                                                                                                          5. Close the session.
                                                                                                                                          
 
                                                                                                                                          
diff --git a/docs/cce/umn/cce_10_0722.html b/docs/cce/umn/cce_10_0722.html
index afa4623c3..b6e2cc46c 100644
--- a/docs/cce/umn/cce_10_0722.html
+++ b/docs/cce/umn/cce_10_0722.html
@@ -5,7 +5,15 @@
 
                                                                                                                                          Kubernetes typically uses its default scheduler to schedule workloads. To use Volcano, specify Volcano for your workloads. For details about the Kubernetes scheduler, see Specify schedulers for pods.
                                                                                                                                          
 
                                                                                                                                          Notes and Constraints
                                                                                                                                          If you schedule a lot of workloads, Volcano will generate a significant number of logs. To prevent the node hosting Volcano from running out of disk space, use Volcano with LTS. 
                                                                                                                                          
 
                                                                                                                                          
-
                                                                                                                                          Using Volcano
                                                                                                                                          When using Volcano to schedule workloads, you only need to configure schedulerName in the spec field of the pod and set the parameter to volcano. The following is an example:
                                                                                                                                          apiVersion: apps/v1
+
                                                                                                                                          Using Volcano
                                                                                                                                          When using Volcano to schedule workloads, you only need to configure schedulerName in the spec field of the pod and set the parameter to volcano. The following is an example:
                                                                                                                                          
+
                                                                                                                                          1. Use YAML to create a queue.
                                                                                                                                            apiVersion: scheduling.volcano.sh/v1beta1
+kind: Queue
+metadata:
+  name: q1
+spec:
+  reclaimable: true
+  weight: 1
                                                                                                                                            
+
                                                                                                                                          2. Set schedulerName in the spec field of the pod to volcano.
                                                                                                                                            apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx
@@ -20,13 +28,13 @@ spec:
     metadata:
       annotations:
         # Submit the job to the q1 queue.
-        scheduling.volcano.sh/queue-name: "q1"
-        volcano.sh/preemptable: "true"
+        scheduling.volcano.sh/queue-name: "q1"
+        volcano.sh/preemptable: "true"
       labels:
         app: nginx
     spec:
       # Specify Volcano as the scheduler.
-      schedulerName: volcano
+      schedulerName: volcano
       containers:
       - name: nginx
         image: nginx
@@ -40,23 +48,23 @@ spec:
             memory: 100Mi
         ports:
         - containerPort: 80
                                                                                                                                            
-
                                                                                                                                          
+
                                                                                                                                    
 
                                                                                                                                    Additionally, Volcano supports the workload queues and preemption, which can be implemented through pod annotations. The following table lists the supported annotations.
                                                                                                                                    
 
-
                                                                                                                                    Table 1 Pod annotations supported by Volcano
                                                                                                                                    Pod Annotations
                                                                                                                                    
+
                                                                                                                                    
-
-
-
-
-
@@ -64,15 +72,18 @@ spec:
 
                                                                                                                                    Table 1 Pod annotations supported by Volcano
                                                                                                                                    Pod Annotations
                                                                                                                                    
 
                                                                                                                                    Description
                                                                                                                                    
+
                                                                                                                                    Description
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    
 
                                                                                                                                    scheduling.volcano.sh/queue-name: "<queue-name>"
                                                                                                                                    
+
                                                                                                                                    scheduling.volcano.sh/queue-name: "<queue-name>"
                                                                                                                                    
 
                                                                                                                                    Specifies the queue to which the workload belongs. <queue-name> indicates the queue name.
                                                                                                                                    
+
                                                                                                                                    Specifies the queue to which the workload belongs. <queue-name> indicates the queue name.
                                                                                                                                    
                                                                                                                                     		
 
                                                                                                                                    volcano.sh/preemptable: "true"
                                                                                                                                    
+
                                                                                                                                    volcano.sh/preemptable: "true"
                                                                                                                                    
 
                                                                                                                                    Indicates whether a job can be preempted. If this function is enabled, the job can be preempted.
                                                                                                                                    
+
                                                                                                                                    Indicates whether a job can be preempted. If this function is enabled, the job can be preempted.
                                                                                                                                    
 
                                                                                                                                    Options:
                                                                                                                                    
 
                                                                                                                                    • true: Preemption is enabled. This option is enabled by default.
                                                                                                                                    • false: Preemption is disabled.
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    You can obtain pod details to check whether the pod is scheduled by Volcano and the allocated queue.
                                                                                                                                    
-
                                                                                                                                    kubectl describe pod <pod_name>
                                                                                                                                    
-
                                                                                                                                    Command output:
                                                                                                                                    
-
                                                                                                                                    Spec:
+
                                                                                                                                    You can obtain pod details to check whether the pod is scheduled by Volcano to the allocated queue.
                                                                                                                                    
+
                                                                                                                                    1. Run the following command to check the pod details and obtain the scheduling.k8s.io/group-name value:
                                                                                                                                      kubectl describe pod <pod_name>
                                                                                                                                      
+
                                                                                                                                      The scheduling.k8s.io/group-name value of the pod is displayed.
                                                                                                                                      
+
                                                                                                                                      
+
                                                                                                                                    2. Check whether the pod is scheduled by Volcano to the allocated queue.
                                                                                                                                      kubectl describe pg <group_name>
                                                                                                                                      
+
                                                                                                                                      Command output:
                                                                                                                                      
+
                                                                                                                                      Spec:
   Min Member:  1
   Min Resources:
     Cpu:     100m
     Memory:  100Mi
-  Queue:     q1
+  Queue:     q1
 Status:
   Conditions:
     Last Transition Time:  2023-05-30T01:54:43Z
@@ -84,7 +95,8 @@ Status:
 Events:
   Type    Reason     Age              From     Message
   ----    ------     ----             ----     -------
-  Normal  Scheduled  0s (x3 over 2s)  volcano  pod group is ready
                                                                                                                                      
+  Normal  Scheduled  0s (x3 over 2s)  volcano  pod group is ready
                                                                                                                                    
+
 
 
 
                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0726.html b/docs/cce/umn/cce_10_0726.html
index 1c7276313..dffad42f6 100644
--- a/docs/cce/umn/cce_10_0726.html
+++ b/docs/cce/umn/cce_10_0726.html
@@ -1,12 +1,12 @@
 
 
-
                                                                                                                                    Using a Local EV
                                                                                                                                    
+
                                                                                                                                    Local EV
                                                                                                                                    
 
                                                                                                                                    Local Ephemeral Volumes (EVs) are stored in EV storage pools. Local EVs deliver better performance than the default storage medium of native emptyDir and support scale-out.
                                                                                                                                    
-
                                                                                                                                    Prerequisites
                                                                                                                                    
+
                                                                                                                                    Prerequisites
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    Notes and Constraints
                                                                                                                                    • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
                                                                                                                                    • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                    • Ensure that the /var/lib/kubelet/pods/ directory is not mounted to the pod on the node. Otherwise, the pod, mounted with such volumes, may fail to be deleted.
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    Using the Console to Mount a Local EV
                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                    2. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                                                    3. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select Local Ephemeral Volume (emptyDir).
                                                                                                                                    4. Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
                                                                                                                                      
+
                                                                                                                                      Using the Console to Mount a Local EV
                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                      2. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                                                      3. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Information area under Container Settings and choose Add Volume > Local EV (emptyDir).
                                                                                                                                      4. Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
                                                                                                                                        
 
                                                                                                                                        
@@ -74,6 +76,7 @@
 
@@ -81,6 +84,7 @@
 
@@ -100,8 +104,8 @@ metadata:
     kubernetes.io/elb.class: performance  # Load balancer type
     kubernetes.io/elb.protocol-port: http:80 # The HTTP port 80 is used.
     kubernetes.io/elb.keepalive_timeout: '300'  # Timeout setting for client connections
-    kubernetes.io/elb.client_timeout: '60'      # Timeout for waiting for a request from a client
-    kubernetes.io/elb.member_timeout: '60'      # Timeout for waiting for a response from a backend server
+    kubernetes.io/elb.client_timeout: '60'      # Timeout for waiting for a request from a client
+    kubernetes.io/elb.member_timeout: '60'      # Timeout for waiting for a response from a backend server
   name: nginx 
 spec: 
   ports: 
@@ -131,8 +135,8 @@ spec:
 
diff --git a/docs/cce/umn/cce_10_0730.html b/docs/cce/umn/cce_10_0730.html
index 82866b890..21f65546e 100644
--- a/docs/cce/umn/cce_10_0730.html
+++ b/docs/cce/umn/cce_10_0730.html
@@ -3,32 +3,30 @@
 
                                                                                                                                        Configuring Timeout for a LoadBalancer Ingress
                                                                                                                                        LoadBalancer ingresses support the following timeout settings:
                                                                                                                                        
 
                                                                                                                                        • Idle timeout setting for client connections: maximum duration for keeping a connection when no client request is received. If no request is received during this period, the load balancer closes the connection and establishes a new one with the client when the next request arrives.
                                                                                                                                        • Timeout for waiting for a request from a client: If the client fails to send a request header to the load balancer during the timeout duration or the interval for sending body data exceeds a specified period, the load balancer will release the connection.
                                                                                                                                        • Timeout setting for waiting for a response from a backend server: If the backend server fails to respond during the timeout duration, the load balancer will stop waiting and return HTTP 504 Gateway Timeout to the client.
                                                                                                                                        
-
                                                                                                                                         
                                                                                                                                        If you delete the timeout configuration when updating an ingress, the timeout configuration of the existing listener will be reset to the default value.
                                                                                                                                        
-
                                                                                                                                        
 
                                                                                                                                        Prerequisites
                                                                                                                                        • A CCE standard or Turbo cluster is available. The table below shows which cluster versions support the timeout configuration.
-
                                                                                                                                        Table 1 Mounting a local EV
                                                                                                                                        Parameter
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        Description
                                                                                                                                        
@@ -41,7 +41,7 @@
 
 
                                                                                                                                      5. After the configuration, click Create Workload.
                                                                                                                                        6. 
 
-
                                                                                                                                        Mounting a Local EV Through kubectl
                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                        2. Create a file named nginx-emptydir.yaml and edit it.
                                                                                                                                          vi nginx-emptydir.yaml
                                                                                                                                          
+
                                                                                                                                          Mounting a Local EV Through kubectl
                                                                                                                                          1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                          2. Create a file named nginx-emptydir.yaml and edit it.
                                                                                                                                            vi nginx-emptydir.yaml
                                                                                                                                            
 
                                                                                                                                            Content of the YAML file:
                                                                                                                                            
 
                                                                                                                                            apiVersion: apps/v1
 kind: Deployment
diff --git a/docs/cce/umn/cce_10_0729.html b/docs/cce/umn/cce_10_0729.html
index 2cc9d80e6..025f7018a 100644
--- a/docs/cce/umn/cce_10_0729.html
+++ b/docs/cce/umn/cce_10_0729.html
@@ -66,6 +66,8 @@
 
                                                                                                                                        Idle Timeout
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        Timeout for an idle client connection. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                        
+
                                                                                                                                        Value:
                                                                                                                                        • For TCP listeners, the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                                                                        • For HTTP, HTTPS, and TERMINATED_HTTPS listeners, the value ranges from 0 to 4000 (in seconds). The default value is 60.
                                                                                                                                        • For UDP listeners (supported only by dedicated load balancers), the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                                                                        
+
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        This configuration is not supported if the port of a shared load balancer uses UDP.
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        Timeout for waiting for a request from a client. There are two cases:
                                                                                                                                        
 
                                                                                                                                        • If the client fails to send a request header to the load balancer during the timeout duration, the request will be interrupted.
                                                                                                                                        • If the interval between two consecutive request bodies reaching the load balancer is greater than the timeout duration, the connection will be disconnected.
                                                                                                                                        
+
                                                                                                                                        The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        This parameter is available only after HTTP/HTTPS is enabled on ports.
                                                                                                                                        
 
                                                                                                                                        Response Timeout
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond during the timeout duration, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                        
+
                                                                                                                                        The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        This parameter is available only after HTTP/HTTPS is enabled on ports.
                                                                                                                                        
 
                                                                                                                                        String
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        Timeout for client connections. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                        
-
                                                                                                                                        Value:
                                                                                                                                        
-
                                                                                                                                        • For TCP listeners, the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                                                                        • For HTTP, HTTPS, and TERMINATED_HTTPS listeners, the value ranges from 0 to 4000 (in seconds). The default value is 60.
                                                                                                                                        • For UDP listeners, the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                                                                        
+
                                                                                                                                        Value:
                                                                                                                                        • For TCP listeners, the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                                                                        • For HTTP, HTTPS, and TERMINATED_HTTPS listeners, the value ranges from 0 to 4000 (in seconds). The default value is 60.
                                                                                                                                        • For UDP listeners (supported only by dedicated load balancers), the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                                                                        
+
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        
 
                                                                                                                                        kubernetes.io/elb.client_timeout
                                                                                                                                        
@@ -143,7 +147,7 @@ spec:
                                                                                                                                         		
 
                                                                                                                                        Timeout for waiting for a request from a client. There are two cases:
                                                                                                                                        
 
                                                                                                                                        • If the client fails to send a request header to the load balancer during the timeout duration, the request will be interrupted.
                                                                                                                                        • If the interval between two consecutive request bodies reaching the load balancer is greater than the timeout duration, the connection will be disconnected.
                                                                                                                                        
-
                                                                                                                                        The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                        
+
                                                                                                                                        The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        
 
                                                                                                                                        kubernetes.io/elb.member_timeout
                                                                                                                                        
@@ -153,7 +157,7 @@ spec:
 
                                                                                                                                        String
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond within the duration specified by member_timeout, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                        
-
                                                                                                                                        The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                        
+
                                                                                                                                        The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        
                                                                                                                                         
 
                                                                                                                                        Timeout Type
                                                                                                                                        
+
                                                                                                                                        
-
-
-
-
-
-
-
-
-
@@ -36,6 +34,8 @@
 
                                                                                                                                      6. An available workload has been deployed in the cluster for external access. If no workload is available, deploy a workload by referring to Creating a Deployment, Creating a StatefulSet, or Creating a DaemonSet.
                                                                                                                                      7. A Service for external access has been configured for the workload. Services Supported by LoadBalancer Ingresses lists the Service types supported by LoadBalancer ingresses.
                                                                                                                                        8. 
+
                                                                                                                                        Notes and Constraints
                                                                                                                                        • If you delete the timeout configuration when updating an ingress, the timeout configuration of the existing listener will be retained.
                                                                                                                                        • If multiple ingresses share the same external port on a load balancer, you are advised to use the same timeout configuration for these ingresses. Otherwise, the configuration of the first created ingress will take precedence. For details, see Configuring Multiple Ingresses to Use the Same External ELB Port.
                                                                                                                                        
+
                                                                                                                                        Using the CCE Console to Configure Timeout
                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                        2. In the navigation pane, choose Services & Ingresses. Click the Ingresses tab and click Create Ingress in the upper right corner.
                                                                                                                                        3. Configure ingress parameters.
                                                                                                                                           
                                                                                                                                          This example explains only key parameters for configuring timeout. You can configure other parameters as required. For details, see Creating a LoadBalancer Ingress on the Console.
                                                                                                                                          
 
                                                                                                                                          
 
@@ -63,10 +63,13 @@
 
 
                                                                                                                                        
-
-
@@ -85,7 +88,7 @@
 
                                                                                                                                      8. Click OK.
                                                                                                                                        9. 
-
                                                                                                                                        Using kubectl to Configure Timeout
                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                          vi ingress-test.yaml
                                                                                                                                          
+
                                                                                                                                          Using kubectl to Configure Timeout
                                                                                                                                          1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                          2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                            vi ingress-test.yaml
                                                                                                                                            
 
                                                                                                                                            An example YAML file of an ingress associated with an existing load balancer is as follows:
                                                                                                                                            
 
                                                                                                                                            apiVersion: networking.k8s.io/v1
 kind: Ingress
@@ -97,7 +100,7 @@ metadata:
     kubernetes.io/elb.id: <your_elb_id>    # In this example, an existing dedicated load balancer is used. Replace its ID with the ID of your dedicated load balancer.
     kubernetes.io/elb.class: performance
     kubernetes.io/elb.keepalive_timeout: '300'  # Timeout setting for client connections
-    kubernetes.io/elb.client_timeout: '60'      # Timeout duration for waiting for a request from a client
+    kubernetes.io/elb.client_timeout: '60'      # Timeout for waiting for a request from a client
     kubernetes.io/elb.member_timeout: '60'      # Timeout for waiting for a response from a backend server
 spec:
   rules:
@@ -132,7 +135,7 @@ spec:
 
                                                                                                                                        Timeout Type
                                                                                                                                        
 
                                                                                                                                        Load Balancer Type
                                                                                                                                        
+
                                                                                                                                        Load Balancer Type
                                                                                                                                        
 
                                                                                                                                        Supported Cluster Version
                                                                                                                                        
+
                                                                                                                                        Supported Cluster Version
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        
 
                                                                                                                                        Idle Timeout
                                                                                                                                        
+
                                                                                                                                        Idle Timeout
                                                                                                                                        
 
                                                                                                                                        Dedicated
                                                                                                                                        
+
                                                                                                                                        Dedicated
                                                                                                                                        
 
                                                                                                                                        • v1.19: v1.19.16-r30 or later
                                                                                                                                        • v1.21: v1.21.10-r10 or later
                                                                                                                                        • v1.23: v1.23.8-r10 or later
                                                                                                                                        • v1.25: v1.25.3-r10 or later
                                                                                                                                        • Other clusters of later versions
                                                                                                                                        
+
                                                                                                                                        • v1.19: v1.19.16-r30 or later
                                                                                                                                        • v1.21: v1.21.10-r10 or later
                                                                                                                                        • v1.23: v1.23.8-r10 or later
                                                                                                                                        • v1.25: v1.25.3-r10 or later
                                                                                                                                        • Other clusters of later versions
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        Request Timeout
                                                                                                                                        
+
                                                                                                                                        Request Timeout
                                                                                                                                        
 
                                                                                                                                        Dedicated
                                                                                                                                        
+
                                                                                                                                        Dedicated
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        Response Timeout
                                                                                                                                        
+
                                                                                                                                        Response Timeout
                                                                                                                                        
 
                                                                                                                                        Dedicated
                                                                                                                                        
+
                                                                                                                                        Dedicated
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        
                                                                                                                                         
 
 
 
                                                                                                                                        Listener
                                                                                                                                        
 
                                                                                                                                        • External Protocol: HTTP and HTTPS are available.
                                                                                                                                        • External Port: specifies the port of the load balancer listener.
                                                                                                                                        • Advanced Options
                                                                                                                                          • Idle Timeout (s): specifies the idle timeout of a client connection. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                          • Request Timeout (s): specifies the timeout duration for waiting for a client request.
                                                                                                                                            Specifically:
                                                                                                                                            
+
                                                                                                                                        • External Protocol: HTTP and HTTPS are available.
                                                                                                                                        • External Port: specifies the port of the load balancer listener.
                                                                                                                                        • Advanced Options
                                                                                                                                          • Idle Timeout (s): specifies the idle timeout of a client connection. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                            The value ranges from 0 to 4000 (in seconds). The default value is 60.
                                                                                                                                            
+
                                                                                                                                          • Request Timeout (s): specifies the timeout duration for waiting for a client request.
                                                                                                                                            Specifically:
                                                                                                                                            
 
                                                                                                                                            If the client fails to send a request header to the load balancer during the timeout duration, the request will be interrupted.
                                                                                                                                            
 
                                                                                                                                            If the interval between two consecutive request bodies reaching the load balancer is greater than the timeout duration, the connection will be disconnected.
                                                                                                                                            
-
                                                                                                                                          • Response Timeout (s): specifies the timeout duration for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond during the timeout duration, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                          
+
                                                                                                                                          The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                          
+
                                                                                                                                        • Response Timeout (s): specifies the timeout duration for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond during the timeout duration, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                          The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                          
+
                                                                                                                                        
 
                                                                                                                                         		
 
                                                                                                                                        • External Protocol: HTTP
                                                                                                                                        • External Port: 80
                                                                                                                                        • Advanced Options
                                                                                                                                          • Idle Timeout (s): 60
                                                                                                                                          • Request Timeout (s): 60
                                                                                                                                          • Response Timeout (s): 60
                                                                                                                                          
@@ -75,7 +78,7 @@
 
                                                                                                                                        
 
                                                                                                                                        Forwarding Policy
                                                                                                                                        
 
                                                                                                                                        • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                        • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                        • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                        • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                        • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                        
+
                                                                                                                                        • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                        • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                        • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                        • Destination Service: Select an existing Service. Only Services that meet the requirements are automatically displayed in the Service list. 
                                                                                                                                        • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        • Domain Name: You do not need to configure this parameter.
                                                                                                                                        • Path Matching Rule: Prefix match
                                                                                                                                        • Path: /
                                                                                                                                        • Destination Service: nginx
                                                                                                                                        • Destination Service Port: 80
                                                                                                                                        
                                                                                                                                         		
 
 
                                                                                                                                        String
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        Timeout for client connections. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                        
-
                                                                                                                                        The value ranges from 0 to 4000 seconds. The default value is 60.
                                                                                                                                        
+
                                                                                                                                        The value ranges from 0 to 4000 (in seconds). The default value is 60.
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        
 
                                                                                                                                        kubernetes.io/elb.client_timeout
                                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0735.html b/docs/cce/umn/cce_10_0735.html
index 3d2115880..d91959664 100644
--- a/docs/cce/umn/cce_10_0735.html
+++ b/docs/cce/umn/cce_10_0735.html
@@ -8,7 +8,7 @@
 
 
                                                                                                                                        Notes and Constraints
                                                                                                                                        • Only dedicated load balancers support slow start for HTTP and HTTPS backend server groups.
                                                                                                                                        • Slow start takes effect only when the weighted round robin algorithm is used.
                                                                                                                                        • Slow start takes effect only for new backend server pods.
                                                                                                                                        • After the slow start duration elapses, backend servers will not enter the slow start mode again.
                                                                                                                                        • Slow start takes effect when health check is enabled and backend server pods are running properly.
                                                                                                                                        • If health check is disabled, slow start takes effect immediately.
                                                                                                                                        • With slow start configured for an ingress, all forwarding policies of the ingress take effect.
                                                                                                                                        
 
                                                                                                                                        
-
                                                                                                                                        Procedure
                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                          vi ingress-test.yaml
                                                                                                                                          
+
                                                                                                                                          Procedure
                                                                                                                                          1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                          2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                            vi ingress-test.yaml
                                                                                                                                            
 
                                                                                                                                            An example YAML file of an ingress associated with an existing load balancer is as follows:
                                                                                                                                            
 
                                                                                                                                            apiVersion: networking.k8s.io/v1
 kind: Ingress
diff --git a/docs/cce/umn/cce_10_0744.html b/docs/cce/umn/cce_10_0744.html
index ea6d07bf1..91261b7f5 100644
--- a/docs/cce/umn/cce_10_0744.html
+++ b/docs/cce/umn/cce_10_0744.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                            Revoking a Cluster Access Credential
                                                                                                                                            
-
                                                                                                                                            In multi-tenant scenarios, CCE generates a credential (kubeconfig or X.509 certificate) for you to access the corresponding cluster. The credential contains user identity and authorization information so that you can access the cluster and perform authorized operations on it. Credentials ensure security between IAM users for user management and authorization. However, the validity period of a credential is usually fixed. When an employee holding the credential resigns or an authorized credential is disclosed, you need to manually revoke the credential to ensure cluster security.
                                                                                                                                            
+
                                                                                                                                            In multi-tenant scenarios, CCE generates a unique credential (such as a kubeconfig file or an X.509 certificate) for each user to access their designated cluster. These credentials contain user identity and authorization details, enabling users to perform authorized operations while ensuring secure isolation and management. However, credentials typically have a fixed validity period. If an employee resigns or a credential is compromised, manual revocation is required to maintain cluster security.
                                                                                                                                            
 
                                                                                                                                            The credentials can be revoked in the following scenarios:
                                                                                                                                            
 
                                                                                                                                            • IAM users (non-administrators) intend to revoke their own credentials.
                                                                                                                                            • Accounts or administrators (users in the admin user group) can revoke the credentials of other users or delegated accounts.
                                                                                                                                            
 
                                                                                                                                             
                                                                                                                                            After a credential is revoked, the holder of the credential cannot access the cluster, and the revoked credential cannot be restored. Exercise caution when performing this operation.
                                                                                                                                            
@@ -10,13 +10,37 @@
 
                                                                                                                                            Prerequisites
                                                                                                                                            A cluster of v1.19.16-r50, v1.21.11-r10, v1.23.9-r10, v1.25.4-r10, v1.27.1-r10, or later is available.
                                                                                                                                            
 
                                                                                                                                            
 
                                                                                                                                            Operations Performed by IAM Users
                                                                                                                                            IAM users can only revoke their own credentials. To revoke a credential, perform the following operations:
                                                                                                                                            
-
                                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                            2. Choose Overview in the navigation pane. In the right pane, locate the Connection Information area and click Revoke for Certificate Authentication.
                                                                                                                                            3. In the dialog box displayed, enter REVOKE in the confirmation box and click OK if you are sure you want to revoke the credential.
                                                                                                                                            
+
                                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                            2. Choose Overview in the navigation pane. In the Connection Info area on the right of the page, click Revoke.
                                                                                                                                            3. In the dialog box displayed, enter REVOKE in the confirmation box and click OK if you are sure you want to revoke the credential.
                                                                                                                                            
 
                                                                                                                                            
 
                                                                                                                                            Operations Performed by Accounts or Administrators
                                                                                                                                            Accounts or administrators (users in the admin user group) can revoke the credentials of other users or delegated accounts. To revoke a credential, see the following operations:
                                                                                                                                            
-
                                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                            2. Choose Overview in the navigation pane. In the right pane, locate the Connection Information area and click Revoke for Certificate Authentication.
                                                                                                                                            3. Select a certificate applicant and revoke the certificate. The revoked certificate cannot be restored. Exercise caution when performing this operation.
                                                                                                                                              • User: Select an IAM user and revoke its credential.
                                                                                                                                              • Account: Select an agency account and revoke its credentials.
                                                                                                                                              • Specify User ID/Delegacy ID: If the user has been deleted or you log in to the system through an identity provider, manually enter the user ID. If the delegated account has been deleted, manually enter the delegated ID.
                                                                                                                                                You can use the following solution to obtain the ID:
                                                                                                                                                
-
                                                                                                                                                • If you can obtain the certificate downloaded by the applicant, the name (CN - Common Name) of the certificate is the required ID.
                                                                                                                                                • If you cannot obtain the certificate downloaded by the applicant, use Cloud Trace Service (CTS) to obtain the events of deleting a user (deleteUser) and deleting an agency (deleteAgency). The resource IDs of the events are the IDs of the deleted user and delegated account, respectively.
                                                                                                                                                
-
                                                                                                                                                If the required ID cannot be obtained using the preceding methods, submit a service ticket to O&M personnel.
                                                                                                                                                
-
                                                                                                                                              
+
                                                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                              2. Choose Overview in the navigation pane. In the Connection Info area on the right of the page, click Revoke.
                                                                                                                                              3. Select a certificate applicant to revoke the certificate. For details about the parameters, see Table 1. After the certificate is revoked, the original X.509 certificate and kubectl configuration file become invalid. If the certificate applicant needs to regain access to the cluster, they must download the certificate or kubectl configuration file again.
                                                                                                                                                
+
+
                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                Table 1 Certificate applicant
                                                                                                                                                Parameter
                                                                                                                                                
+
                                                                                                                                                Description
                                                                                                                                                
+
                                                                                                                                                User
                                                                                                                                                
+
                                                                                                                                                User: Select an IAM user and revoke their credential.
                                                                                                                                                
+
                                                                                                                                                Account
                                                                                                                                                
+
                                                                                                                                                Account: Select an agency account and revoke their credential.
                                                                                                                                                
+
                                                                                                                                                Other user/agency ID
                                                                                                                                                
+
                                                                                                                                                If your IAM user or account has been deleted, or if you log in to the system through an identity provider, you need to manually enter the user ID or agency ID. To obtain an ID, do as follows:
                                                                                                                                                
+
                                                                                                                                                • If you can obtain the certificate downloaded by the applicant, the certificate's common name (CN) serves as the required ID.
                                                                                                                                                • If you cannot obtain the certificate downloaded by the applicant, use Cloud Trace Service (CTS) to retrieve the deleteUser and deleteAgency events. The resource IDs of these events are the IDs of the deleted user and account, respectively.
                                                                                                                                                
+
                                                                                                                                                If the required ID cannot be obtained using the preceding methods, submit a service ticket to O&M personnel.
                                                                                                                                                
+
                                                                                                                                                
+
                                                                                                                                                
 
                                                                                                                                              4. In the dialog box displayed, enter REVOKE in the confirmation box and click OK if you are sure you want to revoke the credential.
                                                                                                                                              
 
                                                                                                                                            
 
                                                                                                                                            
diff --git a/docs/cce/umn/cce_10_0766.html b/docs/cce/umn/cce_10_0766.html
index 8f5b03f7d..e51b98f53 100644
--- a/docs/cce/umn/cce_10_0766.html
+++ b/docs/cce/umn/cce_10_0766.html
@@ -5,7 +5,7 @@
 
                                                                                                                                            CCE has resolved this issue by using Volcano Scheduler to evict pods that do not comply with the configured policy so that pods can be rescheduled. In this way, the cluster load is balanced and resource fragmentation is minimized.
                                                                                                                                            
 
                                                                                                                                            Features
                                                                                                                                            Load-aware Descheduling
                                                                                                                                            
 
                                                                                                                                            During Kubernetes cluster management, over-utilized nodes are due to high CPU or memory usage, which affects the stable running of pods on these nodes and increases the probability of node faults. To dynamically balance the resource usage between nodes in a cluster, a cluster resource view is required based on node monitoring metrics. During cluster management, real-time monitoring can be used to detect issues such as high resource usage on a node, node faults, and excessive number of pods on a node so that the system can take measures promptly, for example, by migrating some pods from an over-utilized node to under-utilized nodes.
                                                                                                                                            
-
                                                                                                                                            Figure 1 Load-aware descheduling
                                                                                                                                            
+
                                                                                                                                            Figure 1 Load-aware descheduling
                                                                                                                                            
 
                                                                                                                                            When using this add-on, ensure the highThresholds value is greater than the lowThresholds value. Otherwise, the descheduler cannot work.
                                                                                                                                            
 
                                                                                                                                            • Appropriately utilized node: a node whose resource usage is greater than or equal to 30% and less than or equal to 80%. The resource usage of appropriately utilized nodes is within the expected range.
                                                                                                                                            • Over-utilized node: a node whose resource usage is higher than 80%. Some pods will be evicted from over-utilized nodes to reduce its resource usage to be less than or equal to 80%. The descheduler will schedule the evicted pods to under-utilized nodes.
                                                                                                                                            • Under-utilized node: a node whose resource usage is lower than 30%.
                                                                                                                                            
 
                                                                                                                                            HighNodeUtilization
                                                                                                                                            
@@ -16,86 +16,11 @@
 
                                                                                                                                            Notes and Constraints
                                                                                                                                            • Pods need to be rescheduled using a scheduler, and no scheduler can label pods or nodes. Therefore, an evicted pod might be rescheduled to the original node.
                                                                                                                                            • Descheduling does not support anti-affinity between pods. An evicted pod is in anti-affinity relationship with other running pods. Therefore, the scheduler may still schedule the pod back to the node where the pod was evicted from.
                                                                                                                                            • When configuring load-aware descheduling, you are required to enable load-aware scheduling on Volcano Scheduler. When configuring HighNodeUtilization, you are required to enable bin packing on Volcano Scheduler.
                                                                                                                                            
 
                                                                                                                                            
 
                                                                                                                                            Configuring a Load-aware Descheduling Policy
                                                                                                                                            When configuring a load-aware descheduling policy, do as follows to enable load-aware scheduling on Volcano Scheduler:
                                                                                                                                            
-
                                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Settings and click the Scheduling tab on the right side of the page. Then, enable load-aware scheduling. For details, see Load-aware Scheduling.
                                                                                                                                            2. On the Scheduling tab page, select Volcano scheduler, find the expert mode, and click Try Now.
                                                                                                                                              
+
                                                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster details page. Choose Add-ons in the navigation pane, locate Volcano Scheduler on the right, and click Edit. In the Extended Functions area, enable descheduling and click OK to update the add-on configuration.
                                                                                                                                              2. In the navigation pane, choose Settings. On the Scheduling tab page, enable load-aware scheduling. For details, see Load-aware Scheduling.
                                                                                                                                              3. On the Scheduling tab page, select Volcano scheduler, find the expert mode, and click Try Now.
                                                                                                                                                
 
                                                                                                                                                
-
                                                                                                                                              4. Configure a load-aware descheduling policy. The following shows a configuration example in JSON format for Volcano v1.11.21 or later:
                                                                                                                                                {
-  "colocation_enable": "",
-  "default_scheduler_conf": {
-    "actions": "allocate, backfill, preempt",
-    "tiers": [
-      {
-        "plugins": [
-          {
-            "name": "priority"
-          },
-          {
-            "enablePreemptable": false,
-            "name": "gang"
-          },
-          {
-            "name": "conformance"
-          }
-        ]
-      },
-      {
-        "plugins": [
-          {
-            "enablePreemptable": false,
-            "name": "drf"
-          },
-          {
-            "name": "predicates"
-          },
-          {
-            "name": "nodeorder"
-          },
-          {
-            "name": "usage",
-            "enablePredicate": true,
-            "arguments": {
-              "usage.weight": 5,
-              "cpu.weight": 1,
-              "memory.weight": 1,
-              "thresholds": {
-                "cpu": 80,
-                "mem": 80
-              }
-            }
-          }
-        ]
-      },
-      {
-        "plugins": [
-          {
-            "name": "cce-gpu-topology-predicate"
-          },
-          {
-            "name": "cce-gpu-topology-priority"
-          },
-          {
-            "name": "cce-gpu"
-          }
-        ]
-      },
-      {
-        "plugins": [
-          {
-            "name": "nodelocalvolume"
-          },
-          {
-            "name": "nodeemptydirvolume"
-          },
-          {
-            "name": "nodeCSIscheduling"
-          },
-          {
-            "name": "networkresource"
-          }
-        ]
-      }
-    ]
-  },
-  "deschedulerPolicy": {
+
                                                                                                                                              5. Configure a load-aware descheduling policy. If you are using Volcano v1.11.21 or later, refer to the example JSON parameter settings below. For more parameters, see the JSON example in Getting Started on the console.
                                                                                                                                                {
+...
+"deschedulerPolicy": {
     "profiles": [
       {
         "name": "ProfileName",
@@ -138,57 +63,52 @@
       }
     ]
   },
-  "descheduler_enable": "true",
+  "descheduler_enable": "true",
   "deschedulingInterval": "10m"
+...
 }
                                                                                                                                                
 
-
                                                                                                                                                Table 1 Key parameters of a cluster descheduling policy
                                                                                                                                                Parameter
                                                                                                                                                
+
                                                                                                                                                
-
-
-
-
-
-
-
-
                                                                                                                                                Table 1 Key parameters of a cluster descheduling policy
                                                                                                                                                Parameter
                                                                                                                                                
 
                                                                                                                                                Description
                                                                                                                                                
+
                                                                                                                                                Description
                                                                                                                                                
                                                                                                                                                 		
 
                                                                                                                                                
 
                                                                                                                                                descheduler_enable
                                                                                                                                                
+
                                                                                                                                                deschedulingInterval
                                                                                                                                                
 
                                                                                                                                                Whether to enable a cluster descheduling policy.
                                                                                                                                                
-
                                                                                                                                                • true: The cluster descheduling policy is enabled.
                                                                                                                                                • false: The cluster descheduling policy is disabled.
                                                                                                                                                
+
                                                                                                                                                Descheduling period.
                                                                                                                                                
                                                                                                                                                 		
 
                                                                                                                                                deschedulingInterval
                                                                                                                                                
+
                                                                                                                                                deschedulerPolicy
                                                                                                                                                
 
                                                                                                                                                Descheduling period.
                                                                                                                                                
-
                                                                                                                                                deschedulerPolicy
                                                                                                                                                
-
                                                                                                                                                Cluster descheduling policy. For details, see Table 2.
                                                                                                                                                
+
                                                                                                                                                Cluster descheduling policy. For details, see Table 2.
                                                                                                                                                
                                                                                                                                                 		
 
                                                                                                                                                
                                                                                                                                                 
 
                                                                                                                                                
 
                                                                                                                                                
 
-
                                                                                                                                                Table 2 deschedulerPolicy parameters
                                                                                                                                                Parameter
                                                                                                                                                
+
                                                                                                                                                
-
-
-
-
-
-
-
                                                                                                                                                Table 2 deschedulerPolicy parameters
                                                                                                                                                Parameter
                                                                                                                                                
 
                                                                                                                                                Description
                                                                                                                                                
+
                                                                                                                                                Description
                                                                                                                                                
                                                                                                                                                 		
 
                                                                                                                                                
 
                                                                                                                                                profiles.[].plugins.balance.enable.[]
                                                                                                                                                
+
                                                                                                                                                profiles.[].plugins.balance.enable.[]
                                                                                                                                                
 
                                                                                                                                                Descheduling policy for a cluster.
                                                                                                                                                
+
                                                                                                                                                Descheduling policy for a cluster.
                                                                                                                                                
 
                                                                                                                                                LoadAware: a load-aware descheduling policy is used.
                                                                                                                                                
                                                                                                                                                 		
 
                                                                                                                                                profiles.[].pluginConfig.[].name
                                                                                                                                                
+
                                                                                                                                                profiles.[].pluginConfig.[].name
                                                                                                                                                
 
                                                                                                                                                Configuration of a load-aware descheduling policy. Options:
                                                                                                                                                
+
                                                                                                                                                Configuration of a load-aware descheduling policy. Options:
                                                                                                                                                
 
                                                                                                                                                • DefaultEvictor: default eviction policy
                                                                                                                                                • LoadAware: a load-aware descheduling policy
                                                                                                                                                
                                                                                                                                                 		
 
                                                                                                                                                profiles.[].pluginConfig.[].args
                                                                                                                                                
+
                                                                                                                                                profiles.[].pluginConfig.[].args
                                                                                                                                                
 
                                                                                                                                                Descheduling policy configuration of a cluster.
                                                                                                                                                
+
                                                                                                                                                Descheduling policy configuration of a cluster.
                                                                                                                                                
 
                                                                                                                                                • Configurations for the DefaultEvictor policy:
                                                                                                                                                  • ignorePvcPods: whether PVC pods should be ignored or evicted. Value true indicates that the pods are ignored, and value false indicates that the pods are evicted. This configuration does not differentiate PVC types (local PVs, SFS, or EVS).
                                                                                                                                                  • nodeFit: whether to consider the existing scheduling configurations such as node affinity and taint on the node during descheduling. Value true indicates that the existing scheduling configurations will be considered, and value false indicates that those will be ignored.
                                                                                                                                                  • priorityThreshold: priority setting. If the priority of a pod is greater than or equal to the value of this parameter, the pod will not be evicted. Example:
                                                                                                                                                    {
   "value": 100
 }
                                                                                                                                                    
@@ -223,78 +143,10 @@
 
                                                                                                                                                  • Click OK.
                                                                                                                                                    • 
 
 
                                                                                                                                                    Configuring a HighNodeUtilization Policy
                                                                                                                                                    When configuring a HighNodeUtilization policy, do as follows to enable the bin packing policy on Volcano Scheduler:
                                                                                                                                                    
-
                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Settings and click the Scheduling tab on the right side of the page. Then, enable bin packing. For details, see Bin Packing.
                                                                                                                                                    2. On the Scheduling tab page, select Volcano scheduler, find the expert mode, and click Try Now.
                                                                                                                                                      
+
                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster details page. Choose Add-ons in the navigation pane, locate Volcano Scheduler on the right, and click Edit. In the Extended Functions area, enable descheduling and click OK to update the add-on configuration.
                                                                                                                                                      2. In the navigation pane, choose Settings. On the Scheduling tab page, enable bin packing. For details, see Bin Packing.
                                                                                                                                                      3. On the Scheduling tab page, select Volcano scheduler, find the expert mode, and click Try Now.
                                                                                                                                                        
 
                                                                                                                                                        
-
                                                                                                                                                      4. Configure a resource defragmentation policy. The following shows a configuration example in JSON format:
                                                                                                                                                        {
-  "colocation_enable": "",
-  "default_scheduler_conf": {
-    "actions": "allocate, backfill, preempt",
-    "tiers": [
-      {
-        "plugins": [
-          {
-            "name": "priority"
-          },
-          {
-            "enablePreemptable": false,
-            "name": "gang"
-          },
-          {
-            "name": "conformance"
-          },
-          {
-            "arguments": {
-              "binpack.weight": 5
-            },
-            "name": "binpack"
-          }
-        ]
-      },
-      {
-        "plugins": [
-          {
-            "enablePreemptable": false,
-            "name": "drf"
-          },
-          {
-            "name": "predicates"
-          },
-          {
-            "name": "nodeorder"
-          }
-        ]
-      },
-      {
-        "plugins": [
-          {
-            "name": "cce-gpu-topology-predicate"
-          },
-          {
-            "name": "cce-gpu-topology-priority"
-          },
-          {
-            "name": "cce-gpu"
-          }
-        ]
-      },
-      {
-        "plugins": [
-          {
-            "name": "nodelocalvolume"
-          },
-          {
-            "name": "nodeemptydirvolume"
-          },
-          {
-            "name": "nodeCSIscheduling"
-          },
-          {
-            "name": "networkresource"
-          }
-        ]
-      }
-    ]
-  },
+
                                                                                                                                                      5. If you are using a resource defragmentation policy, refer to the example JSON parameter settings below. For more parameters, see the JSON example in Getting Started on the console.
                                                                                                                                                        {
+... 
   "deschedulerPolicy": {
     "profiles": [
       {
@@ -331,57 +183,52 @@
       }
     ]
   },
-  "descheduler_enable": "true",
+  "descheduler_enable": "true",
   "deschedulingInterval": "10m"
+...
 }
                                                                                                                                                        
 
-
                                                                                                                                                        Table 3 Key parameters of a cluster descheduling policy
                                                                                                                                                        Parameter
                                                                                                                                                        
+
                                                                                                                                                        
-
-
-
-
-
-
-
-
                                                                                                                                                        Table 3 Key parameters of a cluster descheduling policy
                                                                                                                                                        Parameter
                                                                                                                                                        
 
                                                                                                                                                        Description
                                                                                                                                                        
+
                                                                                                                                                        Description
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        
 
                                                                                                                                                        descheduler_enable
                                                                                                                                                        
+
                                                                                                                                                        deschedulingInterval
                                                                                                                                                        
 
                                                                                                                                                        Whether to enable a cluster descheduling policy.
                                                                                                                                                        
-
                                                                                                                                                        • true: The cluster descheduling policy is enabled.
                                                                                                                                                        • false: The cluster descheduling policy is disabled.
                                                                                                                                                        
+
                                                                                                                                                        Descheduling period.
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        deschedulingInterval
                                                                                                                                                        
+
                                                                                                                                                        deschedulerPolicy
                                                                                                                                                        
 
                                                                                                                                                        Descheduling period.
                                                                                                                                                        
-
                                                                                                                                                        deschedulerPolicy
                                                                                                                                                        
-
                                                                                                                                                        Cluster descheduling policy. For details, see Table 4.
                                                                                                                                                        
+
                                                                                                                                                        Cluster descheduling policy. For details, see Table 4.
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        
                                                                                                                                                         
 
                                                                                                                                                        
 
                                                                                                                                                        
 
-
                                                                                                                                                        
-
@@ -101,7 +114,7 @@
 
                                                                                                                                                        Container Network (Available only in CCE Turbo Clusters)
                                                                                                                                                        If you want different namespaces or workloads to use different subnet CIDR blocks or security groups, you can create a policy to associate subnets or security groups with namespaces or workloads. For details, see Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration.
                                                                                                                                                        
-
                                                                                                                                                        • Associating a pod with a subnet: The pod IP address is restricted in a specific CIDR block. The networks between different namespaces or workloads are isolated from each other.
                                                                                                                                                        • Associating a pod with a security group: You can configure security group rules for pods in the same namespace or workload to customize access policies.
                                                                                                                                                        
+
                                                                                                                                                        • Pod Subnet: Pod IP addresses are allocated from this subnet. Only the pods in the same namespace or for running the same workload can communicate with each other.
                                                                                                                                                        • Associate Security Group: You can configure security group rules for pods in the same namespace or for running the same workload to customize access policies.
                                                                                                                                                        
 
                                                                                                                                                         
                                                                                                                                                        This configuration is supported only by CCE Turbo clusters. Pod subnets can be deleted from clusters of v1.23.17-r0, v1.25.12-r0, v1.27.9-r0, v1.28.7-r0, v1.29.3-r0, or later versions.
                                                                                                                                                        
 
                                                                                                                                                        
 
                                                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0785.html b/docs/cce/umn/cce_10_0785.html
index 9f40782bf..4f545bf9d 100644
--- a/docs/cce/umn/cce_10_0785.html
+++ b/docs/cce/umn/cce_10_0785.html
@@ -5,9 +5,9 @@
 
                                                                                                                                                        kube-scheduler
                                                                                                                                                        kube-scheduler provides the community native, standard scheduling capabilities.
                                                                                                                                                        
 
                                                                                                                                                        Before enabling volcano enhanced capabilities, install Volcano Scheduler. Enabling this function will provide advanced scheduling capabilities, including optimizing resource utilization, enhancing AI job performance, and managing heterogeneous resources. This will ultimately improve cluster resource utilization and reduce costs.
                                                                                                                                                        
 
                                                                                                                                                        Enhanced configurations of the Volcano scheduler:
                                                                                                                                                        
-
+
 
                                                                                                                                                        
-
                                                                                                                                                        Scheduler Configuration
                                                                                                                                                         
                                                                                                                                                        Only kube-scheduler supports this configuration.
                                                                                                                                                        
+
                                                                                                                                                        Scheduler Performance Configuration
                                                                                                                                                         
                                                                                                                                                        Only kube-scheduler supports this configuration.
                                                                                                                                                        
 
                                                                                                                                                        
 
 
                                                                                                                                                        Table 4 deschedulerPolicy parameters
                                                                                                                                                        Parameter
                                                                                                                                                        
+
                                                                                                                                                        
-
-
-
-
-
-
-
-
+
+
+
-
-
+
+
+
                                                                                                                                                        Table 4 deschedulerPolicy parameters
                                                                                                                                                        Parameter
                                                                                                                                                        
 
                                                                                                                                                        Description
                                                                                                                                                        
+
                                                                                                                                                        Description
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        
 
                                                                                                                                                        profiles.[].plugins.balance.enable.[]
                                                                                                                                                        
+
                                                                                                                                                        profiles.[].plugins.balance.enable.[]
                                                                                                                                                        
 
                                                                                                                                                        Descheduling policy for a cluster.
                                                                                                                                                        
+
                                                                                                                                                        Descheduling policy for a cluster.
                                                                                                                                                        
 
                                                                                                                                                        HighNodeUtilization: the policy for minimizing CPU and memory fragments is used.
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        profiles.[].pluginConfig.[].name
                                                                                                                                                        
+
                                                                                                                                                        profiles.[].pluginConfig.[].name
                                                                                                                                                        
 
                                                                                                                                                        Configuration of a load-aware descheduling policy. Options:
                                                                                                                                                        
+
                                                                                                                                                        Configuration of a load-aware descheduling policy. Options:
                                                                                                                                                        
 
                                                                                                                                                        • DefaultEvictor: default eviction policy
                                                                                                                                                        • HighNodeUtilization: policy for minimizing CPU and memory fragments
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        profiles.[].pluginConfig.[].args
                                                                                                                                                        
+
                                                                                                                                                        profiles.[].pluginConfig.[].args
                                                                                                                                                        
 
                                                                                                                                                        Descheduling policy configuration of a cluster.
                                                                                                                                                        
+
                                                                                                                                                        Descheduling policy configuration of a cluster.
                                                                                                                                                        
 
                                                                                                                                                        • Configurations for the DefaultEvictor policy:
                                                                                                                                                          • ignorePvcPods: whether PVC pods should be ignored or evicted. Value true indicates that the pods are ignored, and value false indicates that the pods are evicted. This configuration does not differentiate PVC types (local PVs, SFS, or EVS).
                                                                                                                                                          • nodeFit: whether to consider the existing scheduling configurations such as node affinity and taint on the node during descheduling. Value true indicates that the existing scheduling configurations will be considered, and value false indicates that those will be ignored.
                                                                                                                                                          • priorityThreshold: priority setting. If the priority of a pod is greater than or equal to the value of this parameter, the pod will not be evicted. Example:
                                                                                                                                                            {
   "value": 100
 }
                                                                                                                                                            
@@ -403,13 +250,13 @@
 
                                                                                                                                                          • Click OK.
                                                                                                                                                            • 
 
 
                                                                                                                                                            Use Cases
                                                                                                                                                            HighNodeUtilization
                                                                                                                                                            
-
                                                                                                                                                            1. Check the nodes in a cluster. It is found that some nodes are under-utilized.
                                                                                                                                                              
-
                                                                                                                                                            2. Edit the Volcano parameters to enable the descheduler and set the CPU and memory usage thresholds to 25. When the CPU and memory usage of a node is less than 25%, pods on the node will be evicted.
                                                                                                                                                              
+
                                                                                                                                                              1. In the navigation pane of the cluster console, choose Nodes. Check the node list for nodes with minimal resource allocation.
                                                                                                                                                                
+
                                                                                                                                                              2. In the navigation pane, choose Settings and click the Scheduling tab. Select Volcano scheduler, find the expert mode, and click Try Now.
                                                                                                                                                              3. Edit Volcano parameters and set both the CPU and memory thresholds to 25. When the CPU and memory usage of a node is less than 25%, pods on the node will be evicted.
                                                                                                                                                                
 
                                                                                                                                                              4. After the policy takes effect, pods on the node with IP address 192.168.44.152 will be migrated to the node with IP address 192.168.54.65 for minimized resource fragments.
                                                                                                                                                                
 
                                                                                                                                                              
 
                                                                                                                                                            
 
                                                                                                                                                            Common Issues
                                                                                                                                                            If an input parameter is incorrect, for example, the entered value is beyond the accepted value range or in an incorrect format, an event will be generated. In this case, modify the parameter setting as prompted.
                                                                                                                                                            
-
                                                                                                                                                            
+
                                                                                                                                                            
 
                                                                                                                                                            
 
 
                                                                                                                                                            
diff --git a/docs/cce/umn/cce_10_0767.html b/docs/cce/umn/cce_10_0767.html
index 084759e5b..d88cd1768 100644
--- a/docs/cce/umn/cce_10_0767.html
+++ b/docs/cce/umn/cce_10_0767.html
@@ -13,7 +13,7 @@
 
                                                                                                                                                            Prerequisites
                                                                                                                                                            
 
                                                                                                                                                            
 
                                                                                                                                                            Configuring Soft Affinity Scheduling for Volcano Node Pools
                                                                                                                                                            1. Configure labels for affinity scheduling in the node pool.
                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                              3. Click Update of the target node pool. On the page that is displayed, configure labels in the Kubernetes Label area.
                                                                                                                                                              
-
                                                                                                                                                            2. On the Scheduling tab page, select Volcano scheduler, find the expert mode, and click Try Now.
                                                                                                                                                              
+
                                                                                                                                                            3. In the navigation pane, choose Settings and click the Scheduling tab. Select Volcano scheduler, find the expert mode, and click Try Now.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                            4. Configure Volcano scheduler parameters. The following shows a configuration example in JSON format:
                                                                                                                                                              ...
     "default_scheduler_conf": {
@@ -62,7 +62,7 @@
                         // Configure the affinity scheduling weight and labels of the node pool.
                         "arguments": { 
                             "nodepoolaffinity.weight": 10000,
-                            "nodepoolaffinity.label": "nodepool1=nodepool1"
+                            "nodepoolaffinity.label": "nodepool=nodepool1"
                         }
                     }
                 ]
diff --git a/docs/cce/umn/cce_10_0768.html b/docs/cce/umn/cce_10_0768.html
index b170e54c8..b3a8b7597 100644
--- a/docs/cce/umn/cce_10_0768.html
+++ b/docs/cce/umn/cce_10_0768.html
@@ -1,7 +1,8 @@
 
 
 
                                                                                                                                                              Resource Usage-based Scheduling
                                                                                                                                                              
-
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                                
 
                                                                                                                                                              • Bin Packing
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0773.html b/docs/cce/umn/cce_10_0773.html
index 1247c2802..c3ed5f844 100644
--- a/docs/cce/umn/cce_10_0773.html
+++ b/docs/cce/umn/cce_10_0773.html
@@ -15,7 +15,7 @@
 
                                                                                                                                                                Binpack.weight x (CPU.score + Memory.score + GPU.score)/(CPU.weight + Memory.weight + GPU.weight) x 100
                                                                                                                                                                
 
                                                                                                                                                                A larger bin packing weight leads to a higher score. A larger resource weight leads to a greater influence in the node score. The parameters in the formula for scoring a node are as follows:
                                                                                                                                                                
 
                                                                                                                                                                • Binpack.weight: bin packing weight
                                                                                                                                                                • CPU.score: calculated CPU score; CPU.weight: customized CPU weight
                                                                                                                                                                • Memory.score: calculated memory score; Memory.weight: customized memory weight
                                                                                                                                                                • GPU.score: calculated GPU score; GPU.weight: customized GPU weight
                                                                                                                                                                
-
                                                                                                                                                                Figure 1 Bin packing example
                                                                                                                                                                
+
                                                                                                                                                                Figure 1 Bin packing example
                                                                                                                                                                
 
                                                                                                                                                              
 
                                                                                                                                                              In this figure, there are two nodes in the cluster. When pods need to be scheduled, the bin packing policy scores the two nodes separately.
                                                                                                                                                              
 
                                                                                                                                                              For example, CPU.weight is set to 1, Memory.weight is set to 1, GPU.weight is set to 2, and binpack.weight is set to 5 in a cluster.
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0774.html b/docs/cce/umn/cce_10_0774.html
index 4aff68f84..750665eaf 100644
--- a/docs/cce/umn/cce_10_0774.html
+++ b/docs/cce/umn/cce_10_0774.html
@@ -1,7 +1,8 @@
 
 
 
                                                                                                                                                              Priority-based Scheduling
                                                                                                                                                              
-
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                                
 
                                                                                                                                                              • Priority-based Scheduling
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0775.html b/docs/cce/umn/cce_10_0775.html
index 1a53efa64..e63f62ddd 100644
--- a/docs/cce/umn/cce_10_0775.html
+++ b/docs/cce/umn/cce_10_0775.html
@@ -84,7 +84,7 @@ spec:
 
                                                                                                                                                            
 
                                                                                                                                                            
 
                                                                                                                                                            
-
                                                                                                                                                            Example of Priority-based Scheduling
                                                                                                                                                            For example, there are two idle nodes and several workloads with three priorities (high-priority, medium-priority, and low-priority). Run the high-priority workload to exhaust all cluster resources, and issue the medium-priority and low-priority workloads. Then, the two types of workloads are pending due to insufficient resources. When the high-priority workload ends, the pods of the medium-priority workload will be scheduled ahead of the pods of the low-priority workload according to the priority-based scheduling setting.
                                                                                                                                                            
+
                                                                                                                                                            Example of Priority-based Scheduling
                                                                                                                                                            For example, if there are two idle nodes and high-, medium-, and low-priority Volcano jobs in the cluster, run the high-priority job first to exhaust the cluster resources. Then, run the medium- and low-priority jobs. The medium- and low-priority jobs are pending because the high-priority Volcano job is using all cluster resources. After the high-priority job completes, the medium-priority job is scheduled next.
                                                                                                                                                            
 
                                                                                                                                                            1. Add three PriorityClasses (high-priority, med-priority, and low-priority) in priority.yaml.
                                                                                                                                                              Example configuration of priority.yaml:
                                                                                                                                                              apiVersion: scheduling.k8s.io/v1
 kind: PriorityClass
 metadata:
@@ -119,7 +119,7 @@ med-priority              50           false            97s
 system-cluster-critical   2000000000   false            6d6h
 system-node-critical      2000001000   false            6d6h
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                            2. Create a high-priority workload named high-priority-job to exhaust all cluster resources.
                                                                                                                                                              high-priority-job.yaml
                                                                                                                                                              
+
                                                                                                                                                            3. Create a high-priority Volcano job to exhaust all cluster resources.
                                                                                                                                                              high-priority-job.yaml
                                                                                                                                                              
 
                                                                                                                                                              apiVersion: batch.volcano.sh/v1alpha1
 kind: Job
 metadata:
@@ -143,7 +143,7 @@ spec:
                   cpu: "1"
           restartPolicy: OnFailure
                                                                                                                                                              
 
                                                                                                                                                              Run the following command to issue the job:
                                                                                                                                                              
-
                                                                                                                                                              kubectl apply -f high_priority_job.yaml
                                                                                                                                                              
+
                                                                                                                                                              kubectl apply -f high-priority-job.yaml
                                                                                                                                                              
 
                                                                                                                                                              Run the kubectl get pod command to check pod statuses:
                                                                                                                                                              
 
                                                                                                                                                              NAME                   READY   STATUS    RESTARTS   AGE
 priority-high-test-0   1/1     Running   0          3s
@@ -151,7 +151,7 @@ priority-high-test-1   1/1     Running   0          3s
 priority-high-test-2   1/1     Running   0          3s
 priority-high-test-3   1/1     Running   0          3s
                                                                                                                                                              
 
                                                                                                                                                              The command output shows that all cluster resources have been used up.
                                                                                                                                                              
-
                                                                                                                                                            4. Create a medium-priority workload med-priority-job and a low-priority workload low-priority-job.
                                                                                                                                                              med-priority-job.yaml
                                                                                                                                                              
+
                                                                                                                                                            5. Create a medium-priority and a low-priority Volcano job.
                                                                                                                                                              med-priority-job.yaml
                                                                                                                                                              
 
                                                                                                                                                              apiVersion: batch.volcano.sh/v1alpha1
 kind: Job
 metadata:
@@ -198,8 +198,8 @@ spec:
                   cpu: "1"
           restartPolicy: OnFailure
                                                                                                                                                              
 
                                                                                                                                                              Run the following commands to issue the jobs:
                                                                                                                                                              
-
                                                                                                                                                              kubectl apply -f med_priority_job.yaml
-kubectl apply -f low_priority_job.yaml
                                                                                                                                                              
+
                                                                                                                                                              kubectl apply -f med-priority-job.yaml
+kubectl apply -f low-priority-job.yaml
                                                                                                                                                              
 
                                                                                                                                                              Run the kubectl get pod command to check the statuses of the pods for the newly created workloads. The command output shows that the pods are pending due to insufficient resources:
                                                                                                                                                              
 
                                                                                                                                                              NAME                     READY   STATUS    RESTARTS   AGE
 priority-high-test-0     1/1     Running   0          3m29s
@@ -214,7 +214,7 @@ priority-medium-test-0   0/1     Pending   0          2m36s
 priority-medium-test-1   0/1     Pending   0          2m36s
 priority-medium-test-2   0/1     Pending   0          2m36s
 priority-medium-test-3   0/1     Pending   0          2m36s
                                                                                                                                                              
-
                                                                                                                                                            6. Delete the high_priority_job workload to release resources and check whether the pods of the med-priority-job workload will be preferentially scheduled.
                                                                                                                                                              Run the kubectl delete -f high_priority_job.yaml command to release cluster resources and check pod scheduling.
                                                                                                                                                              
+
                                                                                                                                                            7. Delete the high-priority job to release cluster resources. The medium-priority job will be scheduled next.
                                                                                                                                                              Run the kubectl delete -f high-priority-job.yaml command to release cluster resources and check pod scheduling.
                                                                                                                                                              
 
                                                                                                                                                              NAME                     READY   STATUS    RESTARTS   AGE
 priority-low-test-0      0/1     Pending   0          5m18s
 priority-low-test-1      0/1     Pending   0          5m18s
diff --git a/docs/cce/umn/cce_10_0776.html b/docs/cce/umn/cce_10_0776.html
index 4c3753d16..1e774a730 100644
--- a/docs/cce/umn/cce_10_0776.html
+++ b/docs/cce/umn/cce_10_0776.html
@@ -1,7 +1,8 @@
 
 
 
                                                                                                                                                              AI Performance-based Scheduling
                                                                                                                                                              
-
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                                
 
                                                                                                                                                              • DRF
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0777.html b/docs/cce/umn/cce_10_0777.html
index db8791d27..64a4134ed 100644
--- a/docs/cce/umn/cce_10_0777.html
+++ b/docs/cce/umn/cce_10_0777.html
@@ -12,7 +12,7 @@
 
                                                                                                                                                                Share = Total requested resources/Cluster resources
                                                                                                                                                                
 
                                                                                                                                                                If a job involves multiple resources, the resource with the largest share value is the dominant resource. The share value of the dominant resource will be used in priority-based scheduling.
                                                                                                                                                                
 
                                                                                                                                                                For example, there are two workloads, job 1 and job 2. The following figure shows the resources requested by the two jobs. After DRF calculation, the dominant resource of job 1 is memory, and its share value is 0.4; the dominant resource of job 2 is CPU, and its share value is 0.5. Since the dominant resource share of job 1 is less than that of job 2, job 1 takes precedence over job 2 in scheduling according to the max-min fairness policy.
                                                                                                                                                                
-
                                                                                                                                                                Figure 1 DRF scheduling
                                                                                                                                                                
+
                                                                                                                                                                Figure 1 DRF scheduling
                                                                                                                                                                
 
                                                                                                                                                                Configuring DRF
                                                                                                                                                                After Volcano is installed, you can enable or disable DRF scheduling on the Scheduling page. This function is enabled by default.
                                                                                                                                                                
 
                                                                                                                                                                1. Log in to the CCE console.
                                                                                                                                                                2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Scheduling tab.
                                                                                                                                                                3. In the AI task performance enhanced scheduling pane, select whether to enable DRF.
                                                                                                                                                                  This function helps you enhance the service throughput of the cluster and improve service running performance.
                                                                                                                                                                  
 
                                                                                                                                                                4. Click Confirm.
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0782.html b/docs/cce/umn/cce_10_0782.html
index 9b2fa1aba..d43e993b8 100644
--- a/docs/cce/umn/cce_10_0782.html
+++ b/docs/cce/umn/cce_10_0782.html
@@ -5,10 +5,11 @@
 
                                                                                                                                                                Accessing the Settings
                                                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                2. In the navigation pane, choose Settings and click the Dashboard tab.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Cluster Information
                                                                                                                                                                It includes:
                                                                                                                                                                
-
                                                                                                                                                                • ID: uniquely identifies a cluster resource. It is automatically generated after a cluster is created and can be used in scenarios such as API calling.
                                                                                                                                                                • Current Name: After a cluster is created, you can click  to change its name.
                                                                                                                                                                • Original Name: specifies a cluster's original name after its current name is changed. The current name of a cluster must be unique.
                                                                                                                                                                • Status: specifies the status of a cluster. For details, see Cluster Lifecycle.
                                                                                                                                                                • Type: specifies whether a cluster is a CCE standard or a CCE Turbo cluster. For details about the differences between CCE standard and CCE Turbo clusters, see Comparison Between Cluster Types.
                                                                                                                                                                • Created On: specifies the time when a cluster was created. You will be billed based on the creation time of clusters.
                                                                                                                                                                
+
                                                                                                                                                                • ID: uniquely identifies a cluster resource. It is automatically generated after a cluster is created and can be used in scenarios such as API calling.
                                                                                                                                                                • Current Name: After a cluster is created, you can click  to change its name.
                                                                                                                                                                • Original Name: specifies a cluster's original name after its current name is changed. The current name of a cluster must be unique.
                                                                                                                                                                • Status: specifies the status of a cluster. For details, see Cluster Lifecycle.
                                                                                                                                                                • Type: specifies whether a cluster is a CCE standard cluster or a CCE Turbo cluster. For details about the differences between CCE standard and CCE Turbo clusters, see Comparison Between Cluster Types.
                                                                                                                                                                • Created On: specifies the time when a cluster was created. You will be billed based on the creation time of clusters.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Cluster Settings
                                                                                                                                                                After a cluster is created, you can modify the following items for it:
                                                                                                                                                                
-
                                                                                                                                                                • Cluster Scale: specifies how many nodes a cluster can manage at most. You can change the cluster scale as needed. For details, see Changing Cluster Scale.
                                                                                                                                                                • Cluster Version | Patch Version: specifies the Kubernetes version and CCE patch version of a cluster.
                                                                                                                                                                • Network Model: specifies the network model of a cluster, which cannot be changed. For details about network models, see Container Network.
                                                                                                                                                                • Resource Tag: You can add resource tags to classify resources.
                                                                                                                                                                • Cluster Description: specifies the description that you entered for a cluster. A maximum of 200 characters are allowed.
                                                                                                                                                                • Cluster Deletion Protection: A measure taken to prevent accidental deletion of clusters through the console or APIs. After this function is enabled, you will not be able to delete or unsubscribe from clusters on CCE.
                                                                                                                                                                
+
                                                                                                                                                                • Cluster Scale: specifies how many nodes a cluster can manage at most. You can change the cluster scale as needed. For details, see Changing a Cluster Scale.
                                                                                                                                                                • Cluster Version | Patch Version: specifies the Kubernetes version and CCE patch version of a cluster.
                                                                                                                                                                • Network Model: specifies the network model of a cluster, which cannot be changed. For details about network models, see Container Network.
                                                                                                                                                                • Resource Tag: You can add resource tags to classify resources.
                                                                                                                                                                • Cluster Description: specifies the description that you entered for a cluster. A maximum of 200 characters are allowed.
                                                                                                                                                                • Global OBS Access Secret (paas.longaksk): If you have created a global access key while using OBS volumes in a cluster, the system will create a secret called paas.longaksk in the kube-system namespace of the cluster. This secret is used to store the global AK and SK.
                                                                                                                                                                  The global access key (paas.longaksk) is used by project. Once a global access key is used, it is automatically created for each cluster within the same project. However, this can lead to security and management complexities. Therefore, it is not recommended that you use global access secrets. To disable global access keys, check whether the cluster uses global access keys. For details, see What Is an OBS Global Access Key and How Do I Check Whether a Global Access Key Is Used in a Cluster?
                                                                                                                                                                  
+
                                                                                                                                                                • Cluster Deletion Protection: A measure taken to prevent accidental deletion of clusters through the console or APIs. After this function is enabled, you will not be able to delete or unsubscribe from clusters.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Master Node AZs
                                                                                                                                                                You can check how many master nodes are supported in a cluster. 
                                                                                                                                                                
 
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0783.html b/docs/cce/umn/cce_10_0783.html
index 703bf87e3..c38e301d1 100644
--- a/docs/cce/umn/cce_10_0783.html
+++ b/docs/cce/umn/cce_10_0783.html
@@ -1,13 +1,13 @@
 
 
 
                                                                                                                                                                Cluster Access
                                                                                                                                                                
-
                                                                                                                                                                Access Mode
                                                                                                                                                                • kubectl: You need to download and configure the kubectl and kubeconfig configuration files first, and then use kubectl to access a Kubernetes cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                • EIP: You can bind an EIP to the cluster API server. Then, the cluster API server can access the public network.
                                                                                                                                                                   
                                                                                                                                                                  • Binding an EIP to a cluster could bring the cluster potential access risks from the public network. You are advised to harden the inbound rule of port 5443 for the master node security group. 
                                                                                                                                                                  • This operation will restart kube-apiserver and update the cluster access certificate (kubeconfig). Do not perform any operations on the cluster during this time.
                                                                                                                                                                  
+
                                                                                                                                                                  Access Mode
                                                                                                                                                                  • kubectl: You need to download and configure the kubectl and kubeconfig configuration files first, and then use kubectl to access a Kubernetes cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                                  • EIP: You can bind an EIP to the cluster API server. Then, the cluster API server can access the public network.
                                                                                                                                                                     
                                                                                                                                                                    • Binding an EIP to a cluster could bring the cluster potential access risks from the public network. You are advised to harden the inbound rule of port 5443 for the master node security group. 
                                                                                                                                                                    • This operation will restart kube-apiserver and update the cluster access certificate (kubeconfig). Do not perform any operations on the cluster during this time.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                  • Custom SAN: The Subject Alternative Name (SAN) allows multiple values (including IP addresses and domain names) to be associated with certificates. After the custom SAN is configured in the cluster access certificate, the cluster can be accessed using the domain names or IP addresses specified by the SAN. For details, see Accessing a Cluster Using a Custom Domain Name.
                                                                                                                                                                     
                                                                                                                                                                    This operation will restart kube-apiserver and update the cluster access certificate (kubeconfig). Do not perform any operations on the cluster during this time.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  Authentication
                                                                                                                                                                  CCE allows you to download the X509 certificate, which contains the client.key, client.crt, and ca.crt files. Keep your certificate secure.
                                                                                                                                                                  
+
                                                                                                                                                                  Authentication
                                                                                                                                                                  CCE allows you to download the X.509 certificate, which contains the client.key, client.crt, and ca.crt files. Keep your certificate secure.
                                                                                                                                                                  
 
                                                                                                                                                                  For details about how to use a certificate to access clusters, see Accessing a Cluster Using an X.509 Certificate.
                                                                                                                                                                  
 
                                                                                                                                                                  CCE supports X.509 certificate revocation. For details about how to revoke a cluster credential, see Revoking a Cluster Access Credential.
                                                                                                                                                                  
 
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0784.html b/docs/cce/umn/cce_10_0784.html
index 7b2074614..51fabc7bd 100644
--- a/docs/cce/umn/cce_10_0784.html
+++ b/docs/cce/umn/cce_10_0784.html
@@ -28,11 +28,16 @@
 
                                                                                                                                                                  You can create a VPC peering connection to enable ECSs in different VPCs to communicate with each other.
                                                                                                                                                                  
 
                                                                                                                                                        		
 
                                                                                                                                                        Default Node Subnet | IPv4 CIDR Block
                                                                                                                                                        
+
                                                                                                                                                        Default Node Subnet | IPv4 CIDR Block/IPv6 CIDR Block
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Node subnet CIDR block of a cluster
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        IPv4/IPv6 Dual Stack
                                                                                                                                                        
+
                                                                                                                                                        Whether to enable IPv6 dual stack.
                                                                                                                                                        
+
                                                                                                                                                        
 
                                                                                                                                                        Network Model
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Network model of a cluster
                                                                                                                                                        
@@ -46,7 +51,7 @@
 
                                                                                                                                                        If the custom security group needs some modifications, the modified security group applies only to newly created or accepted nodes. For existing nodes, you need to manually modify the security group rules.
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        CIDR blocks for non-masquerading access (available only in clusters using the VPC network model)
                                                                                                                                                        
+
                                                                                                                                                        Non-Translated CIDR Blocks for External Communication (available only in clusters using the VPC network model)
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        In a cluster using a VPC network, 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 are regarded as private CIDR blocks of the cluster by default. If the VPC to which the cluster resides uses a secondary CIDR block, operations such as creating or resetting a node will also add the secondary CIDR block to the private CIDR blocks.
                                                                                                                                                        
 
                                                                                                                                                        If a pod tries to access a private CIDR block, the source node will not perform NAT on the pod IP address. Instead, the upper-layer VPC can directly send the pod data packet to the destination, which means, the pod IP address is directly used to communicate with the private CIDR block in the cluster.
                                                                                                                                                        
@@ -58,10 +63,18 @@
 
                                                                                                                                                        
 
                                                                                                                                                        Pod's Access to Metadata (available only in CCE Turbo clusters)
                                                                                                                                                        
 
                                                                                                                                                        Whether to allow pods in a cluster to access the node metadata, such as AZs and enterprise project IDs. This function is available only in clusters of v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later versions.
                                                                                                                                                        
+
                                                                                                                                                        Whether to allow a newly created pod in a cluster to access the node metadata, such as AZs.
                                                                                                                                                        
+
                                                                                                                                                        This function is available only in clusters of v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later versions.
                                                                                                                                                        
 
                                                                                                                                                        • If a pod is created when the function is enabled, whether it can access metadata depends on the function status.
                                                                                                                                                        • If a pod is created when the function is disabled or in a cluster of an earlier version, it cannot access metadata regardless of the function status. To grant a pod access to metadata, it must be rebuilt while the function is enabled.
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Network Policies (supported by clusters using the container tunnel network model)
                                                                                                                                                        
+
                                                                                                                                                        Whether to enable network policies. This configuration is supported by clusters of v1.25.16-r10, v1.27.16-r10, v1.28.15-r0, v1.29.10-r0, v1.30.6-r0, v1.31.1-r0, and later versions.
                                                                                                                                                        
+
                                                                                                                                                        • Disabled: The network policy capability is not supported, and the created policies do not take effect.
                                                                                                                                                        • Enabled: If the CIDR blocks of a customer's service conflict with the on-premises CIDR blocks, the link to a newly added gateway may not be established.
                                                                                                                                                          For example, when a cluster accesses an external address through a Direct Connect connection, the switch outside the cloud does not support ip-option. If the network policy is enabled, the network access may fail.
                                                                                                                                                          
+
                                                                                                                                                        
+
                                                                                                                                                        
                                                                                                                                                         
 
                                                                                                                                                        
 
                                                                                                                                                        
@@ -79,7 +92,7 @@
 
                                                                                                                                                        After a cluster is created, the service forwarding mode cannot be changed. IPVS and iptables are supported. For details, see Comparing iptables and IPVS.
                                                                                                                                                        
 
 
                                                                                                                                                        Service CIDR Block
                                                                                                                                                        
+
                                                                                                                                                        IPv4 Service CIDR Block/IPv6 Service CIDR Block
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Each Service in a cluster has its own IP address. When creating a CCE cluster, you can specify the Service address range (Service CIDR block). The Service CIDR block cannot overlap with the subnet or the container CIDR block. The Service CIDR block can be used only within a cluster.
                                                                                                                                                        
                                                                                                                                                         		
 
 
                                                                                                                                                        Table 1 Parameters
                                                                                                                                                        Item
                                                                                                                                                        
@@ -43,7 +43,7 @@
 
 
 
                                                                                                                                                        Priority-based Scheduling
                                                                                                                                                        Scheduling based on priority
                                                                                                                                                        
-
                                                                                                                                                        This is a basic scheduling capability and cannot be disabled. The scheduler preferentially guarantees the running of high-priority pods, and will not evict low-priority pods that are running. 
                                                                                                                                                        
+
                                                                                                                                                        This is a basic scheduling capability and cannot be disabled. The scheduler preferentially guarantees the running of high-priority pods, and will not evict low-priority pods that are running. For details, see Priority-based Scheduling.
                                                                                                                                                        
 
                                                                                                                                                        
 
                                                                                                                                                        Resource Utilization Optimization Scheduling (Supported by the Volcano Scheduler)
                                                                                                                                                        Bin packing
                                                                                                                                                        
 
                                                                                                                                                        With this option enabled, the cluster scheduler schedules pods to nodes that have the most requested resources. This reduces resource fragments on each node and improves the resource utilization of the cluster. For details, see Bin Packing.
                                                                                                                                                        
@@ -88,10 +88,10 @@
 
                                                                                                                                                        
 
                                                                                                                                                        
 
-
                                                                                                                                                        Enable load-aware scheduling (usage)
                                                                                                                                                        
+
                                                                                                                                                        Load-aware scheduling (usage)
                                                                                                                                                        
 
                                                                                                                                                        This function uses the Cloud Native Cluster Monitoring (kube-prometheus-stack) add-on to obtain the actual CPU and memory load of each node, calculates the average load of each node based on the specified period, and preferentially schedules jobs to the node with the lightest load to balance load. For details, see Load-aware Scheduling.
                                                                                                                                                        
 
-
                                                                                                                                                        AI Task Performance Enhanced Scheduling (Supported by the Volcano Scheduler)
                                                                                                                                                        Fair Scheduling Policy (DRF)
                                                                                                                                                        
+
                                                                                                                                                        AI Job Performance Enhancement Scheduling (Supported by the Volcano Scheduler)
                                                                                                                                                        Fair Scheduling Policy (DRF)
                                                                                                                                                        
 
                                                                                                                                                        Dominant Resource Fairness (DRF) is a scheduling algorithm based on the dominant resource of a container group. It supports fair allocation of multiple types of resources and is suitable for batch AI training and big data jobs. DRF is suitable for batch process small scale services like single AI model training and single big data computing and query, because it preferentially considers the throughput of services in clusters.
                                                                                                                                                        
 
                                                                                                                                                        DRF helps you enhance the service throughput of clusters and improve service performance. For details, see DRF.
                                                                                                                                                        
 
                                                                                                                                                        Workload Group Scheduling Policy (Gang)
                                                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0786.html b/docs/cce/umn/cce_10_0786.html
index 32dd7f100..da8161822 100644
--- a/docs/cce/umn/cce_10_0786.html
+++ b/docs/cce/umn/cce_10_0786.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                        Auto Scaling
                                                                                                                                                        
-
                                                                                                                                                        Auto Scale-Out Configuration
                                                                                                                                                        CCE Cluster Autoscaler comprehensively checks the resource statuses of an entire cluster. When the load of a microservice is high (for example, the CPU or memory usage is too high), it will add more pods to reduce the load.
                                                                                                                                                        
+
                                                                                                                                                        Auto Scale-out Configuration
                                                                                                                                                        CCE Cluster Autoscaler comprehensively checks the resource statuses of an entire cluster. When the load of a microservice is high (for example, the CPU or memory usage is too high), it will add more pods to reduce the load.
                                                                                                                                                        
 
                                                                                                                                                        Node Capacity Expansion Conditions
                                                                                                                                                        
 
                                                                                                                                                        • Auto scale-out when the workload cannot be scheduled: If a workload pod cannot be scheduled, the system automatically scales out the node pool with auto scaling enabled. If the pod has been configured to be affinity for a node, the system will not automatically add more nodes.
                                                                                                                                                          Such auto scaling works with an HPA policy. For details, see Using HPA and CA for Auto Scaling of Workloads and Nodes.
                                                                                                                                                          
 
                                                                                                                                                        • User-defined policy switch: specifies whether to automatically scale out a node pool based on the node scaling policies. This function is enabled by default.
                                                                                                                                                        
@@ -9,56 +9,84 @@
 
                                                                                                                                                        • Total Nodes: specifies how many nodes can be present in a cluster during scale-out. If there are more nodes in the cluster than the specified value, the cluster will not add nodes. The default value is determined by how many nodes a cluster can manage at most.
                                                                                                                                                        • Total Cores: specifies how many cores on all nodes can be present in a cluster during scale-out. If there are more cores in the cluster than the specified value, the cluster will not add nodes. By default, the number is not limited.
                                                                                                                                                        • Total Memory (GiB): specifies the upper limit of the total memory of all nodes in a cluster during scale-out. If the total memory exceeds the specified value, the cluster will not add nodes. By default, the number is not limited.
                                                                                                                                                        
 
                                                                                                                                                         
                                                                                                                                                        When the total number of nodes, CPUs, and memory is collected, unavailable nodes in custom node pools are included but unavailable nodes in the default node pool are not included.
                                                                                                                                                        
 
                                                                                                                                                        
-
                                                                                                                                                        Scale-Out Priority
                                                                                                                                                        
+
                                                                                                                                                        Scale-out Priority
                                                                                                                                                        
 
                                                                                                                                                        You can drag and drop node pools in the list to adjust their scale-out priorities.
                                                                                                                                                        
 
                                                                                                                                                        
 
                                                                                                                                                        Auto Scale-In Configuration
                                                                                                                                                        CCE Cluster Autoscaler comprehensively checks the resource statuses of an entire cluster. Once it confirms that workload pods can be scheduled and run properly, it automatically obtains nodes for scale-in.
                                                                                                                                                        
-
                                                                                                                                                        Node Scale-In Conditions
                                                                                                                                                        
-
                                                                                                                                                        • Node Resource Condition: When the requested cluster node resources (both CPU and memory) are lower than a certain percentage (50% by default) for a period of time (10 minutes by default), a cluster scale-in is triggered.
                                                                                                                                                        • Node Status Condition: If a node is unavailable for a specified period of time, the node will be automatically reclaimed. The default value is 20 minutes.
                                                                                                                                                        • Scale-in Exception Scenarios: When a node meets the following exception scenarios, CCE will not scale in the node even if the node resources or status meets scale-in conditions:
                                                                                                                                                          1. Resources on other nodes in the cluster are insufficient.
                                                                                                                                                          2. Scale-in protection is enabled on the node. To enable or disable node scale-in protection, choose Nodes in the navigation pane and then click the Nodes tab. Locate the target node, choose More, and then enable or disable node scale-in protection in the Operation column.
                                                                                                                                                          3. There is a pod with the non-scale label on the node.
                                                                                                                                                          4. Policies such as reliability have been configured on some containers on the node.
                                                                                                                                                          5. There are non-DaemonSet containers in the kube-system namespace on the node.
                                                                                                                                                          6. (Optional) A container managed by a third-party pod controller is running on a node. Third-party pod controllers are for custom workloads except Kubernetes-native workloads such as Deployments and StatefulSets. Such controllers can be created using CustomResourceDefinitions.
                                                                                                                                                          
-
                                                                                                                                                        
-
                                                                                                                                                        Node Scale-In Policy
-
                                                                                                                                                        Table 1 Node scale-in policy configurations
                                                                                                                                                        Item
                                                                                                                                                        
+
                                                                                                                                                        Node Scale-In Conditions
                                                                                                                                                        
+
                                                                                                                                                        Nodes in a cluster comply with the default scale-in conditions by default. If scale-in conditions are customized for a node pool, the nodes in the node pool comply with the customized scale-in conditions.
                                                                                                                                                        
+
+
                                                                                                                                                        
-
-
-
-
+
+
+
+
+
+
+
+
+
                                                                                                                                                        Table 1 Node scale-in conditions
                                                                                                                                                        Parameter
                                                                                                                                                        
 
                                                                                                                                                        Description
                                                                                                                                                        
-
                                                                                                                                                        Default Value
                                                                                                                                                        
+
                                                                                                                                                        Description
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        
 
                                                                                                                                                        Number of Concurrent Scale-In Requests
                                                                                                                                                        
+
                                                                                                                                                        Default Scale-In Conditions
                                                                                                                                                        
 
                                                                                                                                                        Maximum number of idle nodes that can be deleted concurrently.
                                                                                                                                                        
+
                                                                                                                                                        If the CPU and memory allocation rates of a node are lower than a certain percentage (50% by default) for a period of time (10 minutes by default), or the node is unavailable for a period of time (20 minutes by default), the node will be scaled in.
                                                                                                                                                        
+
                                                                                                                                                        Allocation rate = Total requested resources of all pods/Allocatable resources on the node
                                                                                                                                                        
+
                                                                                                                                                        If the option Ignore the pre-allocated CPU and memory of the DaemonSet container is selected, CCE will not consider the CPU and memory resources pre-allocated to DaemonSet pods when determining whether to scale in cluster nodes. This means that the resources used by DaemonSet pods will not affect the scaling-in decision. If this option is not selected, the resources pre-allocated to DaemonSet pods will be included in the resource allocation calculations. This can cause the CPU and memory allocation rates to exceed the node scale-in threshold, potentially preventing nodes with low CPU and memory utilization from being scaled in.
                                                                                                                                                        
+
                                                                                                                                                        (Optional) Custom Scale-In Conditions
                                                                                                                                                        
+
                                                                                                                                                        You can configure scale-in conditions for each node pool. If the CPU and memory allocation rates of nodes in a node pool are lower than a certain percentage (50% by default) for a period of time (10 minutes by default), the node pool will be scaled in.
                                                                                                                                                        
+
                                                                                                                                                        Custom scale-in conditions are supported when the CCE Cluster Autoscaler add-on version is 1.25.181, 1.27.152, 1.28.120, 1.29.81, 1.30.48, 1.31.10, or later. If auto scaling is not enabled for all specifications in a node pool, custom scale-in conditions configured for the node pool do not take effect. For details about how to enable auto scaling for a node pool, see Configuring Node Pool Scaling Policies.
                                                                                                                                                        
+
                                                                                                                                                        Scale-in Exception Scenarios
                                                                                                                                                        
+
                                                                                                                                                        When a node meets the following exception scenarios, CCE will not scale in the node even if the node resources or status meets scale-in conditions:
                                                                                                                                                        • Resources on other nodes in the cluster are insufficient.
                                                                                                                                                        • Scale-in protection is enabled on the node. To enable or disable node scale-in protection, choose Nodes in the navigation pane and then click the Nodes tab. Locate the target node, choose More, and then enable or disable node scale-in protection in the Operation column.
                                                                                                                                                        • There is a pod with the non-scale label on the node.
                                                                                                                                                        • Policies such as reliability have been configured on some containers on the node.
                                                                                                                                                        • There are non-DaemonSet containers in the kube-system namespace on the node.
                                                                                                                                                        • (Optional) A container managed by a third-party pod controller is running on a node. Third-party pod controllers are for custom workloads except Kubernetes-native workloads such as Deployments and StatefulSets. Such controllers can be created using CustomResourceDefinitions.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        Node Scale-in Policy
+
                                                                                                                                                        
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0787.html b/docs/cce/umn/cce_10_0787.html
index 8c550f560..324fa2425 100644
--- a/docs/cce/umn/cce_10_0787.html
+++ b/docs/cce/umn/cce_10_0787.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                        Kubernetes
                                                                                                                                                        Typical native configuration items are provided. You can configure native community management components such as kube-apiserver and kube-controller for the best cloud native experience.
                                                                                                                                                        
 
                                                                                                                                                        API Server Configuration (kube-apiserver)
                                                                                                                                                        Container eviction configuration
                                                                                                                                                        
-
                                                                                                                                                        By default, the default tolerance time applies to all containers in a cluster. You can also configure different tolerance times for pods. In this case, your custom settings take effect.
                                                                                                                                                        
+
                                                                                                                                                        By default, the default tolerance time applies to all containers in a cluster. You can also configure different tolerance times for pods. In this case, your custom settings take effect. 
                                                                                                                                                        
 
                                                                                                                                                         
                                                                                                                                                        It is recommended that you properly configure the tolerance times for pods, or certain problems may occur.
                                                                                                                                                        
 
                                                                                                                                                        • If the parameter is set to a low value, containers may be moved frequently during brief fault scenarios like network jitter, which can impact services.
                                                                                                                                                        • If the parameter is set to a high value, containers may not be moved for a long period of time in the event of a node failure, which can impact services.
                                                                                                                                                        
 
                                                                                                                                                        
@@ -85,7 +85,7 @@
 
                                                                                                                                                        Table 2 Node scale-in policy configurations
                                                                                                                                                        Item
                                                                                                                                                        
+
                                                                                                                                                        Description
                                                                                                                                                        
+
                                                                                                                                                        Default Value
                                                                                                                                                        
+
                                                                                                                                                        Number of Concurrent Scale-In Requests
                                                                                                                                                        
+
                                                                                                                                                        Maximum number of idle nodes that can be deleted concurrently.
                                                                                                                                                        
 
                                                                                                                                                        Only idle nodes can be concurrently scaled in. Nodes that are not idle can only be scaled in one by one.
                                                                                                                                                        
 
                                                                                                                                                         NOTE: 
                                                                                                                                                        During a node scale-in, if the pods on the node do not need to be evicted (such as DaemonSet pods), the node is idle. Otherwise, the node is not idle.
                                                                                                                                                        
 
                                                                                                                                                        
 
                                                                                                                                                        10
                                                                                                                                                        
+
                                                                                                                                                        10
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Node Recheck Timeout
                                                                                                                                                        
+
                                                                                                                                                        Node Recheck Timeout
                                                                                                                                                        
 
                                                                                                                                                        Interval for rechecking a node that could not be removed
                                                                                                                                                        
+
                                                                                                                                                        Interval at which a node can be checked again after it is determined that the node cannot be scaled in
                                                                                                                                                        
 
                                                                                                                                                        5 minutes
                                                                                                                                                        
+
                                                                                                                                                        5 minutes
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Cooldown Time
                                                                                                                                                        
+
                                                                                                                                                        Cooldown Time
                                                                                                                                                        
 
                                                                                                                                                        Cooldown period for starting scale-in evaluation again after auto scale-in is triggered in a cluster
                                                                                                                                                        
+
                                                                                                                                                        Cooldown period for starting scale-in evaluation again after auto scale-in is triggered in a cluster
                                                                                                                                                        
 
                                                                                                                                                         NOTE: 
                                                                                                                                                        If both auto scale-out and scale-in exist in a cluster, set this parameter to 0 minutes. This prevents the node scale-in from being blocked due to continuous scale-out of some node pools or retries upon a scale-out failure, which results in unexpected waste of node resources.
                                                                                                                                                        
 
                                                                                                                                                        
 
                                                                                                                                                        10 minutes
                                                                                                                                                        
+
                                                                                                                                                        10 minutes
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Cooldown period for starting scale-in evaluation again after auto scale-out is triggered in a cluster
                                                                                                                                                        
+
                                                                                                                                                        Cooldown period for starting scale-in evaluation again after auto scale-out is triggered in a cluster
                                                                                                                                                        
 
                                                                                                                                                        10 minutes
                                                                                                                                                        
+
                                                                                                                                                        10 minutes
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Cooldown period for starting scale-in evaluation again after auto scale-in triggered in a cluster failed
                                                                                                                                                        
+
                                                                                                                                                        Cooldown period for starting scale-in evaluation again after auto scale-in triggered in a cluster failed
                                                                                                                                                        
 
                                                                                                                                                        3 minutes
                                                                                                                                                        
+
                                                                                                                                                        3 minutes
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        
                                                                                                                                                         
 
                                                                                                                                                        
 
                                                                                                                                                        
 
                                                                                                                                                        Service Account Token Volume Projection
                                                                                                                                                        
-
                                                                                                                                                        Kubelet can project a service account token into a pod. You can specify the desired properties of the token, such as the API audiences. The token will become invalid against the API when either the pod or the service account is deleted. For details, see the official document.
                                                                                                                                                         
                                                                                                                                                        This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions.
                                                                                                                                                        
+
                                                                                                                                                        Kubelet can project a service account token into a pod. You can specify the desired properties of the token, such as the API audiences. The token will become invalid against the API when either the pod or the service account is deleted. For details, see the official documentation.
                                                                                                                                                         
                                                                                                                                                        This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions.
                                                                                                                                                        
 
                                                                                                                                                        
 
 
                                                                                                                                                        
-
@@ -251,7 +251,7 @@
 
-
@@ -463,7 +463,7 @@
 
diff --git a/docs/cce/umn/cce_10_0788.html b/docs/cce/umn/cce_10_0788.html
index 0ec245b9f..b7e10287f 100644
--- a/docs/cce/umn/cce_10_0788.html
+++ b/docs/cce/umn/cce_10_0788.html
@@ -1,8 +1,7 @@
 
                                                                                                                                                        Heterogeneous Resources
                                                                                                                                                        
-
                                                                                                                                                        GPU Settings
                                                                                                                                                        
-
                                                                                                                                                        • Default Cluster Driver: specifies the default GPU driver version used by the GPU nodes in a cluster. To use a custom driver, enter the download link of the NVIDIA driver. For details, see Obtaining the Driver Link from Public Network.
                                                                                                                                                        • Node Pool Configurations: If you do not want all GPU nodes in a cluster to use the same driver, CCE allows you to install a different GPU driver for each node pool. After you customize a GPU driver for a node pool, nodes in the node pool will preferentially use the custom driver. Nodes for which no driver is specified will use the cluster's default driver.
                                                                                                                                                           
                                                                                                                                                          • The system installs the driver of the version specified for the node pool. The driver applies only to new nodes in the node pool.
                                                                                                                                                          • After the driver version is updated, it takes effect on the nodes newly added to the node pool. Existing nodes must restart to apply the changes.
                                                                                                                                                          
+
                                                                                                                                                          GPU Settings
                                                                                                                                                          • Default Cluster Driver: specifies the default GPU driver version used by the GPU nodes in a cluster. To use a custom driver, enter the download link of the NVIDIA driver. For details, see Obtaining the Driver Link from Public Network.
                                                                                                                                                          • Node Pool Configurations: If you do not want all GPU nodes in a cluster to use the same driver, CCE allows you to install a different GPU driver for each node pool. After you customize a GPU driver for a node pool, nodes in the node pool will preferentially use the custom driver. Nodes for which no driver is specified will use the cluster's default driver.
                                                                                                                                                             
                                                                                                                                                            • The system installs the driver of the version specified for the node pool. The driver applies only to new nodes in the node pool.
                                                                                                                                                            • After the driver version is updated, it takes effect on the nodes newly added to the node pool. Existing nodes must restart to apply the changes.
                                                                                                                                                            
 
                                                                                                                                                            
 
                                                                                                                                                          
 
                                                                                                                                                          
diff --git a/docs/cce/umn/cce_10_0789.html b/docs/cce/umn/cce_10_0789.html
index 00f6b9432..b39f01fdb 100644
--- a/docs/cce/umn/cce_10_0789.html
+++ b/docs/cce/umn/cce_10_0789.html
@@ -2,121 +2,302 @@
 
 
                                                                                                                                                          Load-aware Scheduling
                                                                                                                                                          
 
                                                                                                                                                          Volcano Scheduler offers CPU and memory load-aware scheduling for pods and preferentially schedules pods to the node with the lightest load to balance node loads. This prevents an application or node failure due to heavy loads on a single node.
                                                                                                                                                          
-
                                                                                                                                                          Prerequisites
                                                                                                                                                          
+
                                                                                                                                                          Prerequisites
                                                                                                                                                          
 
                                                                                                                                                          
-
                                                                                                                                                          Features
                                                                                                                                                          The native Kubernetes scheduler schedules resources only based on requested resources. However, the actual resource usage of a pod differs greatly from the requested or limited value of the requested resources, which is the cause of cluster load imbalance.
                                                                                                                                                          
+
                                                                                                                                                          Features
                                                                                                                                                          The Kubernetes native scheduler schedules resources only based on requested resources. However, the actual resource usage of a pod differs greatly from the requested or limited value of the requested resources, which is the cause of cluster load imbalance.
                                                                                                                                                          
 
                                                                                                                                                          1. The actual resource usage of certain nodes in a cluster is far lower than the resource allocation rate, but no more pods are scheduled onto the nodes, leading to resource waste.
                                                                                                                                                          2. The scheduler failed to detect that some nodes in the cluster are overloaded, which could significantly affect the stability of the service.
                                                                                                                                                          
 
                                                                                                                                                          Volcano resolves the preceding issues based on actual loads. If there are plenty of resources, pods are preferentially scheduled to nodes with the lightest load to balance the load on each node in the cluster.
                                                                                                                                                          
 
                                                                                                                                                          The status, workload traffic, and requests of a cluster change dynamically, and the resource usage of nodes changes in real time. To prevent extreme load imbalance in a cluster after pod scheduling, Volcano provides load-aware hotspot descheduling for the optimal load balancing of cluster nodes. For details about hotspot descheduling, see Descheduling.
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          How It Works
                                                                                                                                                          Load-aware scheduling is implemented using both Volcano and the CCE cloud native monitoring add-on (kube-prometheus-stack). After load-aware scheduling is enabled, metrics such as CPU and memory loads are defined by following Prometheus adapter rules. Then, the kube-prometheus-stack add-on collects and saves the actual CPU and memory loads of each node based on the defined metric rules. Volcano scores and sorts nodes based on the metric values provided by the kube-prometheus-stack add-on and preferentially schedules pods to the node with the lightest load.
                                                                                                                                                          
-
                                                                                                                                                          Load-aware scheduling scores each node using the weighted average of the CPU and memory metrics as well as the load-aware scheduling policy and preferentially selects the node with the highest score for scheduling. You can customize the weights of the CPU, memory, and load-aware scheduling policy on the Scheduling tab by choosing Settings in the navigation pane of the target cluster.
                                                                                                                                                          
-
                                                                                                                                                          The formula for scoring a node is as follows: Weight of the load-aware scheduling policy x [(1 - CPU usage) x CPU weight + (1 - Memory usage) x Memory weight]/(CPU weight + Memory weight)
                                                                                                                                                          
+
                                                                                                                                                          Load-aware scheduling scores each node using the weighted average of the CPU and memory metrics as well as the load-aware scheduling policy and preferentially selects the node with the highest score for scheduling. You can create custom weights for the CPU, memory, and load-aware scheduling policy on the Scheduling tab by choosing Settings in the navigation pane of the target cluster.
                                                                                                                                                          
+
                                                                                                                                                          The formula for scoring a node is as follows: Weight of the load-aware scheduling policy × [(1 - CPU usage) x CPU weight + (1 - Memory usage) × Memory weight]/(CPU weight + Memory weight)
                                                                                                                                                          
 
                                                                                                                                                          • CPU usage: average CPU usage of all nodes in the target cluster in the last 10 minutes (The collection frequency can be modified in the Prometheus adapter rule.)
                                                                                                                                                          • Memory usage: average memory usage of all nodes in the target cluster in the last 10 minutes
                                                                                                                                                          
 
                                                                                                                                                          
-
                                                                                                                                                          Configuring Load-aware Scheduling
                                                                                                                                                          1. Obtain resource metrics by calling the metrics API and add custom metric collection rules.
                                                                                                                                                            After the kube-prometheus-stack add-on is installed, enable the function of automatically obtaining resource metrics through the metrics API. For details, see Providing Resource Metrics Through the Metrics API.
                                                                                                                                                            
-
                                                                                                                                                            Add custom metric collection rules. For details, see Creating an HPA Policy Using Custom Metrics. In the following example rules, the rules in red are new ones and those in black are existing ones:
                                                                                                                                                            rules:
-  - seriesQuery: '{__name__=~"node_cpu_seconds_total"}'
-    resources:
-      overrides:
-        instance:
-          resource: node
-    name:
-      matches: node_cpu_seconds_total
-      as: node_cpu_usage_avg
-    metricsQuery: avg_over_time((1 - avg (irate(<<.Series>>{mode="idle"}[5m])) by (instance))[10m:30s])
-  - seriesQuery: '{__name__=~"node_memory_MemTotal_bytes"}'
-    resources:
-      overrides:
-        instance:
-          resource: node
-    name:
-      matches: node_memory_MemTotal_bytes
-      as: node_memory_usage_avg
-    metricsQuery: avg_over_time(((1-node_memory_MemAvailable_bytes/<<.Series>>))[10m:30s])
-resourceRules:
-  cpu:
-    containerQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="",pod!=""}[1m])) by (<<.GroupBy>>)
-    nodeQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>, id='/'}[1m])) by (<<.GroupBy>>)
-    resources:
-      overrides:
-        instance:
-          resource: node
-        namespace:
-          resource: namespace
-        pod:
-          resource: pod
-    containerLabel: container
-  memory:
-    containerQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!="",pod!=""}) by (<<.GroupBy>>)
-    nodeQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,id='/'}) by (<<.GroupBy>>)
-    resources:
-      overrides:
-        instance:
-          resource: node
-        namespace:
-          resource: namespace
-        pod:
-          resource: pod
-    containerLabel: container
-  window: 1m
                                                                                                                                                            
-
                                                                                                                                                            
+
                                                                                                                                                            Using Cloud Native Cluster Monitoring
                                                                                                                                                            1. After installing the Cloud Native Cluster Monitoring add-on, you need to enable Metrics API to provide container resource metrics such as CPU usage and memory usage.
                                                                                                                                                               
                                                                                                                                                              Resource metrics can be provided by Metrics API only when local data storage is enabled for the Cloud Native Cluster Monitoring add-on.
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              Check whether Metrics API has been enabled for the cluster. If it is enabled, you can skip this step.
                                                                                                                                                              
+
                                                                                                                                                              kubectl get APIServices | grep v1beta1.metrics.k8s.io
                                                                                                                                                              
+
                                                                                                                                                              If any command output is displayed, Metrics API is enabled. Skip this step and go to the next step to add metric collection rules.
                                                                                                                                                              
+
                                                                                                                                                              If no Metrics API is found, you can manually create an APIService object to enable it.
                                                                                                                                                              
+
                                                                                                                                                              1. Create a file named metrics-apiservice.yaml. Example file content:
                                                                                                                                                                apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+  labels:
+    app: custom-metrics-apiserver
+    release: cceaddon-prometheus
+  name: v1beta1.metrics.k8s.io
+spec:
+  group: metrics.k8s.io
+  groupPriorityMinimum: 100
+  insecureSkipTLSVerify: true
+  service:
+    name: custom-metrics-apiserver
+    namespace: monitoring
+    port: 443
+  version: v1beta1
+  versionPriority: 100
                                                                                                                                                                
+
                                                                                                                                                              2. Create an APIService object.
                                                                                                                                                                kubectl create -f metrics-apiservice.yaml
                                                                                                                                                                
+
                                                                                                                                                              3. Check whether Metrics API is enabled for the cluster.
                                                                                                                                                                kubectl get APIServices | grep v1beta1.metrics.k8s.io
                                                                                                                                                                
+
                                                                                                                                                                 
                                                                                                                                                                After Metrics API is enabled, if you need to uninstall the Cloud Native Cluster Monitoring add-on, run the following kubectl and delete the APIService object. Otherwise, the residual APIService resources will cause the Kubernetes Metrics Server add-on to fail to be installed.
                                                                                                                                                                
+
                                                                                                                                                                kubectl delete APIService v1beta1.metrics.k8s.io
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                              
+
                                                                                                                                                            2. Add collection rules for custom metrics.
                                                                                                                                                              1. Modify the user-adapter-config configuration item.
                                                                                                                                                                kubectl edit configmap user-adapter-config -n monitoring
                                                                                                                                                                
+
                                                                                                                                                              2. Add collection rules to the rules field.
                                                                                                                                                                In the following example rules, the rules in red are new ones and those in black are existing ones:
                                                                                                                                                                ...
+data:
+  config.yaml: >
+    rules:
+    - seriesQuery: '{__name__=~"node_cpu_seconds_total"}'
+      resources:
+        overrides:
+          instance:
+            resource: node
+      name:
+        matches: node_cpu_seconds_total
+        as: node_cpu_usage_avg
+      metricsQuery: avg_over_time((1 - avg (irate(<<.Series>>{mode="idle"}[5m])) by (instance))[10m:30s])
+    - seriesQuery: '{__name__=~"node_memory_MemTotal_bytes"}'
+      resources:
+        overrides:
+          instance:
+            resource: node
+      name:
+        matches: node_memory_MemTotal_bytes
+        as: node_memory_usage_avg
+      metricsQuery: avg_over_time(((1-node_memory_MemAvailable_bytes/<<.Series>>))[10m:30s])
+    resourceRules:
+      cpu:
+        containerQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="",pod!=""}[1m])) by (<<.GroupBy>>)
+        nodeQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>, id='/'}[1m])) by (<<.GroupBy>>)
+        resources:
+          overrides:
+            instance:
+              resource: node
+            namespace:
+              resource: namespace
+            pod:
+              resource: pod
+        containerLabel: container
+      memory:
+        containerQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!="",pod!=""}) by (<<.GroupBy>>)
+        nodeQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,id='/'}) by (<<.GroupBy>>)
+        resources:
+          overrides:
+            instance:
+              resource: node
+            namespace:
+              resource: namespace
+            pod:
+              resource: pod
+        containerLabel: container
+      window: 1m
+...
                                                                                                                                                                
 
                                                                                                                                                                • Rules for collecting the average CPU usage
                                                                                                                                                                  • node_cpu_usage_avg: average CPU usage of nodes. The name of this metric cannot be changed.
                                                                                                                                                                  • metricsQuery: avg_over_time((1 - avg (irate(<<.Series>>{mode="idle"}[5m])) by (instance))[10m:30s]): statement for obtaining nodes' average CPU usage.
                                                                                                                                                                    metricsQuery indicates to obtain the average CPU usage of all nodes in the target cluster in the last 10 minutes. To change the period, for example, to the last 5 or 30 minutes, change 10m in red to 5m or 30m.
                                                                                                                                                                    
 
                                                                                                                                                                  
 
                                                                                                                                                                • Rules for collecting the average memory usage
                                                                                                                                                                  • node_memory_usage_avg: average memory usage of nodes. The name of this metric cannot be changed.
                                                                                                                                                                  • metricsQuery: avg_over_time(((1-node_memory_MemAvailable_bytes/<<.Series>>))[10m:30s]): statement for obtaining nodes' average memory usage.
                                                                                                                                                                    metricsQuery indicates to obtain the average memory usage of all nodes in the target cluster in the last 10 minutes. To change the period, for example, to the last 5 or 30 minutes, change 10m in red to 5m or 30m.
                                                                                                                                                                    
 
                                                                                                                                                                  
 
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                              3. Redeploy the custom-metrics-apiserver workload in the monitoring namespace.
                                                                                                                                                                kubectl rollout restart deployment custom-metrics-apiserver -n monitoring
                                                                                                                                                                
+
                                                                                                                                                              4. Verify that the custom rules are configured successfully.
                                                                                                                                                                1. Run the following command. If the custom metric information is returned, the metric collection configuration on Prometheus is successful.
                                                                                                                                                                  kubectl get --raw=/apis/custom.metrics.k8s.io/v1beta1
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                2. Query information about nodes in the cluster.
                                                                                                                                                                  kubectl get nodes 
                                                                                                                                                                  
+
                                                                                                                                                                  Run the following command on any node. Replace xxxx with the obtained value of node_name. If you want to query the resource information of all nodes, replace xxxx with an asterisk (*).
                                                                                                                                                                  
+
                                                                                                                                                                  kubectl get --raw=/apis/custom.metrics.k8s.io/v1beta1/nodes/xxxx/node_cpu_usage_avg
                                                                                                                                                                  
+
                                                                                                                                                                  Information similar to the following is displayed.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                
+
                                                                                                                                                              
 
                                                                                                                                                            3. Enable load-aware scheduling.
                                                                                                                                                              After Volcano is installed, you can enable or disable load-aware scheduling on the Scheduling page by choose Settings in the navigation pane. This function is disabled by default.
                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                              2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Scheduling tab.
                                                                                                                                                              3. In the Resource utilization optimization scheduling area, modify the load-aware scheduling settings.
                                                                                                                                                                 
                                                                                                                                                                For optimal load-aware scheduling, disable bin packing because this policy preferentially schedules pods to the node with the maximal resources allocated based on pods' requested resources. This affects load-aware scheduling to some extent. For details about the combination of multiple policies, see Configuration Cases for Resource Usage-based Scheduling.
                                                                                                                                                                
 
                                                                                                                                                                
 
-
                                                                                                                                                        Table 3 Parameters
                                                                                                                                                        Item
                                                                                                                                                        
@@ -215,7 +215,7 @@
 
                                                                                                                                                        Default: 5
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Number of CronJob objects allowed to sync simultaneously
                                                                                                                                                        
+
                                                                                                                                                        CronJob
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        concurrent-cron-job-syncs
                                                                                                                                                        
 
                                                                                                                                                        Default: 5
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Concurrent processing number of service
                                                                                                                                                        
+
                                                                                                                                                        Service
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        concurrent-service-syncs
                                                                                                                                                        
                                                                                                                                                         		
 
 
                                                                                                                                                        Default: 1000
                                                                                                                                                        
-
                                                                                                                                                        Value range: 10 to 12500
                                                                                                                                                        
+
                                                                                                                                                        Value range: 0 to 100000
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        
 
 
 
                                                                                                                                                        
-
@@ -57,7 +61,7 @@ spec:
 
-
-
@@ -54,7 +56,7 @@
 
                                                                                                                                                      6. Click OK.
                                                                                                                                                        7. 
-
                                                                                                                                                        Using kubectl to Configure a Blocklist/Trustlist Access Policy
                                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                          vi ingress-test.yaml
                                                                                                                                                          
+
                                                                                                                                                          Using kubectl to Configure a Blocklist/Trustlist Access Policy
                                                                                                                                                          1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                          2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                            vi ingress-test.yaml
                                                                                                                                                            
 
                                                                                                                                                            An example YAML file of an ingress created using an existing load balancer is as follows:
                                                                                                                                                            apiVersion: networking.k8s.io/v1
 kind: Ingress 
 metadata: 
@@ -95,7 +97,9 @@ spec:
 
 
                                                                                                                                                        
-
@@ -105,7 +109,7 @@ spec:
 
                                                                                                                                                        Parameter
                                                                                                                                                        
+
                                                                                                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
                                                                                                                                                        Parameter
                                                                                                                                                        
 
                                                                                                                                                        Description
                                                                                                                                                        
+
                                                                                                                                                        Description
                                                                                                                                                        
 
                                                                                                                                                        Default Value
                                                                                                                                                        
+
                                                                                                                                                        Default Value
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        
 
                                                                                                                                                        Load-Aware Scheduling Policy Weight
                                                                                                                                                        
+
                                                                                                                                                        Load-Aware Scheduling Policy Weight
                                                                                                                                                        
 
                                                                                                                                                        A larger value indicates a higher weight of the load-aware policy in overall scheduling.
                                                                                                                                                        
+
                                                                                                                                                        A larger value indicates a higher weight of the load-aware policy in overall scheduling.
                                                                                                                                                        
 
                                                                                                                                                        5
                                                                                                                                                        
+
                                                                                                                                                        5
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        CPU Weight
                                                                                                                                                        
+
                                                                                                                                                        CPU Weight
                                                                                                                                                        
 
                                                                                                                                                        A larger value indicates CPU resources will be preferentially balanced.
                                                                                                                                                        
+
                                                                                                                                                        A larger value indicates CPU resources will be preferentially balanced.
                                                                                                                                                        
 
                                                                                                                                                        1
                                                                                                                                                        
+
                                                                                                                                                        1
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Memory Weight
                                                                                                                                                        
+
                                                                                                                                                        Memory Weight
                                                                                                                                                        
 
                                                                                                                                                        A larger value indicates memory resources will be preferentially balanced.
                                                                                                                                                        
+
                                                                                                                                                        A larger value indicates memory resources will be preferentially balanced.
                                                                                                                                                        
 
                                                                                                                                                        1
                                                                                                                                                        
+
                                                                                                                                                        1
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Actual load threshold effective mode
                                                                                                                                                        
+
                                                                                                                                                        Actual load threshold effective mode
                                                                                                                                                        
 
                                                                                                                                                        • Soft constraint: When the actual CPU or memory load of a node reaches the threshold, new tasks will be preferentially allocated to underutilized nodes, but this node can still be scheduled.
                                                                                                                                                        • Hard constraint: When the actual CPU or memory load of a node reaches the threshold, no new tasks can be scheduled to this node.
                                                                                                                                                        
+
                                                                                                                                                        • Soft constraint: When the actual CPU or memory load of a node reaches the threshold, new tasks will be preferentially allocated to underutilized nodes, but this node can still be scheduled.
                                                                                                                                                        • Hard constraint: When the actual CPU or memory load of a node reaches the threshold, no new tasks can be scheduled to this node.
                                                                                                                                                        
 
                                                                                                                                                        Hard constraint
                                                                                                                                                        
+
                                                                                                                                                        Hard constraint
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Actual CPU Load Threshold
                                                                                                                                                        
+
                                                                                                                                                        Actual CPU Load Threshold
                                                                                                                                                        
 
                                                                                                                                                        When a node's CPU usage goes beyond this threshold, pods will be preferentially or forcibly scheduled to other nodes based on how the load threshold takes effect.
                                                                                                                                                        
+
                                                                                                                                                        When a node's CPU usage goes beyond this threshold, workloads will be scheduled based on how the load threshold takes effect. New workloads will be preferentially or forcibly scheduled to other nodes. Existing workloads on the nodes are not affected.
                                                                                                                                                        
 
                                                                                                                                                        80
                                                                                                                                                        
+
                                                                                                                                                        80
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Actual Memory Load Threshold
                                                                                                                                                        
+
                                                                                                                                                        Actual Memory Load Threshold
                                                                                                                                                        
 
                                                                                                                                                        When a node's memory usage goes beyond this threshold, pods will be preferentially or forcibly scheduled to other nodes based on how the load threshold takes effect.
                                                                                                                                                        
+
                                                                                                                                                        When a node's memory usage goes beyond this threshold, workloads will be scheduled based on how the load threshold takes effect. New workloads will be preferentially or forcibly scheduled to other nodes. Existing workloads on the nodes are not affected.
                                                                                                                                                        
 
                                                                                                                                                        80
                                                                                                                                                        
+
                                                                                                                                                        80
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
+
+
                                                                                                                                                        
+
+
                                                                                                                                                        Using Self-Built Prometheus to Configure Load-aware Scheduling
                                                                                                                                                        1. Install prometheus-adapter in the cluster.
                                                                                                                                                          1. Run the following commands to install prometheus-adapter:
                                                                                                                                                            git clone https://github.com/kubernetes-sigs/prometheus-adapter.git
+cd prometheus-adapter/deploy/manifests
+kubectl apply -f .
                                                                                                                                                            
+
                                                                                                                                                          2. Modify the configuration for prometheus-adapter to connect to prometheus-server.
                                                                                                                                                            kubectl edit deployment prometheus-adapter -n monitoring
                                                                                                                                                            
+
                                                                                                                                                            Change the value of prometheus-url as follows:
                                                                                                                                                            
+
                                                                                                                                                            • Change HTTPS to HTTP.
                                                                                                                                                            • Change the default domain name to the IP address and port of Prometheus Service. You can run the kubectl get service -n monitoring command to query the IP address and port.
                                                                                                                                                            
+
                                                                                                                                                            ...
+      containers:
+        - name: prometheus-adapter
+          image: registry.k8s.io/prometheus-adapter/prometheus-adapter:v0.12.0
+          args:
+            - --cert-dir=/var/run/serving-cert
+            - --config=/etc/adapter/config.yaml
+            - --prometheus-url=http://10.21.72.124:9090/
+            - --secure-port=6443
+            - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
+...
                                                                                                                                                            
+
                                                                                                                                                          3. Verify that the native node_cpu_seconds_total and node_memory_MemAvailable_bytes metrics can be obtained on Prometheus.
                                                                                                                                                            
+
                                                                                                                                                          
+
                                                                                                                                                        2. Enable Custom Metrics API to provide container resource metrics.
                                                                                                                                                          Check whether Custom Metrics API has been enabled for the cluster. If it is enabled, you can skip this step.
                                                                                                                                                          
+
                                                                                                                                                          kubectl get APIServices | grep v1beta1.custom.metrics.k8s.io
                                                                                                                                                          
+
                                                                                                                                                          If any command output is displayed, Custom Metrics API has been enabled. If no command output is displayed, perform the following operations to register the APIService object. (Note that the Service name and namespace must be consistent with those in the actual installation environment.) The following uses the default values of kube-prometheus.
                                                                                                                                                          
+
                                                                                                                                                          1. Create a file named custom-metrics-apiservice.yaml. Example file content:
                                                                                                                                                            apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+  labels:
+    app.kubernetes.io/component: metrics
+    app.kubernetes.io/name: prometheus-adapter
+    app.kubernetes.io/part-of: prometheus-adapter
+  name: v1beta1.custom.metrics.k8s.io
+spec:
+  group: custom.metrics.k8s.io
+  groupPriorityMinimum: 100
+  insecureSkipTLSVerify: true
+  service:
+    name: prometheus-adapter
+    namespace: monitoring
+    port: 443
+  version: v1beta1
+  versionPriority: 100
                                                                                                                                                            
+
                                                                                                                                                          2. Create an APIService object.
                                                                                                                                                            kubectl create -f custom-metrics-apiservice.yaml
                                                                                                                                                            
+
                                                                                                                                                          3. Check whether Custom Metrics API is enabled for the cluster.
                                                                                                                                                            kubectl get APIServices | grep v1beta1.custom.metrics.k8s.io
                                                                                                                                                            
+
                                                                                                                                                          
+
                                                                                                                                                        3. Add collection rules for custom metrics.
                                                                                                                                                          1. Modify the adapter-config configuration item.
                                                                                                                                                            kubectl edit configmap adapter-config -n monitoring
                                                                                                                                                            
+
                                                                                                                                                          2. Add collection rules to the rules field.
                                                                                                                                                            Example collection rules:
                                                                                                                                                            ...
+data:
+  config.yaml: >
+    rules:
+    - seriesQuery: '{__name__=~"node_cpu_seconds_total"}'
+      resources:
+        overrides:
+          instance:
+            resource: node
+      name:
+        matches: node_cpu_seconds_total
+        as: node_cpu_usage_avg
+      metricsQuery: avg_over_time((1 - avg (irate(<<.Series>>{mode="idle"}[5m])) by (instance))[10m:30s])
+    - seriesQuery: '{__name__=~"node_memory_MemTotal_bytes"}'
+      resources:
+        overrides:
+          instance:
+            resource: node
+      name:
+        matches: node_memory_MemTotal_bytes
+        as: node_memory_usage_avg
+      metricsQuery: avg_over_time(((1-node_memory_MemAvailable_bytes/<<.Series>>))[10m:30s])
+...
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                          3. Redeploy the prometheus-adapter workload in the monitoring namespace.
                                                                                                                                                            kubectl rollout restart deployment prometheus-adapter -n monitoring
                                                                                                                                                            
+
                                                                                                                                                          4. Verify that the custom rules are configured successfully.
                                                                                                                                                            1. Run the following command. If the custom metric information is returned, the metric collection configuration on Prometheus is successful.
                                                                                                                                                              kubectl get --raw=/apis/custom.metrics.k8s.io/v1beta1
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                            2. Query information about nodes in the cluster.
                                                                                                                                                              kubectl get nodes 
                                                                                                                                                              
+
                                                                                                                                                              Run the following command on any node. Replace xxxx with the obtained value of node_name. If you want to query the resource information of all nodes, replace xxxx with an asterisk (*).
                                                                                                                                                              
+
                                                                                                                                                              kubectl get --raw=/apis/custom.metrics.k8s.io/v1beta1/nodes/xxxx/node_cpu_usage_avg
                                                                                                                                                              
+
                                                                                                                                                              Information similar to the following is displayed.
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                            
+
                                                                                                                                                          
+
                                                                                                                                                        4. Enable load-aware scheduling.
                                                                                                                                                          After Volcano is installed, you can enable or disable load-aware scheduling on the Scheduling page by choose Settings in the navigation pane. This function is disabled by default.
                                                                                                                                                          1. Log in to the CCE console.
                                                                                                                                                          2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Scheduling tab.
                                                                                                                                                          3. In the Resource utilization optimization scheduling area, modify the load-aware scheduling settings.
                                                                                                                                                             
                                                                                                                                                            For optimal load-aware scheduling, disable bin packing because this policy preferentially schedules pods to the node with the maximal resources allocated based on pods' requested resources. This affects load-aware scheduling to some extent. For details about the combination of multiple policies, see Configuration Cases for Resource Usage-based Scheduling.
                                                                                                                                                            
+
                                                                                                                                                            
+
+
                                                                                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/docs/cce/umn/cce_10_0792.html b/docs/cce/umn/cce_10_0792.html
new file mode 100644
index 000000000..1ea018446
--- /dev/null
+++ b/docs/cce/umn/cce_10_0792.html
@@ -0,0 +1,53 @@
+
+
+
                                                                                                                                                            Collecting Audit Logs
                                                                                                                                                            
+
                                                                                                                                                            CCE allows you to collect the logs of master nodes. On the Kubernetes Audit Logs tab of Logging, you can determine whether to report audit logs to LTS.
                                                                                                                                                            
+
                                                                                                                                                            Constraints
                                                                                                                                                            • The cluster version must be v1.21.7-r0 or later, v1.23.5-r0 or later, or 1.25.
                                                                                                                                                            • There is required LTS resource quota.
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            Audit Logs
                                                                                                                                                            
+
                                                                                                                                                            Parameter
                                                                                                                                                            
+
                                                                                                                                                            Description
                                                                                                                                                            
+
                                                                                                                                                            Default Value
                                                                                                                                                            
+
                                                                                                                                                            Load-Aware Scheduling Policy Weight
                                                                                                                                                            
+
                                                                                                                                                            A larger value indicates a higher weight of the load-aware policy in overall scheduling.
                                                                                                                                                            
+
                                                                                                                                                            5
                                                                                                                                                            
+
                                                                                                                                                            CPU Weight
                                                                                                                                                            
+
                                                                                                                                                            A larger value indicates CPU resources will be preferentially balanced.
                                                                                                                                                            
+
                                                                                                                                                            1
                                                                                                                                                            
+
                                                                                                                                                            Memory Weight
                                                                                                                                                            
+
                                                                                                                                                            A larger value indicates memory resources will be preferentially balanced.
                                                                                                                                                            
+
                                                                                                                                                            1
                                                                                                                                                            
+
                                                                                                                                                            Actual load threshold effective mode
                                                                                                                                                            
+
                                                                                                                                                            • Soft constraint: When the actual CPU or memory load of a node reaches the threshold, new tasks will be preferentially allocated to underutilized nodes, but this node can still be scheduled.
                                                                                                                                                            • Hard constraint: When the actual CPU or memory load of a node reaches the threshold, no new tasks can be scheduled to this node.
                                                                                                                                                            
+
                                                                                                                                                            Hard constraint
                                                                                                                                                            
+
                                                                                                                                                            Actual CPU Load Threshold
                                                                                                                                                            
+
                                                                                                                                                            When a node's CPU usage goes beyond this threshold, workloads will be scheduled based on how the load threshold takes effect. New workloads will be preferentially or forcibly scheduled to other nodes. Existing workloads on the nodes are not affected.
                                                                                                                                                            
+
                                                                                                                                                            80
                                                                                                                                                            
+
                                                                                                                                                            Actual Memory Load Threshold
                                                                                                                                                            
+
                                                                                                                                                            When a node's memory usage goes beyond this threshold, workloads will be scheduled based on how the load threshold takes effect. New workloads will be preferentially or forcibly scheduled to other nodes. Existing workloads on the nodes are not affected.
                                                                                                                                                            
+
                                                                                                                                                            80
                                                                                                                                                            
                                                                                                                                                             		
 
                                                                                                                                                            
 
                                                                                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                            Table 1 Audit logs
                                                                                                                                                            Log Type
                                                                                                                                                            
+
                                                                                                                                                            Component
                                                                                                                                                            
+
                                                                                                                                                            Log Stream
                                                                                                                                                            
+
                                                                                                                                                            Description
                                                                                                                                                            
+
                                                                                                                                                            Kubernetes audit logs
                                                                                                                                                            
+
                                                                                                                                                            audit
                                                                                                                                                            
+
                                                                                                                                                            audit-{{clusterID}}
                                                                                                                                                            
+
                                                                                                                                                            An audit log is a chronological record of user operations on Kubernetes APIs and control plane activities for security.
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                          
+
                                                                                                                                                          Enabling Kubernetes Audit Logging
                                                                                                                                                          Enabling audit logging during cluster creation
                                                                                                                                                          
+
                                                                                                                                                          1. Log in to the CCE console.
                                                                                                                                                          2. In the upper right corner, click Create Cluster. Then, configure the parameters and click Next: Select Add-on.
                                                                                                                                                          3. On the displayed page, select Cloud Native Log Collection and click Next: Add-on Configuration.
                                                                                                                                                          4. On the displayed page, select Kubernetes Audit Logs for Cloud Native Log Collection.
                                                                                                                                                            
+
                                                                                                                                                          5. Click Next: Confirm configuration.
                                                                                                                                                          
+
                                                                                                                                                          Enabling audit logging for an existing cluster
                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Logging.
                                                                                                                                                          2. Click the Kubernetes Audit Logs tab and modify the settings in Logging Settings.
                                                                                                                                                            Figure 1 Enabling audit logging for an existing cluster
                                                                                                                                                            
+
                                                                                                                                                          3. Determine whether to enable logging for the audit component. If yes, click .
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          Viewing Kubernetes Audit Logs
                                                                                                                                                          Viewing Kubernetes audit logs on the CCE console
                                                                                                                                                          
+
                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Logging.
                                                                                                                                                          2. Click the Kubernetes Audit Logs tab to view audit logs in the cluster. For details about related operations, see Log Tank Service User Guide.
                                                                                                                                                          
+
                                                                                                                                                          Viewing Kubernetes audit logs on the TLS console
                                                                                                                                                          
+
                                                                                                                                                          1. Log in to the LTS console and choose Log Management.
                                                                                                                                                          2. Search for the log group by cluster ID and click the log group name to view the log streams. For details, see Log Tank Service User Guide.
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          Disabling Kubernetes Audit Logging
                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Logging.
                                                                                                                                                          2. Click the Kubernetes Audit Logs tab.
                                                                                                                                                          3. Disable the audit component and click .
                                                                                                                                                             
                                                                                                                                                            After you disable audit logging, logs are no longer written to the original log stream, but the existing logs will not be deleted and expenditures may be incurred for this.
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        Parent topic: Logging
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0793.html b/docs/cce/umn/cce_10_0793.html
new file mode 100644
index 000000000..a280450e6
--- /dev/null
+++ b/docs/cce/umn/cce_10_0793.html
@@ -0,0 +1,57 @@
+
+
+
                                                                                                                                                        Collecting Kubernetes Events
                                                                                                                                                        
+
                                                                                                                                                        The Cloud Native Log Collection add-on works with LTS to collect and store Kubernetes events and works with AOM to generate alarms.
                                                                                                                                                        
+
                                                                                                                                                        Reporting Kubernetes Events to LTS
                                                                                                                                                        To enable Kubernetes event collection, take the following steps.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        Logging Has Been Enabled for a Cluster
                                                                                                                                                        If logging has been enabled for a cluster but Kubernetes event collection has not been enabled, or the corresponding log collection policy has been deleted, you can manually create a log collection policy by taking the following steps:
                                                                                                                                                        
+
                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Logging.
                                                                                                                                                        2. In the upper right corner, click View Log Collection Policies.
                                                                                                                                                          
+
                                                                                                                                                          All log collection policies are displayed.
                                                                                                                                                          
+
                                                                                                                                                        3. Click Create Log Collection Policy. Then, select Kubernetes events and click OK.
                                                                                                                                                          
+
                                                                                                                                                        4. (After the creation is complete, you can view logs on the Logging page.) Select the log stream configured in the log collection policy to view the events reported to LTS.
                                                                                                                                                          
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        Reporting Kubernetes Events to AOM
                                                                                                                                                        In 1.3.2 and later versions, the Cloud Native Log Collection add-on reports all warning events and some normal events to AOM by default. The reported events can be used to configure alarms. If the cluster version is 1.19.16, 1.21.11, 1.23.9, 1.25.4, or later, after the Cloud Native Log Collection add-on is installed, events will be reported to AOM by this add-on instead of the control plane component. After this add-on is uninstalled, events will not be reported to AOM.
                                                                                                                                                        
+
                                                                                                                                                        Custom Event Reporting
                                                                                                                                                        
+
                                                                                                                                                        If the reported events cannot meet requirements, you can modify the settings for the events.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        Using kubectl
                                                                                                                                                        1. Run the following command on the cluster to modify the event collection settings:
                                                                                                                                                          kubectl edit logconfig -n kube-system default-event-aom
                                                                                                                                                          
+
                                                                                                                                                        2. Modify the event collection settings as required.
                                                                                                                                                          apiVersion: logging.openvessel.io/v1
+kind: LogConfig
+metadata:
+  annotations:
+    helm.sh/resource-policy: keep
+  name: default-event-aom
+  namespace: kube-system
+spec:
+  inputDetail:    # Settings on CCE from which events are collected
+    type: event    # Type of logs to be collected from CCE. Do not change the value.
+    event:
+      normalEvents:    # Used to configure normal events
+        enable: true    # Whether to enable normal event collection
+        includeNames:    # Names of events to be collected. If this parameter is not specified, all events will be collected.
+        - NotTriggerScaleUp
+        excludeNames:    # Names of events that are not collected. If this parameter is not specified, all events will be collected.
+        - ScaleDown
+      warningEvents:    # Used to configure warning events
+        enable: true    # Whether to enable warning event collection
+        includeNames:    # Names of events to be collected. If this parameter is not specified, all events will be collected.
+        - NotTriggerScaleUp
+        excludeNames:    # Names of events that are not collected. If this parameter is not specified, all events will be collected.
+        - ScaleDown
+  outputDetail:
+    type: AOM    # Type of the system that receives the events. Do not change the value.
+    AOM:
+      events:
+      - name: DeleteNodeWithNoServer    # Event name. This parameter is mandatory.
+        resourceType: Namespace    # Type of the resource that operations are performed on.
+        severity: Major    # Event severity after an event is reported to AOM, which can be Critical, Major, Minor, or Info. The default value is Major.
                                                                                                                                                          
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        Parent topic: Logging
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0799.html b/docs/cce/umn/cce_10_0799.html
new file mode 100644
index 000000000..bae2a588d
--- /dev/null
+++ b/docs/cce/umn/cce_10_0799.html
@@ -0,0 +1,15 @@
+
+
+
                                                                                                                                                        O&M FAQ
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
+
+
                                                                                                                                                        
+
                                                                                                                                                        Parent topic: O&M
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0809.html b/docs/cce/umn/cce_10_0809.html
new file mode 100644
index 000000000..44d104cd9
--- /dev/null
+++ b/docs/cce/umn/cce_10_0809.html
@@ -0,0 +1,79 @@
+
+
+
                                                                                                                                                        Logging FAQ
                                                                                                                                                        
+
                                                                                                                                                        Indexes
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        How Do I Disable Logging?
                                                                                                                                                        Disabling container log and Kubernetes event collection
                                                                                                                                                        
+
                                                                                                                                                        Method 1: Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Logging. In the upper right corner, click View Log Collection Policies. Then, locate and delete the corresponding log collection policy. 
                                                                                                                                                        
+
                                                                                                                                                        Method 2: Access the Add-ons page and uninstall the Cloud Native Log Collection add-on. Note that after you uninstall this add-on, it will no longer report Kubernetes events to AOM.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        Disabling log collection for control plane components
                                                                                                                                                        
+
                                                                                                                                                        Choose Logging > Control Plane Logs and deselect one or more components whose logs do not need to be collected.
                                                                                                                                                        
+
                                                                                                                                                        Disabling Kubernetes audit log collection
                                                                                                                                                        
+
                                                                                                                                                        Choose Logging > Kubernetes Audit Logs and deselect the component whose logs do not need to be collected.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        What Can I Do If All Components Except log-operator Are Not Ready?
                                                                                                                                                        Symptom: All components except log-operator are not ready, and the volume failed to be mounted to the node.
                                                                                                                                                        
+
                                                                                                                                                        Solution: Check the logs of log-operator. During add-on installation, the configuration files required by other components are generated by log-operator. If the configuration files are invalid, all components cannot be started.
                                                                                                                                                        
+
                                                                                                                                                        The log information is as follows:
                                                                                                                                                        
+
                                                                                                                                                        MountVolume.SetUp failed for volume "otel-collector-config-vol":configmap "log-agent-otel-collector-config" not found
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        How Do I Handle the Error in Stdout Logs of log-operator?
                                                                                                                                                        Symptom:
                                                                                                                                                        
+
                                                                                                                                                        2023/05/05 12:17:20.799 [E] call 3 times failed, reason: create group failed, projectID: xxx, groupName: k8s-log-xxx, err: create groups status code: 400, response: {"error_code":"LTS.0104","error_msg":"Failed to create log group, the number of log groups exceeds the quota"}, url: https://lts.***.com/v2/xxx/groups, process will retry after 45s
                                                                                                                                                        
+
                                                                                                                                                        Solution: On the LTS console, delete unnecessary log groups. 
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        What Can I Do If Container File Logs Cannot Be Collected When Docker Is Used as the Container Engine?
                                                                                                                                                        Symptom:
                                                                                                                                                        
+
                                                                                                                                                        A container file path is configured but is not mounted to the container, and Docker is used as the container engine. As a result, logs cannot be collected.
                                                                                                                                                        
+
                                                                                                                                                        Solution:
                                                                                                                                                        
+
                                                                                                                                                        Check whether Device Mapper is used for the node where the workload resides. Device Mapper does not support text log collection. (This restriction is displayed when you create a log collection policy.) To check this, perform the following operations:
                                                                                                                                                        
+
                                                                                                                                                        1. Go to the node where the workload resides.
                                                                                                                                                        2. Run the docker info | grep "Storage Driver" command.
                                                                                                                                                        3. If the value of Storage Driver is Device Mapper, text logs cannot be collected.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        What Can I Do If Container File Logs Cannot Be Collected Due to the Wildcard in the Collection Directory?
                                                                                                                                                        Troubleshooting: Check the volume mounting status in the workload configuration. If a volume is attached to the data directory of a service container, this add-on cannot collect data from the parent directory. In this case, you need to set the collection directory to a complete data directory. For example, if the data volume is attached to the /var/log/service directory, logs cannot be collected from the /var/log or /var/log/* directory. In this case, you need to set the collection directory to /var/log/service.
                                                                                                                                                        
+
                                                                                                                                                        Solution: If the log generation directory is /application/logs/{Application name}/*.log, attach the data volume to the /application/logs directory and set the collection directory in the log collection policy to /application/logs/*/*.log.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        What Can I Do If fluent-bit Pod Keeps Restarting?
                                                                                                                                                        Troubleshooting: Run the kubectl describe pod command. The output shows that the pod was restarted due to OOM. There are a large number of evicted pods on the node where the fluent-bit resides. As a result, resources are occupied, causing OOM.
                                                                                                                                                        
+
                                                                                                                                                        Solution: Delete the evicted pods from the node.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        What Can I Do If Job Logs Cannot Be Collected?
                                                                                                                                                        Troubleshooting: Check the job lifetime. If the job lifetime is less than 1 minute, the pod will be destroyed before logs are collected. In this case, logs cannot be collected.
                                                                                                                                                        
+
                                                                                                                                                        Solution: Prolong the job lifetime.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        What Can I Do If the Cloud Native Log Collection Add-on is Running Normally but Some Log Collection Policies Do Not Take Effect?
                                                                                                                                                        Solution:
                                                                                                                                                        
+
                                                                                                                                                        • If the log collection policy of the event type does not take effect or the add-on version is earlier than 1.5.0, check the stdout of the log-agent-otel-collector workload.
                                                                                                                                                          Go to the Add-ons page and click Cloud Native Log Collection. Then, click the Pods tab, locate log-agent-otel-collector, and choose More > View Log in the Operation column.
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                        • If the log collection policy of the other type does not take effect and the add-on version is later than 1.5.0, check the log of log-agent-fluent-bit on the node where the container to be monitored is running.
                                                                                                                                                          Go to the Add-ons page and click Cloud Native Log Collection. Then, click the Pods tab, locate log-agent-fluent-bit, and choose More > View Log in the Operation column.
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          Select the fluent-bit container, search for the keyword "fail to push {event/log} data via lts exporter" in the log, and view the error message.
                                                                                                                                                          
+
                                                                                                                                                          1. If the error message "The log streamId does not exist." is displayed, the log group or log stream does not exist. In this case, choose Logging > View Log Collection Policies, edit or delete the log collection policy, and recreate a log collection policy to update the log group or log stream.
                                                                                                                                                          2. For other errors, go to LTS to search for the error code and view the cause. 
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        What Can I Do If Some Pod Information Is Missing During Log Collection Due to Excessive Node Load?
                                                                                                                                                        When the Cloud Native Log Collection add-on version is later than 1.5.0, some pod information, such as the pod ID and name, is missing from container file logs or stdout logs.
                                                                                                                                                        
+
                                                                                                                                                        Troubleshooting:
                                                                                                                                                        
+
                                                                                                                                                        Go to the Add-ons page and click Cloud Native Log Collection. Then, click the Pods tab, locate log-agent-fluent-bit, and choose More > View Log in the Operation column.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        Select the fluent-bit container and search for the keyword "cannot increase buffer: current=512000 requested=*** max=512000" in the log.
                                                                                                                                                        
+
                                                                                                                                                        Solution:
                                                                                                                                                        
+
                                                                                                                                                        Run the kubectl edit deploy -n monitoring log-agent-log-operator command on the node and add --kubernetes-buffer-size=20MB to the command lines of the log-operator container. The default value is 16MB. You can estimate the value based on the total size of pod information on the node. 0 indicates no limits.
                                                                                                                                                        
+
                                                                                                                                                         
                                                                                                                                                        If the Cloud Native Log Collection add-on is upgraded, you need to reconfigure kubernetes-buffer-size.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        Figure 1 Modifying the command line parameter of the log-operator container
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        How Do I Change the Log Storage Period on Logging?
                                                                                                                                                        1. On the Clusters page, hover the cursor over the cluster name to view the current cluster ID.
                                                                                                                                                          
+
                                                                                                                                                        2. Log in to the LTS console. In the navigation pane, choose Log Management. In Log Groups, select a search criterion. Then, query the log group and log stream by cluster ID.
                                                                                                                                                        3. Locate the log group and click Modify to configure the log storage period.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        What Can I Do If the Log Group or Stream Specified in the Log Collection Policy Does Not Exist?
                                                                                                                                                        • Scenario 1: The default log group or stream does not exist.
                                                                                                                                                          Take Kubernetes events as an example. If the default log group or stream does not exist, a message will be displayed on the Kubernetes events page of the console. You can click Create Log Collection Policy to create a log group or stream.
                                                                                                                                                          
+
                                                                                                                                                          After the log group or stream is created, the ID of the default log group or stream changes, and the existing log collection policy of the default log group or stream does not take effect. In this case, you can rectify the fault by referring to Scenario 2.
                                                                                                                                                          
+
                                                                                                                                                        • Scenario 2: The default log group or stream exists but is inconsistent with that specified in the log collection policy.
                                                                                                                                                          • The log collection policy, for example, default-stdout, can be modified as follows:
                                                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Logging.
                                                                                                                                                            2. In the upper right corner, click View Log Collection Policies. Then, locate the log collection policy and click Edit in the Operation column.
                                                                                                                                                            3. Select Custom and configure the default log group or stream.
                                                                                                                                                            
+
                                                                                                                                                          • If a log collection policy cannot be modified, for example, default-event, you need to re-create a log collection policy as follows:
                                                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Logging.
                                                                                                                                                            2. In the upper right corner, click View Log Collection Policies. Then, locate the log collection policy and click Delete in the Operation column.
                                                                                                                                                            3. Click Create Log Collection Policy. Then, select Kubernetes events and click OK.
                                                                                                                                                            
+
                                                                                                                                                          
+
                                                                                                                                                        • Scenario 3: The custom log group (stream) does not exist.
                                                                                                                                                          CCE does not support the creation of non-default log groups (streams). You can create a non-default log group (stream) on the LTS console.
                                                                                                                                                          
+
                                                                                                                                                          After the creation is complete, take the following steps:
                                                                                                                                                          
+
                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Logging.
                                                                                                                                                          2. In the upper right corner, click View Log Collection Policies. Then, locate the log collection policy and click Edit in the Operation column.
                                                                                                                                                          3. Select Custom and configure a log group or stream.
                                                                                                                                                          
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        Parent topic: O&M FAQ
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0811.html b/docs/cce/umn/cce_10_0811.html
index f7a12cf56..aebe0a8cd 100644
--- a/docs/cce/umn/cce_10_0811.html
+++ b/docs/cce/umn/cce_10_0811.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                        Best Practices
                                                                                                                                                        
+
                                                                                                                                                        O&M Best Practices
                                                                                                                                                        
 
                                                                                                                                                        
 
                                                                                                                                                        
 
                                                                                                                                                          
@@ -11,7 +11,7 @@
 
                                                                                                                                                        
 
 
                                                                                                                                                        
-
                                                                                                                                                        Parent topic: Observability
                                                                                                                                                        
+
                                                                                                                                                        Parent topic: O&M
                                                                                                                                                        
 
                                                                                                                                                        
 
                                                                                                                                                        
 
diff --git a/docs/cce/umn/cce_10_0813.html b/docs/cce/umn/cce_10_0813.html
index 4e5aea2ee..94a69054b 100644
--- a/docs/cce/umn/cce_10_0813.html
+++ b/docs/cce/umn/cce_10_0813.html
@@ -113,7 +113,7 @@
 
                                                                                                                                                        Configuration case 1
                                                                                                                                                        
 
                                                                                                                                                        1. Enable load-aware scheduling and use the default policy weight 5. For details, see Load-aware Scheduling.
                                                                                                                                                        2. Disable bin packing. For details, see Bin Packing.
                                                                                                                                                        
 
                                                                                                                                                        Recommended configurations:
                                                                                                                                                        
-
                                                                                                                                                        • To preferentially balance the CPU load of each node, increase the CPU weight of the policy to 5 and retain the memory weight to 1.
                                                                                                                                                        • To preferentially balance the memory load of each node, increase the memory weight of the policy to 5 and retain the CPU weight to 1.
                                                                                                                                                        • To use bot the CPU and memory usage and the CPU and memory thresholds, do as follows:
                                                                                                                                                          • Hard constraints:
                                                                                                                                                            • After the CPU usage of a node exceeds its CPU threshold, do not schedule new loads to the node.
                                                                                                                                                            • After the memory usage of a node exceeds its memory threshold, do not schedule new loads to the node.
                                                                                                                                                            
+
                                                                                                                                                            • To preferentially balance the CPU load of each node, increase the CPU weight of the policy to 5 and retain the memory weight to 1.
                                                                                                                                                            • To preferentially balance the memory load of each node, increase the memory weight of the policy to 5 and retain the CPU weight to 1.
                                                                                                                                                            • To use both the CPU and memory usage and the CPU and memory thresholds, do as follows:
                                                                                                                                                              • Hard constraints:
                                                                                                                                                                • After the CPU usage of a node exceeds its CPU threshold, do not schedule new loads to the node.
                                                                                                                                                                • After the memory usage of a node exceeds its memory threshold, do not schedule new loads to the node.
                                                                                                                                                                
 
                                                                                                                                                              • Soft constraints:
                                                                                                                                                                • After the CPU usage of a node exceeds its CPU threshold, do not schedule new loads to the node as far as possible.
                                                                                                                                                                • After the memory usage of a node exceeds its memory threshold, do not schedule new loads to the node as far as possible.
                                                                                                                                                                
 
                                                                                                                                                              • To balance the load of each node in a cluster while maximizing the cluster resource utilization, enable soft constraints for the CPU and memory thresholds and use the default value 80 for both the CPU and memory thresholds.
                                                                                                                                                              • To ensure workload stability and reduce the CPU and memory usage of heavy-load nodes, enable hard constraints for the CPU and memory thresholds and set the CPU and memory thresholds a value ranging from 60 to 80.
                                                                                                                                                              
 
                                                                                                                                                            
diff --git a/docs/cce/umn/cce_10_0831.html b/docs/cce/umn/cce_10_0831.html
index 757401694..4ea312fdc 100644
--- a/docs/cce/umn/cce_10_0831.html
+++ b/docs/cce/umn/cce_10_0831.html
@@ -6,11 +6,13 @@
 
                                                                                                                                                             
                                                                                                                                                            After the blocklist or trustlist access policy is configured, if you delete the blocklist or trustlist access policy configuration on the CCE console or delete the target annotation from the YAML file, the configuration on the ELB will be retained.
                                                                                                                                                            
 
                                                                                                                                                            
 
                                                                                                                                                            Prerequisites
                                                                                                                                                            • A Kubernetes cluster is available and the cluster version meets the following requirements:
                                                                                                                                                              • v1.23: v1.23.12-r0 or later
                                                                                                                                                              • v1.25: v1.25.7-r0 or later
                                                                                                                                                              • v1.27: v1.27.4-r0 or later
                                                                                                                                                              • v1.28: v1.28.2-r0 or later
                                                                                                                                                              • Other clusters of later versions
                                                                                                                                                              
-
                                                                                                                                                            • An IP address group has been created on the ELB console.
                                                                                                                                                            
+
                                                                                                                                                          • An IP address group has been created on the ELB console. 
                                                                                                                                                          
 
 
                                                                                                                                                          Using the CCE Console
                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                          2. Choose Services & Ingresses in the navigation pane, click the Services tab, and click Create Service in the upper right corner.
                                                                                                                                                          3. Configure Service parameters.
                                                                                                                                                            • Service Name: Enter a service name, for example, service-acl.
                                                                                                                                                            • Service Type: Select LoadBalancer.
                                                                                                                                                            • Service Affinity: Select cluster level or node level as needed. For details about the differences, see externalTrafficPolicy (Service Affinity).
                                                                                                                                                            • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                            • Load Balancer
                                                                                                                                                              Select a load balancer to be accessed. Only load balancers in the same VPC as the cluster are supported. If no load balancer is available, click Create Load Balancer to create one on the ELB console. Alternatively, select Auto create to create a load balancer. For details about parameter settings, see Table 1.
                                                                                                                                                              
 
                                                                                                                                                            • Health Check: defaults to Global health check. You can configure this parameter as needed.
                                                                                                                                                            • Ports
                                                                                                                                                              • Protocol: protocol used by the Service.
                                                                                                                                                              • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                              • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                              
-
                                                                                                                                                            • Access Control
                                                                                                                                                              • Inherit ELB Configurations: CCE does not modify the existing access control configurations on the ELB console.
                                                                                                                                                              • Allow all IP addresses: No access control is configured.
                                                                                                                                                              • Trustlist: Only the selected IP address group can access the load balancer.
                                                                                                                                                              • Blocklist: The selected IP address group cannot access the load balancer.
                                                                                                                                                              
+
                                                                                                                                                            • Access Control
                                                                                                                                                              • Inherit ELB Configurations: CCE does not modify the existing access control configurations on the ELB console.
                                                                                                                                                              • Allow all IP addresses: No access control is configured.
                                                                                                                                                              • Trustlist: Only the selected IP address group can access the load balancer.
                                                                                                                                                              • Blocklist: The selected IP address group cannot access the load balancer.
                                                                                                                                                              
+
                                                                                                                                                               
                                                                                                                                                              For clusters of v1.25.16-r10, v1.27.16-r10, v1.28.15-r0, v1.29.10-r0, v1.30.6-r0, v1.31.1-r0, or later, when using a dedicated load balancer, you can select a maximum of five IP address groups at a time for access control.
                                                                                                                                                              
+
                                                                                                                                                              
 
                                                                                                                                                            
 
                                                                                                                                                          4. Click OK.
                                                                                                                                                          
 
                                                                                                                                                          
@@ -47,7 +49,9 @@ spec:
 
 
                                                                                                                                                        String
                                                                                                                                                        
 
                                                                                                                                                        • If this parameter is not specified, CCE does not modify access control on the ELB.
                                                                                                                                                        • If this parameter is left empty, all IP addresses are allowed to access the load balancer.
                                                                                                                                                        • If this parameter is set to the IP address group ID of the load balancer, access control is enabled and you need to configure an IP address blocklist or trustlist for the load balancer. Additionally, you need to configure both kubernetes.io/elb.acl-status and kubernetes.io/elb.acl-type.
                                                                                                                                                          How to obtain:
                                                                                                                                                          
+
                                                                                                                                                        • If this parameter is not specified, CCE does not modify access control on the ELB.
                                                                                                                                                        • If this parameter is left empty, all IP addresses are allowed to access the load balancer.
                                                                                                                                                        • If this parameter is set to the IP address group ID of the load balancer, access control is enabled and you need to configure an IP address blocklist or trustlist for the load balancer. Additionally, you need to configure both kubernetes.io/elb.acl-status and kubernetes.io/elb.acl-type.
                                                                                                                                                           NOTE: 
                                                                                                                                                          For clusters of v1.25.16-r10, v1.27.16-r10, v1.28.15-r0, v1.29.10-r0, v1.30.6-r0, v1.31.1-r0, or later, when using a dedicated load balancer, you can select a maximum of five IP address groups at a time, separated by commas (,).
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          How to obtain:
                                                                                                                                                          
 
                                                                                                                                                          Log in to the console. In the Service List, choose Networking > Elastic Load Balance. On the Network Console, choose Elastic Load Balance > IP Address Groups and copy the ID of the target IP address group. 
                                                                                                                                                          
 
                                                                                                                                                        
 
                                                                                                                                                        String
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                        
-
                                                                                                                                                        • on: Access control is enabled.
                                                                                                                                                        • off: Access control is disabled.
                                                                                                                                                        
+
                                                                                                                                                        • on or true: Access control is enabled.
                                                                                                                                                        • off or false: Access control is disabled.
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        
 
                                                                                                                                                        kubernetes.io/elb.acl-type
                                                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0832.html b/docs/cce/umn/cce_10_0832.html
index 4a76c967d..4a9fa9492 100644
--- a/docs/cce/umn/cce_10_0832.html
+++ b/docs/cce/umn/cce_10_0832.html
@@ -3,10 +3,10 @@
 
                                                                                                                                                        Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Ingress
                                                                                                                                                        
 
                                                                                                                                                        You can add IP addresses to a trustlist or blocklist to control access to a listener of a LoadBalancer ingress.
                                                                                                                                                        
 
                                                                                                                                                        • Trustlist: Only the IP addresses in the list can access the listener.
                                                                                                                                                        • Blocklist: The IP addresses in the list are not allowed to access the listener.
                                                                                                                                                        
-
                                                                                                                                                         
                                                                                                                                                        After a blocklist/trustlist access policy is configured, if you delete the blocklist/trustlist access policy configuration on the CCE console or delete the target annotation from the YAML file, the configuration on the ELB will be retained.
                                                                                                                                                        
-
                                                                                                                                                        
 
                                                                                                                                                        Prerequisites
                                                                                                                                                        • A CCE standard or Turbo cluster is available, and the cluster version meets the following requirements:
                                                                                                                                                          • v1.23: v1.23.12-r0 or later
                                                                                                                                                          • v1.25: v1.25.7-r0 or later
                                                                                                                                                          • v1.27: v1.27.4-r0 or later
                                                                                                                                                          • v1.28: v1.28.2-r0 or later
                                                                                                                                                          • Other clusters of later versions
                                                                                                                                                          
-
                                                                                                                                                        • An IP address group has been created on the ELB console. For details, see .
                                                                                                                                                        
+
                                                                                                                                                      7. An IP address group has been created on the ELB console. 
                                                                                                                                                        8. 
+
                                                                                                                                                        
+
                                                                                                                                                        Notes and Constraints
                                                                                                                                                        • After a blocklist/trustlist access policy is configured, if you delete the blocklist/trustlist access policy configuration on the CCE console or delete the target annotation from the YAML file, the configuration on the ELB will be retained.
                                                                                                                                                        • If multiple ingresses share the same external port on a load balancer, you are advised to use the same blocklist/trustlist configuration for these ingresses. Otherwise, the configuration of the first created ingress will take precedence. For details, see Configuring Multiple Ingresses to Use the Same External ELB Port.
                                                                                                                                                        
 
                                                                                                                                                        
 
                                                                                                                                                        Using the CCE Console to Configure a Blocklist/Trustlist Access Policy
                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                        2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                                                                                                        3. Configure ingress parameters.
                                                                                                                                                           
                                                                                                                                                          This example explains only key parameters for configuring blocklist/trustlist access policies. You can configure other parameters as required. For details, see Creating a LoadBalancer Ingress on the Console.
                                                                                                                                                          
 
                                                                                                                                                          
@@ -35,7 +35,9 @@
 
                                                                                                                                                        
 
                                                                                                                                                        Listener
                                                                                                                                                        
 
                                                                                                                                                        • External Protocol: HTTP and HTTPS are available.
                                                                                                                                                        • External Port: specifies the port of the load balancer listener.
                                                                                                                                                        • Access Control
                                                                                                                                                          • Allow all IP addresses: No access control is configured.
                                                                                                                                                          • Trustlist: Only the selected IP address group can access the load balancer.
                                                                                                                                                          • Blocklist: The selected IP address group cannot access the load balancer.
                                                                                                                                                          
+
                                                                                                                                                        • External Protocol: HTTP and HTTPS are available.
                                                                                                                                                        • External Port: specifies the port of the load balancer listener.
                                                                                                                                                        • Access Control
                                                                                                                                                          • Inherit ELB Configurations: CCE does not modify the existing access control configurations on the ELB console.
                                                                                                                                                          • Allow all IP addresses: No access control is configured.
                                                                                                                                                          • Trustlist: Only the selected IP address group can access the load balancer.
                                                                                                                                                          • Blocklist: The selected IP address group cannot access the load balancer.
                                                                                                                                                          
+
                                                                                                                                                           NOTE: 
                                                                                                                                                          For clusters of v1.25.16-r10, v1.27.16-r10, v1.28.15-r0, v1.29.10-r0, v1.30.6-r0, v1.31.1-r0, or later, when using a dedicated load balancer, you can select a maximum of five IP address groups at a time for access control.
                                                                                                                                                          
+
                                                                                                                                                          
 
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        • External Protocol: HTTP
                                                                                                                                                        • External Port: 80
                                                                                                                                                        • Advanced Options
                                                                                                                                                          Access Control: Blocklist
                                                                                                                                                          
@@ -44,7 +46,7 @@
 
                                                                                                                                                        
 
                                                                                                                                                        Forwarding Policy
                                                                                                                                                        
 
                                                                                                                                                        • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                                        • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                                        • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                                        • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                                        • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                                        
+
                                                                                                                                                        • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                                        • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                                        • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                                        • Destination Service: Select an existing Service. Only Services that meet the requirements are automatically displayed in the Service list. 
                                                                                                                                                        • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        • Domain Name: You do not need to configure this parameter.
                                                                                                                                                        • Path Matching Rule: Prefix match
                                                                                                                                                        • Path: /
                                                                                                                                                        • Destination Service: nginx
                                                                                                                                                        • Destination Service Port: 80
                                                                                                                                                        
                                                                                                                                                         		
 
 
                                                                                                                                                        String
                                                                                                                                                        
 
                                                                                                                                                        • If this parameter is not specified, CCE does not modify access control on the ELB.
                                                                                                                                                        • If this parameter is left empty, all IP addresses are allowed to access the load balancer.
                                                                                                                                                        • If this parameter is set to the IP address group ID of the load balancer, access control is enabled and you need to configure an IP address blocklist or trustlist for the load balancer. Additionally, you need to configure both kubernetes.io/elb.acl-status and kubernetes.io/elb.acl-type.
                                                                                                                                                          How to obtain:
                                                                                                                                                          
+
                                                                                                                                                        • If this parameter is not specified, CCE does not modify access control on the ELB.
                                                                                                                                                        • If this parameter is left empty, all IP addresses are allowed to access the load balancer.
                                                                                                                                                        • If this parameter is set to the IP address group ID of the load balancer, access control is enabled and you need to configure an IP address blocklist or trustlist for the load balancer. Additionally, you need to configure both kubernetes.io/elb.acl-status and kubernetes.io/elb.acl-type.
                                                                                                                                                           NOTE: 
                                                                                                                                                          For clusters of v1.25.16-r10, v1.27.16-r10, v1.28.15-r0, v1.29.10-r0, v1.30.6-r0, v1.31.1-r0, or later, when using a dedicated load balancer, you can select a maximum of five IP address groups at a time, separated by commas (,).
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          How to obtain:
                                                                                                                                                          
 
                                                                                                                                                          Log in to the console. In the Service List, choose Networking > Elastic Load Balance. On the Network Console, choose Elastic Load Balance > IP Address Groups and copy the ID of the target IP address group. 
                                                                                                                                                          
 
                                                                                                                                                        
 
                                                                                                                                                        String
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                        
-
                                                                                                                                                        • on: Access control is enabled.
                                                                                                                                                        • off: Access control is disabled.
                                                                                                                                                        
+
                                                                                                                                                        • on or true: Access control is enabled.
                                                                                                                                                        • off or false: Access control is disabled.
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        
 
                                                                                                                                                        kubernetes.io/elb.acl-type
                                                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0836.html b/docs/cce/umn/cce_10_0836.html
index 9edfa4896..d3b701542 100644
--- a/docs/cce/umn/cce_10_0836.html
+++ b/docs/cce/umn/cce_10_0836.html
@@ -1,9 +1,9 @@
 
 
 
                                                                                                                                                        Monitoring
                                                                                                                                                        
-
                                                                                                                                                        CCE monitors applications and resources and collects metrics and events to analyze application health status. You can choose Settings from the navigation pane, click the Monitoring tab, and change monitoring parameters on the console.
                                                                                                                                                        
-
                                                                                                                                                        Log Configuration
                                                                                                                                                        Collection configuration
                                                                                                                                                        
-
                                                                                                                                                        Send stdout Logs to AOM 1.0 (No more evolution): Logging in AOM 1.0 has not been improved, so you are advised to disable this function and use LTS logging instead. 
                                                                                                                                                        
+
                                                                                                                                                        CCE monitors applications and resources and collects metrics and events to analyze application health status. You can choose Settings from the navigation pane, click the Monitoring tab, and change monitoring parameters on the console.
                                                                                                                                                        
+
                                                                                                                                                        Log Configuration
                                                                                                                                                        Collection configuration
                                                                                                                                                        
+
                                                                                                                                                        Send stdout Logs to AOM 1.0 (No more evolution): Logging in AOM 1.0 has not been improved, so you are advised to disable this function and use LTS logging instead. 
                                                                                                                                                        
 
                                                                                                                                                        
 
                                                                                                                                                        
 
                                                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0839.html b/docs/cce/umn/cce_10_0839.html
index 88b74f5e0..d55f8148c 100644
--- a/docs/cce/umn/cce_10_0839.html
+++ b/docs/cce/umn/cce_10_0839.html
@@ -1,59 +1,71 @@
 
 
 
                                                                                                                                                        (Recommended) Creating an SFS Turbo Subdirectory Using a Dynamic PV
                                                                                                                                                        
-
                                                                                                                                                        When an SFS Turbo volume is mounted to a workload container, the root directory is mounted to the container by default. However, the minimum capacity of an SFS Turbo volume is 500 GiB, which exceeds the capacity required by most workloads, leading to a waste of storage resources. CCE enables efficient utilization of storage capacity by creating SFS Turbo subdirectories dynamically when you create a PVC. This allows multiple workloads to share the SFS Turbo file system.
                                                                                                                                                        
-
                                                                                                                                                        Prerequisites
                                                                                                                                                        • You have created a cluster and installed the CCE Container Storage (Everest) add-on of v2.3.23 or later in the cluster.
                                                                                                                                                        • To create a cluster using commands, ensure kubectl is used. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                        • You have created an available SFS Turbo file system, and the SFS Turbo file system and the cluster are in the same VPC.
                                                                                                                                                        
+
                                                                                                                                                        When an SFS Turbo volume is mounted to a workload container, the root directory is mounted to the container by default. However, the minimum capacity of an SFS Turbo volume is 500 GiB, which exceeds the capacity required by most workloads, leading to a waste of storage resources. CCE enables efficient utilization of storage capacity by creating SFS Turbo subdirectories dynamically when you create a PVC. If your Everest version is 2.4.73 or later, you can configure the capacities of these subdirectories. This allows multiple workloads to share the SFS Turbo file system.
                                                                                                                                                        
+
                                                                                                                                                        Prerequisites
                                                                                                                                                        • You have created a cluster and installed the CCE Container Storage (Everest) add-on of v2.3.23 or later in the cluster.
                                                                                                                                                        • To create a cluster using commands, ensure kubectl is used. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                        • You have created an available SFS Turbo file system, and the SFS Turbo file system and the cluster are in the same VPC.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        Notes and Restrictions on Subdirectory Quotas
                                                                                                                                                        • If the subdirectory quota is less than 1 GiB, it is automatically set to 1 GiB. The maximum quota cannot exceed the capacity of the target SFS Turbo file system. The minimum scale-out step is 1 GiB, and capacity reduction is not allowed.
                                                                                                                                                        • Once a subdirectory quota is configured, it cannot be canceled.
                                                                                                                                                        • The number of files or subdirectories in a file system is determined by the quota capacity (in KB) divided by 16. The upper limit is set at 1 billion and cannot be changed by users.
                                                                                                                                                        
 
                                                                                                                                                        
 
                                                                                                                                                        Dynamically Creating an SFS Turbo Subdirectory on the Console
                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                        2. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
                                                                                                                                                          
-
                                                                                                                                                          Parameter
                                                                                                                                                          
+
                                                                                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
                                                                                                                                                          Parameter
                                                                                                                                                          
 
                                                                                                                                                          Description
                                                                                                                                                          
+
                                                                                                                                                          Description
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
 
                                                                                                                                                          PVC Type
                                                                                                                                                          
+
                                                                                                                                                          PVC Type
                                                                                                                                                          
 
                                                                                                                                                          In this example, select SFS Turbo.
                                                                                                                                                          
+
                                                                                                                                                          In this example, select SFS Turbo.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          PVC Name
                                                                                                                                                          
+
                                                                                                                                                          PVC Name
                                                                                                                                                          
 
                                                                                                                                                          Enter the PVC name, which must be unique in a namespace.
                                                                                                                                                          
+
                                                                                                                                                          Enter the PVC name, which must be unique in a namespace.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          Creation Method
                                                                                                                                                          
+
                                                                                                                                                          Creation Method
                                                                                                                                                          
 
                                                                                                                                                          Select New subdirectory.
                                                                                                                                                          
+
                                                                                                                                                          Select New subdirectory.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          Storage Classes
                                                                                                                                                          
+
                                                                                                                                                          Storage Classes
                                                                                                                                                          
 
                                                                                                                                                          Choose csi-sfsturbo. You can customize a StorageClass and configure its reclaim policy and binding mode. For details, see Creating a StorageClass Using the CCE Console.
                                                                                                                                                          
+
                                                                                                                                                          Choose csi-sfsturbo. You can customize a StorageClass and configure its reclaim policy and binding mode. For details, see Creating a StorageClass Using the CCE Console.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          Access Mode
                                                                                                                                                          
+
                                                                                                                                                          Access Mode
                                                                                                                                                          
 
                                                                                                                                                          SFS Turbo volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                          
+
                                                                                                                                                          SFS Turbo volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          SFS Turbo
                                                                                                                                                          
+
                                                                                                                                                          SFS Turbo
                                                                                                                                                          
 
                                                                                                                                                          Click Select SFS Turbo. On the displayed page, select the SFS Turbo file system that meets your requirements and click OK.
                                                                                                                                                          
+
                                                                                                                                                          Click Select SFS Turbo. On the displayed page, select the SFS Turbo file system that meets your requirements and click OK.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          Subdirectory
                                                                                                                                                          
+
                                                                                                                                                          Subdirectory
                                                                                                                                                          
 
                                                                                                                                                          Enter the absolute path of a subdirectory, for example, /a/b.
                                                                                                                                                          
+
                                                                                                                                                          Enter the absolute path of a subdirectory, for example, /a/b.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          Subdirectory Reclaim Policy
                                                                                                                                                          
+
                                                                                                                                                          Subdirectory Reclaim Policy
                                                                                                                                                          
 
                                                                                                                                                          Whether to retain subdirectories when a PVC is deleted.
                                                                                                                                                          
+
                                                                                                                                                          Determine whether to retain subdirectories when a PVC is deleted.
                                                                                                                                                          
 
                                                                                                                                                          • Retain: If a PVC is deleted, the PV will be deleted, but the subdirectories associated with the PV will be retained.
                                                                                                                                                          • Delete: After a PVC is deleted, the PV and its associated subdirectories will also be deleted.
                                                                                                                                                             NOTE: 
                                                                                                                                                            When a subdirectory is deleted, only the absolute path of the subdirectory configured in the PVC will be deleted. The upper-layer directory will not be deleted.
                                                                                                                                                            
 
                                                                                                                                                            
 
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          Subdirectory Capacity
                                                                                                                                                          
+
                                                                                                                                                          • Not limited: The subdirectory capacity is not limited.
                                                                                                                                                          • Limited: The subdirectory capacity is limited.
                                                                                                                                                          
+
                                                                                                                                                          Capacity
                                                                                                                                                          
+
                                                                                                                                                          The maximum capacity of the subdirectory, in GiB. This parameter is available only when the subdirectory capacity limit is enabled.
                                                                                                                                                          
+
                                                                                                                                                          
                                                                                                                                                           
 
                                                                                                                                                          
 
                                                                                                                                                          
@@ -70,60 +82,70 @@ metadata:
     everest.io/sfsturbo-share-id: <sfsturbo_id>        # SFS Turbo ID
     everest.io/path: /a                                # Subdirectory that is automatically created, which must be an absolute path
     everest.io/reclaim-policy: retain-volume-only      # When a PVC is deleted, the PV will be deleted, but the subdirectories associated with the PV will be retained.
+    everest.io/csi.enable-sfsturbo-dir-quota: "true"   # Status of quota limit
 spec:
   accessModes:
     - ReadWriteMany      # ReadWriteMany must be selected for SFS Turbo.
   resources:
     requests:
-      storage: 10Gi      # For SFS Turbo subdirectory PVCs, this configuration is meaningless and only used for verification (the value cannot be empty or 0) (the value cannot be empty or 0).
+
+      storage: 10Gi      # For SFS Turbo subdirectory PVCs, this configuration specifies the capacity of a subdirectory when quota limit is enabled. In other scenarios, it is meaningless and only used for verification (the value cannot be empty or 0).
   storageClassName: csi-sfsturbo     # StorageClass name of the SFS Turbo file system
 
-
                                                                                                                                                          Table 1 Key parameters
                                                                                                                                                          Parameter
                                                                                                                                                          
+
                                                                                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
diff --git a/docs/cce/umn/cce_10_0841.html b/docs/cce/umn/cce_10_0841.html
index a96d3f456..580f2cb02 100644
--- a/docs/cce/umn/cce_10_0841.html
+++ b/docs/cce/umn/cce_10_0841.html
@@ -7,7 +7,7 @@
 
                                                                                                                                                          Prerequisites
                                                                                                                                                          • A Kubernetes cluster is available and the cluster version meets the following requirements:
                                                                                                                                                            • v1.23: v1.23.13-r0 or later
                                                                                                                                                            • v1.25: v1.25.8-r0 or later
                                                                                                                                                            • v1.27: v1.27.5-r0 or later
                                                                                                                                                            • v1.28: v1.28.3-r0 or later
                                                                                                                                                            • Other clusters of later versions
                                                                                                                                                            
 
                                                                                                                                                          
-
                                                                                                                                                          • You have created one or more SNI certificates in ELB and specified a domain name in these certificates. 
                                                                                                                                                          • To create a cluster using commands, ensure kubectl is used. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                          
+
                                                                                                                                                          • You have created one or more SNI certificates in ELB and specified a domain name in these certificates. 
                                                                                                                                                          • To create a cluster using commands, ensure kubectl is used. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                          
 
                                                                                                                                                          Using the CCE Console
                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                          2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                                                          3. Configure Service parameters. In this example, only mandatory parameters required for using SNI are listed. For details about how to configure other parameters, see Using the Console.
                                                                                                                                                            • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                            • Service Type: Select LoadBalancer.
                                                                                                                                                            • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                            • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                                                              • A load balancer can be dedicated or shared. To enable HTTP/HTTPS on the listener port of a dedicated load balancer, the type of the load balancer must be Application (HTTP/HTTPS) or Network (TCP/UDP) & Application (HTTP/HTTPS).
                                                                                                                                                              • This section uses an existing load balancer as an example. For details about the parameters for automatically creating a load balancer, see Table 1.
                                                                                                                                                              
 
                                                                                                                                                            • Ports
                                                                                                                                                              • Protocol: Select TCP. If you select UDP, HTTP and HTTPS will be unavailable.
                                                                                                                                                              • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                              • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                              • Frontend Protocol: In this example, HTTPS must be enabled for the Service to use SNI. For a dedicated load balancer, to use HTTP/HTTPS, the type of the load balancer must be Application (HTTP/HTTPS).
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0842.html b/docs/cce/umn/cce_10_0842.html
index cac6f03ff..ea6e035aa 100644
--- a/docs/cce/umn/cce_10_0842.html
+++ b/docs/cce/umn/cce_10_0842.html
@@ -6,7 +6,7 @@
 
                                                                                                                                                          Prerequisites
                                                                                                                                                          • A Kubernetes cluster is available and the cluster version meets the following requirements:
                                                                                                                                                            • v1.23: v1.23.13-r0 or later
                                                                                                                                                            • v1.25: v1.25.8-r0 or later
                                                                                                                                                            • v1.27: v1.27.5-r0 or later
                                                                                                                                                            • v1.28: v1.28.3-r0 or later
                                                                                                                                                            • Other clusters of later versions
                                                                                                                                                            
 
                                                                                                                                                          
-
+
 
                                                                                                                                                          Using the CCE Console
                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                          2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                                                          3. Configure Service parameters. In this example, only mandatory parameters are listed. For details about how to configure other parameters, see Using the Console.
                                                                                                                                                            • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                            • Service Type: Select LoadBalancer.
                                                                                                                                                            • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                            • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                                                              • A load balancer can be dedicated or shared. To enable HTTP/HTTPS on the listener port of a dedicated load balancer, the type of the load balancer must be Application (HTTP/HTTPS) or Network (TCP/UDP) & Application (HTTP/HTTPS).
                                                                                                                                                              • This section uses an existing load balancer as an example. For details about the parameters for automatically creating a load balancer, see Table 1.
                                                                                                                                                              
 
                                                                                                                                                            • Ports
                                                                                                                                                              • Protocol: Select TCP. If you select UDP, HTTP and HTTPS will be unavailable.
                                                                                                                                                              • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                              • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                              • Frontend Protocol: In this example, HTTPS must be enabled for the Service to use HTTP/2. For a dedicated load balancer, to use HTTP/HTTPS, the type of the load balancer must be Application (HTTP/HTTPS).
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0859.html b/docs/cce/umn/cce_10_0859.html
index a4b0243a0..c6cc803f0 100644
--- a/docs/cce/umn/cce_10_0859.html
+++ b/docs/cce/umn/cce_10_0859.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                              Encrypting EVS Disks
                                                                                                                                                              
 
                                                                                                                                                              Encrypting cloud disks ensures data privacy and control, making it ideal for scenarios that demand high security or compliance standards. This section describes how to use the keys managed by Data Encryption Workshop (DEW) to encrypt EVS disks.
                                                                                                                                                              
-
                                                                                                                                                              Prerequisites
                                                                                                                                                              
+
                                                                                                                                                              Prerequisites
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              Using the Console
                                                                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                              2. Dynamically create a PVC and PV.
                                                                                                                                                                1. Choose Storage in the navigation pane and click the PersistentVolumeClaims (PVCs) tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
                                                                                                                                                                2. Select EVS for the storage type, enable encryption, and choose a key. Configure other parameters based on service requirements. For details, see Using an EVS Disk Through a Dynamic PV.
                                                                                                                                                                3. Click Create.
                                                                                                                                                                
 
                                                                                                                                                              3. Go to the PersistentVolumeClaims (PVCs) tab and check whether the PVC of the encrypted EVS disk is created and whether the disk is encrypted.
                                                                                                                                                              4. The method of using an encrypted PVC is the same as that of using a regular PVC.
                                                                                                                                                              
@@ -13,7 +13,7 @@ metadata:
   name: pvc-evs-auto
   namespace: default
   annotations:
-    everest.io/disk-volume-type: SAS    # EVS disk
+    everest.io/disk-volume-type: SAS    # EVS disk type
     everest.io/crypt-key-id: 37f202db-a970-4ac1-a506-e5c4f2d7ce69   # Encryption key ID, which can be obtained from DEW
   labels:
     failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed
@@ -24,7 +24,7 @@ spec:
   resources:
     requests:
       storage: 10Gi             # EVS disk capacity, ranging from 1 to 32768
-  storageClassName: csi-disk    # The storage class is EVS.
+  storageClassName: csi-disk    # The StorageClass is EVS.
 
                                                                                                                                                            • Run the following command to create a PVC:
                                                                                                                                                              kubectl apply -f pvc-evs-auto.yaml
                                                                                                                                                              
 
                                                                                                                                                            • Go to the PersistentVolumeClaims (PVCs) tab and check whether the PVC of the encrypted EVS disk is created and whether the disk is encrypted.
                                                                                                                                                          
 
                                                                                                                                                          
diff --git a/docs/cce/umn/cce_10_0864.html b/docs/cce/umn/cce_10_0864.html
index 26504e237..78fad6964 100644
--- a/docs/cce/umn/cce_10_0864.html
+++ b/docs/cce/umn/cce_10_0864.html
@@ -2,12 +2,12 @@
 
 
                                                                                                                                                          Configuring a Cluster's API Server for Internet Access
                                                                                                                                                          You can bind an EIP to an API server of a Kubernetes cluster so that the API server can access the Internet.
                                                                                                                                                          
-
                                                                                                                                                          Procedure
                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                          2. On the Overview page, locate the Connection Info area, and click Bind next to EIP.
                                                                                                                                                          3. Select an existing EIP. If no EIP is available, click Create EIP to go to the EIP console and assign one.
                                                                                                                                                             
                                                                                                                                                            • Binding an EIP to an API server for Internet access can pose a risk to the cluster's security. To mitigate this risk, configure Advanced Anti-DDoS or API server access policies (Configuring Access Policies for an API Server) for the bound EIP.
                                                                                                                                                            • Binding an EIP to an API server will cause the API server to restart briefly and update the kubeconfig certificate. Do not make any changes to the cluster during this period.
                                                                                                                                                            
+
                                                                                                                                                            Procedure
                                                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                            2. On the Overview page, locate the Connection Information area, and click Bind next to EIP.
                                                                                                                                                            3. Select an existing EIP. If no EIP is available, click Create EIP to go to the EIP console and assign one.
                                                                                                                                                               
                                                                                                                                                              • Binding an EIP to an API server for Internet access can pose a risk to the cluster's security. To mitigate this risk, configure Advanced Anti-DDoS or API server access policies (Configuring Access Policies for an API Server) for the bound EIP.
                                                                                                                                                              • Binding an EIP to an API server will cause the API server to restart briefly and update the kubeconfig certificate. Do not make any changes to the cluster during this period.
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                            4. Click OK.
                                                                                                                                                            
+
                                                                                                                                                          4. Click OK. The bound EIP will be displayed in EIP.
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          Configuring Access Policies for an API Server
                                                                                                                                                          To ensure the security of a cluster's API server, it is important to modify the security group rules for the master nodes. This is because the EIP, which is exposed to the Internet, is at risk of being attacked.
                                                                                                                                                          
-
                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console. On the Overview page, copy the cluster ID in the Basic Info area.
                                                                                                                                                          2. Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups.
                                                                                                                                                          3. Select Description as the filter criterion and paste the cluster ID to search for the target security group.
                                                                                                                                                          4. Locate the row that contains the security group (starting with {CCE cluster name}-cce-control) of the master node and click Manage Rules in the Operation column.
                                                                                                                                                          5. On the page displayed, locate the row that contains port 5443 and click Modify in the Operation column to modify its inbound rules.
                                                                                                                                                            
+
                                                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. On the Overview page, find and copy the cluster ID.
                                                                                                                                                            2. Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups.
                                                                                                                                                            3. Select Description as the filter criterion and search for the target security group by cluster ID.
                                                                                                                                                            4. Locate the row that contains the security group (starting with {CCE cluster name}-cce-control) of the master node and click Manage Rules in the Operation column.
                                                                                                                                                            5. On the page displayed, locate the row that contains port 5443 and click Modify in the Operation column to modify its inbound rules.
                                                                                                                                                              
 
                                                                                                                                                            6. Change the source IP address that can be accessed as required. For example, if the IP address used by the client to access the API Server is 100.*.*.*, you can add an inbound rule for port 5443 and set the source IP address to 100.*.*.*.
                                                                                                                                                               
                                                                                                                                                              In addition to the client IP address, the port must allow traffic from the CIDR blocks of the VPC, container, and the control plane of the hosted service mesh to ensure that the API Server can be accessed from within the cluster.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0886.html b/docs/cce/umn/cce_10_0886.html
index e7c74caea..9329da85f 100644
--- a/docs/cce/umn/cce_10_0886.html
+++ b/docs/cce/umn/cce_10_0886.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                               
                                                                                                                                                              • When an ECS is accepted for management, the ECS OS will be reset to the standard image provided by CCE to ensure node stability.
                                                                                                                                                              • LVM information, including volume groups (VGs), logical volumes (LVs), and physical volumes (PVs), will be deleted from the system disks and data disks attached to the selected ECSs during acceptance. Ensure that the information has been backed up.
                                                                                                                                                              • During the acceptance of an ECS, do not perform any operation on the ECS through the ECS console.
                                                                                                                                                              • After a node is managed by a node pool, if a scaling-in task is triggered in the node pool, the node will be deleted.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              Procedure
                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                              3. Choose More > Accept Node in the operation bar of the target node pool.
                                                                                                                                                                
-
                                                                                                                                                              4. Select one or more nodes that meet the requirements.
                                                                                                                                                                • The nodes and the current node pool are deployed in the same VPC and subnet.
                                                                                                                                                                • The nodes and the current node pool belong to the same enterprise project.
                                                                                                                                                                • The billing mode of the nodes must be the same as that of the current node pool. For example, a pay-per-use node pool can accept only pay-per-use nodes.
                                                                                                                                                                • The cloud server group of the nodes must be the same as that of the current node pool.
                                                                                                                                                                • The nodes must be running and cannot be labeled with CCE-Dynamic-Provisioning-Node.
                                                                                                                                                                • Data disks must be attached to the nodes to be managed if the system components of these nodes are separately stored. A local disk (disk-intensive disk) or a data disk of at least 20 GiB can be attached to the node, and any data disks already attached cannot be smaller than 10 GiB. 
                                                                                                                                                                • The flavor of the nodes must be at least 2 vCPUs and 4 GiB memory, and only one NIC can be bound to each of the nodes.
                                                                                                                                                                • Only the cloud servers that have the same flavor, AZ, resource reservation, system disk, and data disk configurations as the node pool can be added for batch acceptance.
                                                                                                                                                                • Partitioned disks on cloud servers will not be accepted as data disks. Back up data and clear the disks before node acceptance.
                                                                                                                                                                
+
                                                                                                                                                              5. Select one or more nodes that meet the requirements.
                                                                                                                                                                • The nodes and the current node pool are deployed in the same VPC and subnet.
                                                                                                                                                                • The billing mode of the nodes must be the same as that of the current node pool. For example, a pay-per-use node pool can accept only pay-per-use nodes.
                                                                                                                                                                • The cloud server group of the nodes must be the same as that of the current node pool.
                                                                                                                                                                • The nodes must be running and cannot be labeled with CCE-Dynamic-Provisioning-Node.
                                                                                                                                                                • Data disks must be attached to the nodes to be managed if the system components of these nodes are separately stored. A local disk (disk-intensive disk) or a data disk of at least 20 GiB can be attached to the node, and any data disks already attached cannot be smaller than 10 GiB. 
                                                                                                                                                                • The flavor of the nodes must be at least 2 vCPUs and 4 GiB memory, and only one NIC can be bound to each of the nodes.
                                                                                                                                                                • Only the cloud servers that have the same flavor, AZ, resource reservation, system disk, and data disk configurations as the node pool can be added for batch acceptance.
                                                                                                                                                                • Partitioned disks on cloud servers will not be accepted as data disks. Back up data and clear the disks before node acceptance.
                                                                                                                                                                
 
                                                                                                                                                              6. Click OK.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                          
diff --git a/docs/cce/umn/cce_10_0889.html b/docs/cce/umn/cce_10_0889.html
index 6f25a4cd8..27d153c53 100644
--- a/docs/cce/umn/cce_10_0889.html
+++ b/docs/cce/umn/cce_10_0889.html
@@ -1,7 +1,8 @@
 
 
 
                                                                                                                                                          Scheduling a Workload
                                                                                                                                                          
-
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                            
 
                                                                                                                                                          • Overview
                                                                                                                                                            
diff --git a/docs/cce/umn/cce_10_0891.html b/docs/cce/umn/cce_10_0891.html
index 1aad3847b..1a256aa37 100644
--- a/docs/cce/umn/cce_10_0891.html
+++ b/docs/cce/umn/cce_10_0891.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                            To select a node for scheduling in Kubernetes, simply configure the nodeSelector field in the workload. This field allows you to configure the label of the desired node to be scheduled. Kubernetes schedules pods only to nodes with specified labels.
                                                                                                                                                            
 
                                                                                                                                                            Prerequisites
                                                                                                                                                            A custom label has been added to the target node so that workload pods can be scheduled based on the node label. For details, see Adding or Deleting a Node Label.
                                                                                                                                                            
 
                                                                                                                                                            
-
                                                                                                                                                            Creating a Workload Scheduled to a Specified Node
                                                                                                                                                            1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                            2. Create a YAML file named nginx.yaml. The file name can be customized.
                                                                                                                                                              Configure nodeSelector for the workload. For example, if the key is deploy_qa and the value is true, the pod will be scheduled to the node with the deploy_qa=true label. Example:
                                                                                                                                                              apiVersion: apps/v1
+
                                                                                                                                                              Creating a Workload Scheduled to a Specified Node
                                                                                                                                                              1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                              2. Create a YAML file named nginx.yaml. The file name can be customized.
                                                                                                                                                                Configure nodeSelector for the workload. For example, if the key is deploy_qa and the value is true, the pod will be scheduled to the node with the deploy_qa=true label. Example:
                                                                                                                                                                apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx
diff --git a/docs/cce/umn/cce_10_0892.html b/docs/cce/umn/cce_10_0892.html
index c4e3f31d4..085ac3c92 100644
--- a/docs/cce/umn/cce_10_0892.html
+++ b/docs/cce/umn/cce_10_0892.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                Configuring Node Affinity Scheduling (nodeAffinity)
                                                                                                                                                                
 
                                                                                                                                                                Kubernetes can schedule workload pods to affinity nodes based on their labels and label values. For example, some nodes support GPU computing, and node affinity scheduling can guarantee that high-performance computing pods run on these GPU nodes.
                                                                                                                                                                
 
                                                                                                                                                                Using the CCE Console
                                                                                                                                                                In this example, a GPU node labeled with gpu=true has been created in the cluster. You can use this label to schedule pods to this GPU node.
                                                                                                                                                                
-
                                                                                                                                                                1. Log in to the CCE console.
                                                                                                                                                                2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                                                                                                                                3. In Advanced Settings, choose Scheduling and select a policy for Node Affinity. In this example, Custom policies is selected. For details about how to create a workload, see Creating a Workload.
                                                                                                                                                                  
+
                                                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                                                  2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                                                                                                                                  3. In Advanced Settings, choose Scheduling and select a policy for Node Affinity. In this example, Customize affinity is selected. For details about how to create a workload, see Creating a Workload.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                          Table 1 Key parameters
                                                                                                                                                          Parameter
                                                                                                                                                          
 
                                                                                                                                                          Mandatory
                                                                                                                                                          
+
                                                                                                                                                          Mandatory
                                                                                                                                                          
 
                                                                                                                                                          Description
                                                                                                                                                          
+
                                                                                                                                                          Description
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
 
                                                                                                                                                          everest.io/volume-as
                                                                                                                                                          
+
                                                                                                                                                          everest.io/volume-as
                                                                                                                                                          
 
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          Yes
                                                                                                                                                          
 
                                                                                                                                                          The value is fixed at absolute-path, indicating that a dynamically created SFS Turbo subdirectory is used.
                                                                                                                                                          
+
                                                                                                                                                          The value is fixed at absolute-path, indicating that a dynamically created SFS Turbo subdirectory is used.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          everest.io/sfsturbo-share-id
                                                                                                                                                          
+
                                                                                                                                                          everest.io/sfsturbo-share-id
                                                                                                                                                          
 
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          Yes
                                                                                                                                                          
 
                                                                                                                                                          SFS Turbo ID
                                                                                                                                                          
+
                                                                                                                                                          SFS Turbo ID
                                                                                                                                                          
 
                                                                                                                                                          How to obtain: Log in to the CCE console, choose Service List > Storage > Scalable File Service, and select SFS Turbo. In the list, click the name of the target SFS Turbo file system. On the details page, copy the content following ID.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          everest.io/path
                                                                                                                                                          
+
                                                                                                                                                          everest.io/path
                                                                                                                                                          
 
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          Yes
                                                                                                                                                          
 
                                                                                                                                                          Subdirectory that is automatically created, which must be an absolute path.
                                                                                                                                                          
+
                                                                                                                                                          Subdirectory that is automatically created, which must be an absolute path.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          everest.io/reclaim-policy
                                                                                                                                                          
+
                                                                                                                                                          everest.io/reclaim-policy
                                                                                                                                                          
 
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          Yes
                                                                                                                                                          
 
                                                                                                                                                          Whether to retain subdirectories when deleting a PVC. This parameter must be used with PV Reclaim Policy. This parameter is available only when the PV reclaim policy is Delete. Options:
                                                                                                                                                          
+
                                                                                                                                                          Whether to retain subdirectories when deleting a PVC. This parameter must be used with PV Reclaim Policy. This parameter is available only when the PV reclaim policy is Delete. Options:
                                                                                                                                                          
 
                                                                                                                                                          • retain-volume-only: If a PVC is deleted, the PV will be deleted, but the subdirectories associated with the PV will be retained.
                                                                                                                                                          • delete: After a PVC is deleted, the PV and its associated subdirectories will also be deleted.
                                                                                                                                                             NOTE: 
                                                                                                                                                            When a subdirectory is deleted, only the absolute path of the subdirectory configured in the PVC will be deleted. The upper-layer directory will not be deleted.
                                                                                                                                                            
 
                                                                                                                                                            
 
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          storage
                                                                                                                                                          
+
                                                                                                                                                          everest.io/csi.enable-sfsturbo-dir-quota
                                                                                                                                                          
 
                                                                                                                                                          Yes
                                                                                                                                                          
+
                                                                                                                                                          No
                                                                                                                                                          
 
                                                                                                                                                          Requested capacity in the PVC, in Gi.
                                                                                                                                                          
-
                                                                                                                                                          This parameter is only used for verification for SFS Turbo subdirectory PVCs. The value cannot be empty or 0, and can be fixed at 10 because any value you set does not take effect.
                                                                                                                                                          
+
                                                                                                                                                          Whether to enable quota limit for a subdirectory. If the value is set to true, the limit is enabled. If the value is empty or set to any other value, the limit is disabled.
                                                                                                                                                          
+
                                                                                                                                                          storage
                                                                                                                                                          
+
                                                                                                                                                          Yes
                                                                                                                                                          
+
                                                                                                                                                          Requested capacity in the PVC, in Gi.
                                                                                                                                                          
+
                                                                                                                                                          • When subdirectory capacity limit is enabled (everest.io/csi.enable-sfsturbo-dir-quota is set to true), storage indicates the capacity of a subdirectory, and its value must be an integer.
                                                                                                                                                            If storage is set to a decimal, the value will be rounded up automatically. For example, if storage is set to 10.1Gi, an 11-GiB subdirectory will be created.
                                                                                                                                                            
+
                                                                                                                                                          • If a subdirectory capacity is not limited, this parameter is meaningless and only used for verification. You can set this parameter to a fixed value 10Gi.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
                                                                                                                                                           
 
 
 
 
 
                                                                                                                                                          
@@ -15,16 +15,16 @@
 
-
-
                                                                                                                                                          Table 1 Scheduling policies
                                                                                                                                                          Parameter
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          Node Affinity
                                                                                                                                                          
 
                                                                                                                                                          • Not configured: No node affinity policy is configured.
                                                                                                                                                          • Node Affinity: Specify the nodes where workload pods are to be deployed. If no nodes are specified, the pods will be randomly scheduled according to the default cluster scheduling policy.
                                                                                                                                                          • Specified Node Pool Scheduling: Specify the node pools where workload pods are to be deployed. If no node pools are specified, the pods will be randomly scheduled according to the default cluster scheduling policy.
                                                                                                                                                          • Custom policies: allow flexible scheduling of workload pods based on node labels. For details about the supported affinity policies, see Table 2. Select a proper policy type and add a policy. For details about the parameters, see Table 3.
                                                                                                                                                          
+
                                                                                                                                                          • Not configured: No node affinity policy is configured.
                                                                                                                                                          • Specify node: Specify the nodes where workload pods are to be deployed. If no nodes are specified, the pods will be randomly scheduled according to the default cluster scheduling policy.
                                                                                                                                                          • Specify node pool: Specify the node pools where workload pods are to be deployed. If no node pools are specified, the pods will be randomly scheduled according to the default cluster scheduling policy.
                                                                                                                                                          • Customize affinity: allow flexible scheduling of workload pods based on node labels. For details about the supported affinity policies, see Table 2. Select a proper policy type and add a policy. For details about the parameters, see Table 3.
                                                                                                                                                          
 
                                                                                                                                                          Custom policies
                                                                                                                                                          
+
                                                                                                                                                          Customize affinity
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
                                                                                                                                                           
 
                                                                                                                                                          
 
                                                                                                                                                          
 
-
                                                                                                                                                        3. Select a proper node affinity rule and click  to add a scheduling policy. In this example, a scheduling policy is added in the Required area under Node Affinity. This policy specifies that the newly created workload can only be scheduled to a specific node.
                                                                                                                                                          
+
                                                                                                                                                        4. Select a proper node affinity rule and click  to add a scheduling policy. In this example, a scheduling policy is added in the Required area under Node Affinity. This policy specifies that the newly created workload can only be scheduled to a specific node.
                                                                                                                                                          
 
                                                                                                                                                          Table 2 Affinity rule
                                                                                                                                                          Parameter
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          Description
                                                                                                                                                          
diff --git a/docs/cce/umn/cce_10_0893.html b/docs/cce/umn/cce_10_0893.html
index 46e861522..ae78b5d89 100644
--- a/docs/cce/umn/cce_10_0893.html
+++ b/docs/cce/umn/cce_10_0893.html
@@ -7,9 +7,9 @@
 
                                                                                                                                                        5. Identify the affinity/anti-affinity workloads based on the workload labels and operators.
                                                                                                                                                          For example, the label selector filters the workloads that have been labeled with app=backend.
                                                                                                                                                          
 
                                                                                                                                                        6. For affinity scheduling, the scheduler chooses the topology key where the target workload is located, while for anti-affinity scheduling, it selects a topology key where the target workload is not present.
                                                                                                                                                          In this example, the workload labeled with app=backend is assigned to topology key 1. Therefore, workloads that have an affinity with the app=backend workload can be scheduled to topology key 1. Conversely, workloads that have an anti-affinity with the app=backend workload can only be scheduled to topology key 2 or 3.
                                                                                                                                                          
 
                                                                                                                                                          7. 
-
                                                                                                                                                          Figure 1 Workload affinity or anti-affinity scheduling
                                                                                                                                                          
+
                                                                                                                                                          Figure 1 Workload affinity or anti-affinity scheduling
                                                                                                                                                          
 
                                                                                                                                                          Using the CCE Console
                                                                                                                                                          In this example, a backend workload with the app=backend label has been created in the cluster. This label can be used for workload affinity or anti-affinity scheduling, allowing the newly created frontend workload labeled with app=frontend to be deployed on the same node as the backend workload. Both workloads run in topology key kubernetes.io/hostname. When you use kubernetes.io/hostname for topology classification, only one node can be assigned to each topology key because each node has a unique hostname. This enables workloads to be scheduled on the same node when workload affinity is enabled.
                                                                                                                                                          
-
                                                                                                                                                          1. Log in to the CCE console.
                                                                                                                                                          2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                                                                                                                          3. In Advanced Settings, choose Scheduling and select a policy for Load Affinity. In this example, Custom policies is selected. For details about how to create a workload, see Creating a Workload.
                                                                                                                                                            
+
                                                                                                                                                            1. Log in to the CCE console.
                                                                                                                                                            2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                                                                                                                            3. In Advanced Settings, choose Scheduling and select a policy for Load Affinity. In this example, Customize affinity is selected. For details about how to create a workload, see Creating a Workload.
                                                                                                                                                              
 
                                                                                                                                                              
 
 
                                                                                                                                                              
-
-
                                                                                                                                                              Table 1 Scheduling policies
                                                                                                                                                              Parameter
                                                                                                                                                              
@@ -22,15 +22,15 @@
 
                                                                                                                                                              
 
                                                                                                                                                              Load affinity
                                                                                                                                                              
 
                                                                                                                                                              • Not configured: No load affinity policy is configured.
                                                                                                                                                              • Multi-AZ deployment preferred: Workload pods are preferentially scheduled to nodes in different AZs through pod anti-affinity. The AZs serve as topology keys in this process.
                                                                                                                                                              • Forcible multi-AZ deployment: Workload pods are forcibly scheduled to nodes in different AZs through pod anti-affinity. The AZs serve as topology keys in this process. When this scheduling policy is used, if there are fewer nodes than pods or node resources are insufficient, the extra pods will fail to run.
                                                                                                                                                              • Custom policies: allow flexible scheduling of workload pods based on pod labels. For details about the supported scheduling policies, see Table 2. Select a proper policy type and add a policy. For details about the parameters, see Table 3.
                                                                                                                                                              
+
                                                                                                                                                              • Not configured: No load affinity policy is configured.
                                                                                                                                                              • Multi-AZ deployment preferred: Workload pods are preferentially scheduled to nodes in different AZs through pod anti-affinity. The AZs serve as topology keys in this process.
                                                                                                                                                              • Forcible multi-AZ deployment: Workload pods are forcibly scheduled to nodes in different AZs through pod anti-affinity. The AZs serve as topology keys in this process. When this scheduling policy is used, if there are fewer nodes than pods or node resources are insufficient, the extra pods will fail to run.
                                                                                                                                                              • Customize affinity: allow flexible scheduling of workload pods based on pod labels. For details about the supported scheduling policies, see Table 2. Select a proper policy type and add a policy. For details about the parameters, see Table 3.
                                                                                                                                                              
 
                                                                                                                                                              Custom policies
                                                                                                                                                              
+
                                                                                                                                                              Customize affinity
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
                                                                                                                                                               
 
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                            4. Select a proper load affinity rule and click  to add a scheduling policy. In this example, a scheduling policy is added in the Required area under Workload Affinity. This policy specifies that the newly created workload can only be scheduled to a node if a workload with specific labels is already running on that node.
                                                                                                                                                              
+
                                                                                                                                                            5. Select a proper load affinity rule and click  to add a scheduling policy. In this example, a scheduling policy is added in the Required area under Workload Affinity. This policy specifies that the newly created workload can only be scheduled to a node if a workload with specific labels is already running on that node.
                                                                                                                                                              
 
                                                                                                                                                              Table 2 Load affinity policies
                                                                                                                                                              Policy
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Rule Type
                                                                                                                                                              
@@ -85,58 +85,58 @@
 
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                            6. In the dialog box that is displayed on the right, click Add Policy to configure rules for filtering node labels.
                                                                                                                                                              
-
                                                                                                                                                              Table 3 Parameters for configuring load affinity/anti-affinity scheduling policies
                                                                                                                                                              Parameter
                                                                                                                                                              
+
                                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0896.html b/docs/cce/umn/cce_10_0896.html
index 0a8a35068..780baa0b8 100644
--- a/docs/cce/umn/cce_10_0896.html
+++ b/docs/cce/umn/cce_10_0896.html
@@ -3,9 +3,11 @@
 
                                                                                                                                                              Configuring a Custom Header Forwarding Policy for a LoadBalancer Ingress
                                                                                                                                                              Dedicated load balancer ingresses support custom header forwarding policies. You can configure different header key-value pairs to determine the backend Service to which data is forwarded.
                                                                                                                                                              
 
                                                                                                                                                              Prerequisites
                                                                                                                                                              • A CCE standard or Turbo cluster is available, and the cluster version meets the following requirements:
                                                                                                                                                                • v1.23: v1.23.16-r0 or later
                                                                                                                                                                • v1.25: v1.25.11-r0 or later
                                                                                                                                                                • v1.27: v1.27.8-r0 or later
                                                                                                                                                                • v1.28: v1.28.6-r0 or later
                                                                                                                                                                • v1.29: v1.29.2-r0 or later
                                                                                                                                                                • Other clusters of later versions
                                                                                                                                                                
-
                                                                                                                                                              • The cluster can be accessed using kubectl. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                              
+
                                                                                                                                                            7. The cluster can be accessed using kubectl. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                              8. 
 
                                                                                                                                                              
-
                                                                                                                                                              Using kubectl
                                                                                                                                                              1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                              2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                vi ingress-test.yaml
                                                                                                                                                                
+
                                                                                                                                                                Notes and Constraints
                                                                                                                                                                • This feature is only available when dedicated load balancers are used.
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                Using kubectl
                                                                                                                                                                1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                                2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                  vi ingress-test.yaml
                                                                                                                                                                  
 
                                                                                                                                                                  An example YAML file of an ingress created using an existing load balancer is as follows:
                                                                                                                                                                  apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -59,19 +61,19 @@ spec:
   ingressClassName: cce
                                                                                                                                                                  
 
                                                                                                                                                                  
 
-
                                                                                                                                                              Table 3 Parameters for configuring load affinity/anti-affinity scheduling policies
                                                                                                                                                              Parameter
                                                                                                                                                              
 
                                                                                                                                                              Description
                                                                                                                                                              
+
                                                                                                                                                              Description
                                                                                                                                                              
 
                                                                                                                                                              Example
                                                                                                                                                              
+
                                                                                                                                                              Example
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              Weight
                                                                                                                                                              
+
                                                                                                                                                              Weight
                                                                                                                                                              
 
                                                                                                                                                              This parameter is available only in a preferred scheduling policy. Weights range from 1 to 100 and are taken into account as an extra scoring factor during scheduling. The scheduler combines the weight with other priority functions of the node to determine the final score and then assigns pods to the node with the highest total score.
                                                                                                                                                              
+
                                                                                                                                                              This parameter is available only in a preferred scheduling policy. Weights range from 1 to 100 and are taken into account as an extra scoring factor during scheduling. The scheduler combines the weight with other priority functions of the node to determine the final score and then assigns pods to the node with the highest total score.
                                                                                                                                                              
 
                                                                                                                                                              None
                                                                                                                                                              
+
                                                                                                                                                              None
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Namespace
                                                                                                                                                              
+
                                                                                                                                                              Namespace
                                                                                                                                                              
 
                                                                                                                                                              Namespace for which the scheduling policy takes effect.
                                                                                                                                                              
+
                                                                                                                                                              Namespace for which the scheduling policy takes effect.
                                                                                                                                                              
 
                                                                                                                                                              default
                                                                                                                                                              
+
                                                                                                                                                              default
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Topology Key
                                                                                                                                                              
+
                                                                                                                                                              Topology Key
                                                                                                                                                              
 
                                                                                                                                                              A topology key (topologyKey) determines the range of nodes to be scheduled based on node labels, identifies affinity/anti-affinity objects based on the labels and operators, and performs scheduling based on the topology key where the target object is located.
                                                                                                                                                              
+
                                                                                                                                                              A topology key (topologyKey) determines the range of nodes to be scheduled based on node labels, identifies affinity/anti-affinity objects based on the labels and operators, and performs scheduling based on the topology key where the target object is located.
                                                                                                                                                              
 
                                                                                                                                                              • For example, if the node label is kubernetes.io/hostname, the label value will be a node name. Nodes with different names are assigned to different topology keys. This allows for workload affinity scheduling on a single node, as each topology key contains only one node.
                                                                                                                                                              • If the specified label is kubernetes.io/os, the label value will be a node OS. Nodes running different OSs are assigned to different topology keys. This allows for workload affinity scheduling on multiple nodes, as each topology key contains multiple nodes.
                                                                                                                                                                For example, if pods that meet the load affinity rule are running on a node in a topology key, all nodes in the topology key can be scheduled.
                                                                                                                                                                
 
                                                                                                                                                              
 
                                                                                                                                                              kubernetes.io/hostname
                                                                                                                                                              
+
                                                                                                                                                              kubernetes.io/hostname
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Label Key
                                                                                                                                                              
+
                                                                                                                                                              Label Key
                                                                                                                                                              
 
                                                                                                                                                              When configuring a workload affinity or anti-affinity policy, enter the workload label to be matched.
                                                                                                                                                              
+
                                                                                                                                                              When configuring a workload affinity or anti-affinity policy, enter the workload label to be matched.
                                                                                                                                                              
 
                                                                                                                                                              Both default labels and custom labels are supported.
                                                                                                                                                              
 
                                                                                                                                                              app
                                                                                                                                                              
+
                                                                                                                                                              app
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Operator
                                                                                                                                                              
+
                                                                                                                                                              Operator
                                                                                                                                                              
 
                                                                                                                                                              The following operators are supported:
                                                                                                                                                              
+
                                                                                                                                                              The following operators are supported:
                                                                                                                                                              
 
                                                                                                                                                              • In: The label of the affinity or anti-affinity object is in the label value list (values field).
                                                                                                                                                              • NotIn: The label of the affinity or anti-affinity object is not in the label value list (values field).
                                                                                                                                                              • Exists: The affinity or anti-affinity object has a specified label key.
                                                                                                                                                              • DoesNotExist: The affinity or anti-affinity object does not have a specified label key.
                                                                                                                                                              
 
                                                                                                                                                              In
                                                                                                                                                              
+
                                                                                                                                                              In
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Label Value
                                                                                                                                                              
+
                                                                                                                                                              Label Value
                                                                                                                                                              
 
                                                                                                                                                              When configuring a workload affinity or anti-affinity policy, enter the value of the workload label.
                                                                                                                                                              
+
                                                                                                                                                              When configuring a workload affinity or anti-affinity policy, enter the value of the workload label.
                                                                                                                                                              
 
                                                                                                                                                              backend
                                                                                                                                                              
+
                                                                                                                                                              backend
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
                                                                                                                                                               
 
                                                                                                                                                              
-
@@ -49,7 +49,7 @@
 
-
diff --git a/docs/cce/umn/cce_bestpractice_00162.html b/docs/cce/umn/cce_bestpractice_00162.html
index 96a5da3bc..2192ad979 100644
--- a/docs/cce/umn/cce_bestpractice_00162.html
+++ b/docs/cce/umn/cce_bestpractice_00162.html
@@ -1,12 +1,12 @@
 
                                                                                                                                                              Selecting a Network Model
                                                                                                                                                              
-
                                                                                                                                                              CCE uses proprietary, high-performance container networking add-ons to support the tunnel network, Cloud Native 2.0 network, and VPC network models.
                                                                                                                                                              
-
                                                                                                                                                               
                                                                                                                                                              After a cluster is created, the network model cannot be changed. Exercise caution when selecting a network model.
                                                                                                                                                              
+
                                                                                                                                                              CCE uses proprietary, high-performance container networking add-ons to support the tunnel, Cloud Native 2.0, and VPC network models.
                                                                                                                                                              
+
                                                                                                                                                               
                                                                                                                                                              After a cluster is created, the network model cannot be changed.
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                              • Tunnel network: The container network is an overlay tunnel network on top of a VPC network and uses the VXLAN technology. This network model is applicable when there is no high requirements on performance. VXLAN encapsulates Ethernet packets as UDP packets for tunnel transmission. Though at some cost of performance, the tunnel encapsulation enables higher interoperability and compatibility with advanced features (such as network policy-based isolation), meeting the requirements of most applications.
                                                                                                                                                                Figure 1 Container tunnel network
                                                                                                                                                                
-
                                                                                                                                                              • VPC network: The container network uses VPC routing to integrate with the underlying network. This network model is applicable to performance-intensive scenarios. The maximum number of nodes allowed in a cluster depends on the route quota in a VPC network. Each node is assigned a CIDR block of a fixed size. VPC networks are free from tunnel encapsulation overhead and outperform container tunnel networks. In addition, as VPC routing includes routes to node IP addresses and container network segment, container pods in the cluster can be directly accessed from outside the cluster.
                                                                                                                                                                Figure 2 VPC network
                                                                                                                                                                
-
                                                                                                                                                              • Cloud Native Network 2.0: The container network deeply integrates the elastic network interface (ENI) capability of VPC, uses the VPC CIDR block to allocate container addresses, and supports passthrough networking to containers through a load balancer.
                                                                                                                                                                Figure 3 Cloud Native 2.0 network
                                                                                                                                                                
+
                                                                                                                                                                • Tunnel network: The container network is an overlay tunnel network on top of a VPC network and uses the VXLAN technology. This network model is applicable when there is no high requirements on performance. VXLAN encapsulates Ethernet packets as UDP packets for tunnel transmission. Though at some cost of performance, the tunnel encapsulation enables higher interoperability and compatibility with advanced features (such as network policy-based isolation), meeting the requirements of most applications.
                                                                                                                                                                  Figure 1 Container tunnel network
                                                                                                                                                                  
+
                                                                                                                                                                • VPC network: The container network uses VPC routing to integrate with the underlying network. This network model is applicable to performance-intensive scenarios. The maximum number of nodes allowed in a cluster depends on the route quota in a VPC network. Each node is assigned a CIDR block of a fixed size. VPC networks are free from tunnel encapsulation overhead and outperform container tunnel networks. In addition, as VPC routing includes routes to node IP addresses and container network segment, container pods in the cluster can be directly accessed from outside the cluster.
                                                                                                                                                                  Figure 2 VPC network
                                                                                                                                                                  
+
                                                                                                                                                                • Cloud Native Network 2.0: The container network deeply integrates the elastic network interface (ENI) capability of VPC, uses the VPC CIDR block to allocate container addresses, and supports passthrough networking to containers through a load balancer.
                                                                                                                                                                  Figure 3 Cloud Native 2.0 network
                                                                                                                                                                  
 
                                                                                                                                                                
 
                                                                                                                                                                The following table lists the differences between the network models.
                                                                                                                                                                
 
@@ -24,9 +24,9 @@
 
 
                                                                                                                                                              
-
-
-
                                                                                                                                                              Table 1 Annotations for configuring a custom header forwarding policy
                                                                                                                                                              Parameter
                                                                                                                                                              
+
                                                                                                                                                              
-
-
-
-
-
                                                                                                                                                              Table 1 Annotations for configuring a custom header forwarding policy
                                                                                                                                                              Parameter
                                                                                                                                                              
 
                                                                                                                                                              Type
                                                                                                                                                              
+
                                                                                                                                                              Type
                                                                                                                                                              
 
                                                                                                                                                              Description
                                                                                                                                                              
+
                                                                                                                                                              Description
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              kubernetes.io/elb.headers.${svc_name}
                                                                                                                                                              
+
                                                                                                                                                              kubernetes.io/elb.headers.${svc_name}
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              Custom header of the Service associated with an ingress. ${svc_name} is the Service name.
                                                                                                                                                              
+
                                                                                                                                                              Custom header of the Service associated with an ingress. ${svc_name} is the Service name.
                                                                                                                                                              
 
                                                                                                                                                              Format: a JSON string, for example, {"key": "test", "values": ["value1", "value2"]}
                                                                                                                                                              
 
                                                                                                                                                              • key/value indicates the key-value pair of the custom header. A maximum of eight values can be configured.
                                                                                                                                                                Enter 1 to 40 characters for a key. Only letters, digits, hyphens (-), and underscores (_) are allowed.
                                                                                                                                                                
 
                                                                                                                                                                Enter 1 to 128 characters for a value. Asterisks (*) and question marks (?) are allowed, but spaces and double quotation marks are not allowed. An asterisk can match zero or more characters, and a question mark can match one character.
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0897.html b/docs/cce/umn/cce_10_0897.html
index af5e24921..9cb73cf0f 100644
--- a/docs/cce/umn/cce_10_0897.html
+++ b/docs/cce/umn/cce_10_0897.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                Binding a Security Group to a Pod Using an Annotation
                                                                                                                                                                
-
                                                                                                                                                                Application Scenarios
                                                                                                                                                                In Cloud Native 2.0 network mode, pods use ENIs or sub-ENIs of the VPC. You can configure a security group for a pod using a pod's annotation.
                                                                                                                                                                
+
                                                                                                                                                                Application Scenarios
                                                                                                                                                                In Cloud Native Network 2.0, pods use ENIs or sub-ENIs of the VPC. You can configure a security group for a pod using a pod's annotation.
                                                                                                                                                                
 
                                                                                                                                                                Configure a security group in either of the following cases:
                                                                                                                                                                
 
                                                                                                                                                                • To newly bind a security group to a pod, use annotation yangtse.io/security-group-ids.
                                                                                                                                                                • To bind more security groups to a pod, use annotation yangtse.io/additional-security-group-ids.
                                                                                                                                                                
 
                                                                                                                                                                 
                                                                                                                                                                The priority of the security group bound to a pod using annotation yangtse.io/security-group-ids is higher than those of the security groups in the security group policy (SecurityGroup) and cluster container network configuration (NetworkAttachmentDefinition).
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0906.html b/docs/cce/umn/cce_10_0906.html
index 1c97705d6..a81305ee3 100644
--- a/docs/cce/umn/cce_10_0906.html
+++ b/docs/cce/umn/cce_10_0906.html
@@ -1,11 +1,20 @@
 
 
-
                                                                                                                                                                Configuring Pod Subnets of a Cluster
                                                                                                                                                                
+
                                                                                                                                                                Configuring a Default Container Subnet for a CCE Turbo Cluster
                                                                                                                                                                
 
                                                                                                                                                                Scenario
                                                                                                                                                                If the pod subnet configured during CCE Turbo cluster creation cannot meet service expansion requirements, you can add a pod subnet for the cluster.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Notes and Constraints
                                                                                                                                                                • This function is available only for CCE Turbo clusters of v1.19 or later.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Procedure
                                                                                                                                                                1. Log in to the CCE console and access the CCE Turbo cluster console.
                                                                                                                                                                2. On the Overview page, locate the Networking Configuration area and click Add.
                                                                                                                                                                3. Select a pod subnet in the same VPC. You can add multiple pod subnets at a time. If no other pod subnet is available, go to the VPC console and create one.
                                                                                                                                                                4. Click OK.
                                                                                                                                                                
+
                                                                                                                                                                Procedure for Adding a Default Subnet
                                                                                                                                                                1. Log in to the CCE console and access the CCE Turbo cluster console.
                                                                                                                                                                2. On the Overview page, locate the Networking Configuration area and click Add.
                                                                                                                                                                3. Select a pod subnet in the same VPC. You can add multiple pod subnets at a time. If no other pod subnet is available, go to the VPC console and create one.
                                                                                                                                                                4. Click OK.
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                Procedure for Deleting a Default Subnet
                                                                                                                                                                 
                                                                                                                                                                Pod subnets can be deleted from clusters of v1.23.17-r0, v1.25.12-r0, v1.27.9-r0, v1.28.7-r0, v1.29.3-r0, or later versions.
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                1. Log in to the CCE console and access the CCE Turbo cluster console.
                                                                                                                                                                2. On the Settings page, click the Network tab.
                                                                                                                                                                3. In the Container Network area, click Update in the Operation column of default-network (Default Container Subnet).
                                                                                                                                                                4. In the Pod Subnet area, deselect the subnets to be deleted and click OK.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                   
                                                                                                                                                                  • Deleting a pod subnet is risky. Make sure that no ENI in the cluster is using the subnet that you plan to delete. This includes ENIs that are being used by pods and prebound ENIs in the cluster.
                                                                                                                                                                    To find out if any ENIs are being used by a cluster, copy the ID of the subnet that you plan to delete. Then, access Network Console and use this ID to filter the ENIs and sub-ENIs associated with the VPC subnet on the Network Interfaces tab page. If the name or description of any of the filtered ENIs contains a cluster ID, then those ENIs are being used by the cluster.
                                                                                                                                                                    
+
                                                                                                                                                                  • After a subnet is deleted, the security group of the cluster node will not automatically remove the rules associated with the subnet. Make sure that no ENIs in the cluster are still using the subnet and manually clear these rules that are associated with it.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0908.html b/docs/cce/umn/cce_10_0908.html
index 9e775ee40..328952f14 100644
--- a/docs/cce/umn/cce_10_0908.html
+++ b/docs/cce/umn/cce_10_0908.html
@@ -10,6 +10,8 @@
 
                                                                                                                                                                  
 
                                                                                                                                                                • Cloud Native Cluster Monitoring
                                                                                                                                                                  
 
                                                                                                                                                                  • 
+
                                                                                                                                                                • Cloud Native Log Collection
                                                                                                                                                                  
+
                                                                                                                                                                  • 
 
                                                                                                                                                                • CCE Node Problem Detector
                                                                                                                                                                  
 
                                                                                                                                                                  • 
 
                                                                                                                                                                • Kubernetes Metrics Server
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0909.html b/docs/cce/umn/cce_10_0909.html
index 2061d0904..4ed2605b8 100644
--- a/docs/cce/umn/cce_10_0909.html
+++ b/docs/cce/umn/cce_10_0909.html
@@ -1,7 +1,11 @@
 
 
-
                                                                                                                                                                  Cloud Native Heterogeneous Computing Add-ons
                                                                                                                                                                  
-
                                                                                                                                                                  
+
+  
                                                                                                                                                                  Cloud Native Heterogeneous Computing Add-ons
                                                                                                                                                                  
+
+  
                                                                                                                                                                  
+
                                                                                                                                                                  
+
 
                                                                                                                                                                  
 
                                                                                                                                                                    
 
                                                                                                                                                                  • CCE AI Suite (NVIDIA GPU)
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0916.html b/docs/cce/umn/cce_10_0916.html
index d052bba97..10308e855 100644
--- a/docs/cce/umn/cce_10_0916.html
+++ b/docs/cce/umn/cce_10_0916.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                     
                                                                                                                                                                    • If a dedicated load balancer is used, the function of obtaining the client IP address is enabled by default.
                                                                                                                                                                    • After the function of obtaining the client IP address is enabled, if you delete the target annotation from the YAML file, the configuration on the ELB will be retained.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    Prerequisites
                                                                                                                                                                    • A Kubernetes cluster is available and the cluster version meets the following requirements:
                                                                                                                                                                      • v1.23: v1.23.17-r0 or later
                                                                                                                                                                      • v1.25: v1.25.12-r0 or later
                                                                                                                                                                      • v1.27: v1.27.9-r0 or later
                                                                                                                                                                      • v1.28: v1.28.7-r0 or later
                                                                                                                                                                      • v1.29: v1.29.3-r0 or later
                                                                                                                                                                      • Other clusters of later versions
                                                                                                                                                                      
-
                                                                                                                                                                    • The cluster can be accessed using kubectl. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                    
+
                                                                                                                                                                  • The cluster can be accessed using kubectl. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  Notes and Constraints
                                                                                                                                                                  In CCE standard clusters, this setting takes effect only when Service affinity is set to the node level affinity (with externalTrafficPolicy set to Local).
                                                                                                                                                                  
 
                                                                                                                                                                  In CCE Turbo clusters, this setting cannot take effect, because Service affinity cannot be set to the node level affinity and externalTrafficPolicy cannot be set to Local.
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0919.html b/docs/cce/umn/cce_10_0919.html
new file mode 100644
index 000000000..afd95ad4a
--- /dev/null
+++ b/docs/cce/umn/cce_10_0919.html
@@ -0,0 +1,100 @@
+
+
+
                                                                                                                                                                  Optimizing NGINX Ingress Controller in High-Traffic Scenarios
                                                                                                                                                                  
+
                                                                                                                                                                  Ingress objects provide Layer 7 protocols like HTTP and HTTPS for clusters. Among the available options, Nginx ingresses are widely used. CCE has developed a featured open-source add-on called NGINX Ingress Controller, which is an enhanced version of the community solution. This add-on offers advanced Layer 7 load balancing features. In high-concurrency scenarios, the pre-allocated resources such as CPU and memory and network connections of the add-on may not be robust enough to handle the application needs. This can affect the application performance. This section describes how to optimize NGINX Ingress Controller in high-traffic scenarios.
                                                                                                                                                                  
+
                                                                                                                                                                   
                                                                                                                                                                  The optimization involves the rolling upgrade of the NGINX ingress container. You are advised to perform the optimization during off-peak hours.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Prerequisites
                                                                                                                                                                  The NGINX Ingress Controller add-on has been installed in the target cluster.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Suggestions
                                                                                                                                                                  The following provides some suggestions on optimizing the NGINX Ingress Controller add-on in high-traffic scenarios.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Using a High-Performance Node
                                                                                                                                                                  In high-concurrency scenarios, ingresses typically need a large number of CPUs and network connections, so you can select a computing-plus ECS to run the add-on instances.
                                                                                                                                                                  
+
                                                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                                                  2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                                  3. Click Create Node Pool in the upper right corner to create a node pool and add two nodes to the node pool. The node pool can be dedicated for the NGINX Ingress Controller add-on. For details, see Creating a Node Pool.
                                                                                                                                                                    For high-concurrency scenarios, you can select a high-performance ECS such as the general computing-plus c7.8xlarge.2 ECS, with 32 cores, 64 GiB of memory, a maximum bandwidth of 30 Gbit/s, and 5.5 million PPS.
                                                                                                                                                                    
+
                                                                                                                                                                  4. In the Advanced Settings area, configure labels and taints for the node pool.
                                                                                                                                                                    • Configure a taint and set its key to nginx-ingress-pod-reserved, value to true, and the effect to NoExecute.
                                                                                                                                                                    • Configure a label and set its key to nginx-ingress-pod-reserved and value to true.
                                                                                                                                                                    
+
                                                                                                                                                                  5. In the navigation pane, choose Add-ons, edit the configurations of NGINX Ingress Controller, and modify the scheduling policies.
                                                                                                                                                                    • Node Affinity: Set it to Customize affinity and configure the add-on to be affinity for the nginx-ingress-pod-reserved: true label.
                                                                                                                                                                    • Toleration: Add a toleration and configure the add-on to tolerate the taint whose label is nginx-ingress-pod-reserved: true and the taint policy is NoExecute.
                                                                                                                                                                    
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Modifying the NGINX Ingress Controller Configuration
                                                                                                                                                                  You can perform the following operations when installing or editing NGINX Ingress Controller:
                                                                                                                                                                  • Change the resource limit of the nginx-ingress-controller container. If an application processes HTTP requests with a PRS of 300,000, you can configure the CPU and memory limits, as well as the requested CPU and memory, to 16 vCPU cores and 20 GiB of memory.
                                                                                                                                                                  • Set the number of pods to be greater than or equal to 2.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  • Disable the metric collection of the add-on.
                                                                                                                                                                    If you do not need to obtain metrics, you are advised to disable metric collection to reduce the CPU and memory usage of the Nginx container.
                                                                                                                                                                    
+
                                                                                                                                                                  • Optimize the global configuration by doing as follows:
                                                                                                                                                                    • Increase the maximum number of requests that a keepalive connection can handle.
                                                                                                                                                                      Nginx provides the keepalive_requests parameter to control how many requests a single keepalive connection between a client and an upstream server can handle. This parameter defaults to 100.
                                                                                                                                                                      
+
                                                                                                                                                                      If the number of requests in a keepalive connection exceeds this limit, the connection will be disconnected and then re-established. For an ingress in a private network, a single client may have a high QPS, such as 10,000 QPS. This can cause Nginx to frequently disconnect keepalive connections from the client, resulting in a large number of connections in the TIME_WAIT state.
                                                                                                                                                                      
+
                                                                                                                                                                      To avoid this, it is recommended that you increase the maximum number of requests for a keepalive connection between Nginx and the client in high-concurrency scenarios. This can be achieved by setting keep-alive-requests in Nginx ingresses to 10000. For details, see keep-alive-requests.
                                                                                                                                                                      
+
                                                                                                                                                                      You can also control the number of requests in a keepalive connection between the client and the upstream server by setting upstream-keepalive-requests. For details, see upstream-keepalive-requests.
                                                                                                                                                                      
+
                                                                                                                                                                       
                                                                                                                                                                      The upstream-keepalive-requests parameter is not needed in a non-high-concurrency scenario. If you set this parameter to a high value, it may cause a load imbalance. This is because when Nginx maintains a keepalive connection with the upstream for too long, the number of times connections scheduled will decrease, resulting in a traffic load imbalance.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                    • Increase the maximum number of idle keepalive connections.
                                                                                                                                                                      You can configure the keepalive parameter for the connections between Nginx and an upstream server. This parameter specifies the maximum number of idle connections and defaults to 320.
                                                                                                                                                                      
+
                                                                                                                                                                      In a high-concurrency scenario, there are many requests and connections. However, in a real production environment, requests are not evenly distributed, and some connections may be temporarily idle. If the number of idle connections increases, they will be terminated. This can result in Nginx frequently disconnecting and reconnecting to the upstream server, leading to a significant increase in the TIME_WAIT connections. To avoid this, it is recommended that you set keepalive to 1000 in high-concurrency scenarios. For details, see upstream-keepalive-connections.
                                                                                                                                                                      
+
                                                                                                                                                                    • Increase the maximum number of connections for a single worker.
                                                                                                                                                                      The max-worker-connections parameter sets the maximum number of connections that each worker process can handle. For high-concurrency scenarios, it is recommended that you increase this value to, for instance, 65536, to enable Nginx to manage more connections. For details, see max-worker-connections.
                                                                                                                                                                      
+
                                                                                                                                                                    • Reduce the gateway timeout.
                                                                                                                                                                      Nginx connects to an upstream pod via TCP and communicates with it, using three timeout parameter configurations.
                                                                                                                                                                      • proxy-connect-timeout: specifies the timeout for establishing a connection between Nginx and an upstream pod. The default value for an Nginx ingress is 5 seconds. Nginx and services communicate with each other in the same data center over a private network, so the timeout can be reduced to, for example, 3 seconds. For details, see proxy-connect-timeout.
                                                                                                                                                                      • proxy-read-timeout and proxy-send-timeout: control the timeout of read and write operations between Nginx and an upstream pod. The values for an Nginx ingress default to 60 seconds. However, if there are service exceptions that cause a sharp increase in response time, abnormal requests can occupy the ingress gateway for an extended period. To prevent this, it is recommended that, after the latency of all normal service requests reached P99.99, you reduce the read/write timeout between the gateway and upstream pod to a suitable value, such as 30 seconds. This allows Nginx to interrupt abnormal requests promptly and prevent prolonged breakdowns. For details, see proxy-read-timeout and proxy-send-timeout.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Optimizing Nginx Kernel Parameters
                                                                                                                                                                   
                                                                                                                                                                  Before modifying a kernel parameter, it is important to have a full understanding of its meaning and function. Exercise caution when making changes, because incorrect settings can lead to unexpected system errors and instability.
                                                                                                                                                                  
+
                                                                                                                                                                  You need to make sure that:
                                                                                                                                                                  
+
                                                                                                                                                                  1. You have fully understood the functions and impacts of kernel parameters. This helps you set kernel parameters correctly.
                                                                                                                                                                  2. The parameter values you entered must be valid and meet the expectation, or the modification will not take effect.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  You can optimize kernel parameters of Nginx ingresses and configure kernel parameters using initContainers by doing as follows:
                                                                                                                                                                  
+
                                                                                                                                                                  By default, CCE enables kernel parameter tuning for the NGINX Ingress Controller add-on of 2.2.75, 2.6.26, 3.0.1, and later versions.
                                                                                                                                                                  
+
                                                                                                                                                                  • Increase the size of the connection queue.
                                                                                                                                                                    In a high-concurrency scenario, the connection queue may overflow if it is too small, resulting in the failure to establish some connections. The size of the connection queue for the process listener socket is determined by the net.core.somaxconn kernel parameter. By modifying this parameter, you can increase the size of the Nginx ingress connection queue.
                                                                                                                                                                    
+
                                                                                                                                                                    When a process uses the listen system to listen on ports, it passes in the backlog parameter, which sets the size of the socket connection queue. The value of backlog cannot exceed that of somaxconn. The Go program standard library uses the somaxconn value as the default queue size when listening. However, Nginx does not read somaxconn when listening on the socket. Instead, it reads nginx.conf. In the configuration items for listening ports in nginx.conf, you can set the backlog parameter to specify the connection queue size for Nginx listening port. The following shows an example configuration:
                                                                                                                                                                    
+
                                                                                                                                                                    server {
+    listen  80  backlog=1024;
+    ...
                                                                                                                                                                    
+
                                                                                                                                                                    If the value backlog is not specified, the default value 511 is used. By default, the maximum size of the connection queue for the Nginx listening port is 511, even if the value of somaxconn is greater than 511. This can lead to connection queue overflow in high-concurrency scenarios.
                                                                                                                                                                    
+
                                                                                                                                                                    The NGINX Ingress Controller can automatically read and use the value of somaxconn as the backlog value, which is then written to the generated nginx.conf file. This means that the connection queue size for an Nginx ingress is determined solely by somaxconn, and the default size in CCE is 4096. In a high-concurrency scenario, it is recommended that you run the following command to set somaxconn to 65535:
                                                                                                                                                                    
+
                                                                                                                                                                    sysctl -w net.core.somaxconn=65535
                                                                                                                                                                    
+
                                                                                                                                                                  • Expand the range of source ports.
                                                                                                                                                                    In a high-concurrency scenario, an Nginx ingress establishes connections with an upstream server using a large number of source ports. The range of source ports is randomly selected from the range defined in the net.ipv4.ip_local_port_range kernel parameter. In such scenarios, a small port range can quickly exhaust source ports, leading to abnormal connections. The default source port range for pods created in CCE is 32768 to 60999. To expand the range to 1024 to 65535, run the following command:
                                                                                                                                                                    
+
                                                                                                                                                                    sysctl -w net.ipv4.ip_local_port_range="1024 65535"
                                                                                                                                                                    
+
                                                                                                                                                                  • Adjust TIME_WAIT.
                                                                                                                                                                    You can enable TIME_WAIT reuse for Nginx ingresses, allowing TIME_WAIT connections to be reused for new TCP connections. Additionally, reducing the value of net.ipv4.tcp_fin_timeout in FIN_WAIT2 state and net.netfilter.nf_conntrack_tcp_timeout_time_wait in the TIME_WAIT state can help release resources occupied by them more quickly. To enable TIME_WAIT reuse, run the following commands:
                                                                                                                                                                    
+
                                                                                                                                                                    sysctl -w net.ipv4.tcp_fin_timeout=15
+sysctl -w net.netfilter.nf_conntrack_tcp_timeout_time_wait=30
                                                                                                                                                                    
+
                                                                                                                                                                  
+
                                                                                                                                                                  Add initContainers to NGINX Ingress Controller pods and configure the preceding kernel parameters. The following shows an example:
                                                                                                                                                                  
+
                                                                                                                                                                  ...
+initContainers:
+  - name: setsysctl
+    image: ***(By default, CCE uses the nginx-ingress image of the community.)
+    securityContext:
+      runAsUser: 0
+      runAsGroup: 0
+      capabilities:
+        add:
+          - SYS_ADMIN
+        drop:
+          - ALL
+    command:
+      - sh
+      - -c
+      - |
+        if [ "$POD_IP" != "$HOST_IP" ]; then
+           mount -o remount rw /proc/sys
+           if [ $? -eq 0 ]; then
+             sysctl -w net.core.somaxconn=65535
+             sysctl -w net.ipv4.ip_local_port_range="1024 65535"
+             sysctl -w net.ipv4.tcp_fin_timeout=15
+             sysctl -w net.netfilter.nf_conntrack_tcp_timeout_time_wait=30
+           else
+             echo "Failed to remount /proc/sys as read-write. Skipping sysctl commands."
+           fi
+         fi
+    env:
+      - name: POD_IP
+        valueFrom:
+          fieldRef:
+            apiVersion: v1
+            fieldPath: status.podIP
+      - name: HOST_IP
+        valueFrom:
+          fieldRef:
+            apiVersion: v1
+            fieldPath: status.hostIP
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
+
diff --git a/docs/cce/umn/cce_10_0924.html b/docs/cce/umn/cce_10_0924.html
index c426fe8d0..a4e42acd5 100644
--- a/docs/cce/umn/cce_10_0924.html
+++ b/docs/cce/umn/cce_10_0924.html
@@ -1,13 +1,13 @@
 
 
-
                                                                                                                                                                  Configuring a Custom EIP for a LoadBalancer Service
                                                                                                                                                                  
+
                                                                                                                                                                  Changing a Custom EIP for a LoadBalancer Service
                                                                                                                                                                  
 
                                                                                                                                                                  You can customize the EIP bound to a load balancer that is automatically created by CCE by adding the kubernetes.io/elb.custom-eip-id annotation to a Service.
                                                                                                                                                                  
 
                                                                                                                                                                  Prerequisites
                                                                                                                                                                  • A Kubernetes cluster is available and the cluster version meets the following requirements:
                                                                                                                                                                    • v1.23: v1.23.18-r0 or later
                                                                                                                                                                    • v1.25: v1.25.13-r0 or later
                                                                                                                                                                    • v1.27: v1.27.10-r0 or later
                                                                                                                                                                    • v1.28: v1.28.8-r0 or later
                                                                                                                                                                    • v1.29: v1.29.4-r0 or later
                                                                                                                                                                    • v1.30: v1.30.1-r0 or later
                                                                                                                                                                    
-
                                                                                                                                                                  • The cluster can be accessed using kubectl. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                  
+
                                                                                                                                                                • The cluster can be accessed using kubectl. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Notes and Constraints
                                                                                                                                                                • A custom EIP for a Service can be configured only when the Service is being updated, and the Service's annotation contains kubernetes.io/elb.eip-id.
                                                                                                                                                                • A custom EIP must be unbound to any resources.
                                                                                                                                                                • After you configure a custom EIP for a load balancer, if the existing EIP bound to the load balancer was automatically created by CCE during load balancer creation and is not being used by any other resources, the existing EIP will be deleted automatically when the associated Service is deleted. However, if the existing EIP was manually created, it will be unbound from the load balancer when you delete the Service, and you will need to manually delete the EIP.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Using kubectl
                                                                                                                                                                1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                2. Automatically create a load balancer with an EIP bound when creating a Service. For details, see Using kubectl to Create a Service (Automatically Creating a Load Balancer).
                                                                                                                                                                  An example YAML file of a Service created using a dedicated load balancer is as follows:
                                                                                                                                                                  apiVersion: v1
+
                                                                                                                                                                  Using kubectl
                                                                                                                                                                  1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                                  2. Automatically create a load balancer with an EIP bound when creating a Service. For details, see Using kubectl to Create a Service (Automatically Creating a Load Balancer).
                                                                                                                                                                    An example YAML file of a Service created using a dedicated load balancer is as follows:
                                                                                                                                                                    apiVersion: v1
 kind: Service
 metadata:
   annotations:
@@ -116,7 +116,7 @@ metadata:
     kubernetes.io/elb.autocreate: '{"type":"public","bandwidth_name":"aaaaa","bandwidth_chargemode":"bandwidth","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_g-vm","name":"xxx","available_zone":["xxx"],"elb_virsubnet_ids":["fc0c61cd-c987-49c4-99a4-b7d816b57581"],"l7_flavor_name":"","l4_flavor_name":"L4_flavor.elb.pro.max","vip_subnet_cidr_id":"cf35b03f-c6ca-4f75-aa70-e2166cb1f800"}'
     kubernetes.io/elb.eip-id: 8560972c-2cc5-4699-94d6-e46f146eb73d     # ID of the EIP automatically assigned during load balancer creation
     kubernetes.io/elb.custom-eip-id: 88c197a1-cb85-4b38-b672-1d60dc5d00db  # ID of the custom EIP
-    kubernetes.io/elb.custom-eip-status: '{"id":"88c197a1-cb85-4b38-b672-1d60dc5d00db","public_ip_address":"2.2.2.2"}' # After the custom EIP is configured, record the EIP's ID and IP address.
+    kubernetes.io/elb.custom-eip-status: '{"id":"88c197a1-cb85-4b38-b672-1d60dc5d00db","public_ip_address":"2.2.2.2"}' # After the custom EIP is configured, record the EIP and its ID.
     kubernetes.io/elb.class: performance
     kubernetes.io/elb.id: 0e78a84a-7deb-4747-aeb6-09b6a820b001
   labels:
diff --git a/docs/cce/umn/cce_10_0925.html b/docs/cce/umn/cce_10_0925.html
index bf89c3422..3e0cc9429 100644
--- a/docs/cce/umn/cce_10_0925.html
+++ b/docs/cce/umn/cce_10_0925.html
@@ -3,11 +3,11 @@
 
                                                                                                                                                                    Configuring a Custom EIP for a LoadBalancer Ingress
                                                                                                                                                                    
 
                                                                                                                                                                    You can customize the EIP bound to a load balancer that is automatically created by CCE by adding the kubernetes.io/elb.custom-eip-id annotation to an ingress.
                                                                                                                                                                    
 
                                                                                                                                                                    Prerequisites
                                                                                                                                                                    • A CCE standard or Turbo cluster is available, and the cluster version meets the following requirements:
                                                                                                                                                                      • v1.23: v1.23.18-r0 or later
                                                                                                                                                                      • v1.25: v1.25.13-r0 or later
                                                                                                                                                                      • v1.27: v1.27.10-r0 or later
                                                                                                                                                                      • v1.28: v1.28.8-r0 or later
                                                                                                                                                                      • v1.29: v1.29.4-r0 or later
                                                                                                                                                                      • v1.30: v1.30.1-r0 or later
                                                                                                                                                                      • Other clusters of later versions
                                                                                                                                                                      
-
                                                                                                                                                                    • The cluster can be accessed using kubectl. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                    
+
                                                                                                                                                                  3. The cluster can be accessed using kubectl. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                              
 
 
                                                                                                                                                              Notes and Constraints
                                                                                                                                                              • A custom EIP for an ingress can be configured only when an ingress is being updated, and the ingress' annotation contains kubernetes.io/elb.eip-id.
                                                                                                                                                              • A custom EIP must be unbound to any resources.
                                                                                                                                                              • After you configure a custom EIP for a load balancer, if the existing EIP bound to the load balancer was automatically created by CCE during load balancer creation and is not being used by any other resources, the existing EIP will be deleted automatically when the associated ingress is deleted. However, if the existing EIP was manually created, it will be unbound from the load balancer when you delete the ingress, and you will need to manually delete the EIP.
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                              Using kubectl
                                                                                                                                                              1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                              2. Automatically create a load balancer with an EIP bound when creating an ingress. For details, see Automatically Creating a Load Balancer While Creating an Ingress.
                                                                                                                                                                An example YAML file of an ingress created using a shared load balancer is as follows:
                                                                                                                                                                apiVersion: networking.k8s.io/v1
+
                                                                                                                                                                Using kubectl
                                                                                                                                                                1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                                2. Automatically create a load balancer with an EIP bound when creating an ingress. For details, see Automatically Creating a Load Balancer While Creating an Ingress.
                                                                                                                                                                  An example YAML file of an ingress created using a shared load balancer is as follows:
                                                                                                                                                                  apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   annotations:
diff --git a/docs/cce/umn/cce_10_0927.html b/docs/cce/umn/cce_10_0927.html
index 95622d029..047bb39e3 100644
--- a/docs/cce/umn/cce_10_0927.html
+++ b/docs/cce/umn/cce_10_0927.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                  Preventing Cluster Deletion
                                                                                                                                                                  
 
                                                                                                                                                                  Unexpected deletion of clusters can occur in practice, especially when multiple users share an account and accidentally delete clusters that do not belong to them. To prevent this issue, you can protect critical clusters against unexpected deletion through the console or APIs.
                                                                                                                                                                  
-
                                                                                                                                                                  Procedure
                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                  2. In the navigation pane, choose Settings.
                                                                                                                                                                  3. On the Dashboard tab page, locate Cluster Deletion Protection in the Cluster Settings area and click Enable. After this function is enabled, you are not allowed to delete clusters on CCE.
                                                                                                                                                                  
+
                                                                                                                                                                  Preventing Cluster Deletion
                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                  2. In the navigation pane, choose Settings.
                                                                                                                                                                  3. On the Dashboard tab page, locate Cluster Deletion Protection in the Cluster Settings area and click Enable. After this function is enabled, you are not allowed to delete clusters on CCE.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0934.html b/docs/cce/umn/cce_10_0934.html
index 97410186b..70682fbfb 100644
--- a/docs/cce/umn/cce_10_0934.html
+++ b/docs/cce/umn/cce_10_0934.html
@@ -7,13 +7,13 @@
 
                                                                                                                                                                  AHPA can work with HPA and CronHPA to scale pods in complex scenarios.
                                                                                                                                                                  
 
                                                                                                                                                                  AHPA allows you to change the maximum and minimum number of pods in an HPA policy based on the recommended result, or directly adjust the number of pods in a Deployment.
                                                                                                                                                                  
 
                                                                                                                                                                  AHPA and CronHPA share the same approach for adjusting the maximum and minimum pod numbers specified in an HPA policy. For details, see Using CronHPA to Adjust the HPA Scaling Scope.
                                                                                                                                                                  
-
                                                                                                                                                                  
+
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  Prerequisites
                                                                                                                                                                  • The CCE Advanced HPA add-on of v1.5.2 or later has been installed in the cluster. For details, see CCE Advanced HPA.
                                                                                                                                                                  • The Cloud Native Cluster Monitoring add-on has been installed in the cluster, and the monitoring data is reported to AOM. For details, see Cloud Native Cluster Monitoring.
                                                                                                                                                                  
+
                                                                                                                                                                  Prerequisites
                                                                                                                                                                  • CCE Advanced HPA of v1.5.2 or later has been installed in the cluster.
                                                                                                                                                                  • The Cloud Native Cluster Monitoring add-on has been installed in the cluster, and the monitoring data is reported to AOM. For details, see Cloud Native Cluster Monitoring.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  Notes and Constraints
                                                                                                                                                                  • AHPA policies apply only to clusters of v1.23 or later.
                                                                                                                                                                  • For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS volumes mounted, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                                                                                  • The specifications of the CCE Advanced HPA add-on are determined based on the total number of containers in the cluster and the number of scaling policies. Configure 500m CPU cores and 1000 MiB of memory for every 5000 containers, and 100m CPU cores and 500 MiB of memory for every 1000 scaling policies.
                                                                                                                                                                  • AHPA needs extra memory as it analyzes and processes historical workload data. It is advised to allocate 100m CPU cores and 300 MiB of memory for every 100 AHPA policies.
                                                                                                                                                                  • After an AHPA policy is created, the type of its associated workload cannot be changed.
                                                                                                                                                                  • Either an AHPA policy or a CustomedHPA policy can be enabled.
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  Using AHPA
                                                                                                                                                                  1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                  2. Deploy a sample workload. If a workload already runs in the cluster, skip this step. It is advised to use a workload that has been monitored for over seven days, as AHPA requires a minimum of seven days of monitoring data.
                                                                                                                                                                    kubectl create -f hamster.yaml
                                                                                                                                                                    
+
                                                                                                                                                                    Using AHPA
                                                                                                                                                                    1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                                    2. Deploy a sample workload. If a workload already runs in the cluster, skip this step. It is advised to use a workload that has been monitored for over seven days, as AHPA requires a minimum of seven days of monitoring data.
                                                                                                                                                                      kubectl create -f hamster.yaml
                                                                                                                                                                      
 
                                                                                                                                                                      Example configuration of hamster.yaml:
                                                                                                                                                                      apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -136,7 +136,7 @@ spec:
 
                                                                                                                                                                      
 
                                                                                                                                                                    
 
                                                                                                                                                                  3. After AOM has collected at least seven days of monitoring data for the target workload, AHPA can create a model and suggest the appropriate number of pods. Wait for the recommended number of pods to be provided and run the following command to check AHPA resource details:
                                                                                                                                                                    kubectl get ahpa hamster-ahpa -oyaml
                                                                                                                                                                    
-
                                                                                                                                                                    The command output is as follows:
                                                                                                                                                                    
+
                                                                                                                                                                    Command output:
                                                                                                                                                                    
 
                                                                                                                                                                    apiVersion: autoscaling.cce.io/v1alpha1
 kind: AdvancedHorizontalPodAutoscaler
 metadata:
@@ -196,6 +196,9 @@ status:
   currentReplicas: 10
   desiredReplicas: 10
   lastScaleTime: "2024-10-07T13:24:19Z"
                                                                                                                                                                    
+
                                                                                                                                                                  4. If you no longer need an AHPA policy, run the following command to delete it:
                                                                                                                                                                    kubectl delete ahpa hamster-ahpa
                                                                                                                                                                    
+
                                                                                                                                                                    During the validity period of AHPA, you can use custom ahpacheckpoint resources to keep the recommended settings for the next 6 hours. If you do not need this configuration, manually delete it.
                                                                                                                                                                    
+
                                                                                                                                                                    kubectl delete ahpacheckpoint hamster-ahpa
                                                                                                                                                                    
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0935.html b/docs/cce/umn/cce_10_0935.html
index a4ae3f784..93ed6d001 100644
--- a/docs/cce/umn/cce_10_0935.html
+++ b/docs/cce/umn/cce_10_0935.html
@@ -36,6 +36,8 @@
 
                                                                                                                                                                  3. 
 
                                                                                                                                                                3. Configuring Advanced Forwarding Rules for a LoadBalancer Ingress
                                                                                                                                                                  
 
                                                                                                                                                                  4. 
+
                                                                                                                                                                4. Configuring Advanced Forwarding Actions for a LoadBalancer Ingress
                                                                                                                                                                  
+
                                                                                                                                                                  5. 
 
 
 
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0936.html b/docs/cce/umn/cce_10_0936.html
index 65880a6ab..b4826e5b7 100644
--- a/docs/cce/umn/cce_10_0936.html
+++ b/docs/cce/umn/cce_10_0936.html
@@ -14,6 +14,10 @@
 
 
                                                                                                                                                                5. Configuring Consistent Hashing for Load Balancing of an Nginx Ingress
                                                                                                                                                                  
 
                                                                                                                                                                  6. 
+
                                                                                                                                                                6. Optimizing NGINX Ingress Controller in High-Traffic Scenarios
                                                                                                                                                                  
+
                                                                                                                                                                  7. 
+
                                                                                                                                                                7. Configuring an ELB Certificate for NGINX Ingress Controller
                                                                                                                                                                  
+
                                                                                                                                                                  8. 
 
 
 
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0937.html b/docs/cce/umn/cce_10_0937.html
index 698d05138..2a2c56ec5 100644
--- a/docs/cce/umn/cce_10_0937.html
+++ b/docs/cce/umn/cce_10_0937.html
@@ -5,7 +5,9 @@
 
                                                                                                                                                                  Prerequisites
                                                                                                                                                                  • A CCE standard or Turbo cluster is available, and the cluster version meets the following requirements:
                                                                                                                                                                    • v1.23: v1.23.14-r0 or later
                                                                                                                                                                    • v1.25: v1.25.9-r0 or later
                                                                                                                                                                    • v1.27: v1.27.6-r0 or later
                                                                                                                                                                    • v1.28: v1.28.4-r0 or later
                                                                                                                                                                    • Other clusters of later versions
                                                                                                                                                                    
 
                                                                                                                                                                  • An available workload has been deployed in the cluster for external access. If no workload is available, deploy a workload by referring to Creating a Deployment, Creating a StatefulSet, or Creating a DaemonSet.
                                                                                                                                                                  • A Service for external access has been configured for the workload. Services Supported by LoadBalancer Ingresses lists the Service types supported by LoadBalancer ingresses.
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  Using kubectl
                                                                                                                                                                  1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                  2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                    vi ingress-test.yaml
                                                                                                                                                                    
+
                                                                                                                                                                    Notes and Constraints
                                                                                                                                                                    Multiple listening ports can be configured for an ingress only when a dedicated load balancer is used.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Using kubectl
                                                                                                                                                                    1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                                    2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                      vi ingress-test.yaml
                                                                                                                                                                      
 
                                                                                                                                                                      The following shows an example configuration using an existing load balancer:
                                                                                                                                                                      
 
                                                                                                                                                                      apiVersion: networking.k8s.io/v1
 kind: Ingress
@@ -34,22 +36,22 @@ spec:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                                                                      
 
                                                                                                                                                                      
 
-
                                                                                                                                                                      
-
-
@@ -69,13 +69,6 @@
 
-
-
-
-
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      Table 1 Annotations for custom listening ports
                                                                                                                                                                      Parameter
                                                                                                                                                                      
+
                                                                                                                                                                      
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0939.html b/docs/cce/umn/cce_10_0939.html
index 777937d63..547d527c8 100644
--- a/docs/cce/umn/cce_10_0939.html
+++ b/docs/cce/umn/cce_10_0939.html
@@ -4,12 +4,12 @@
 
                                                                                                                                                                      When ingresses use the same load balancer listener, forwarding rules can be prioritized based on the following rules:
                                                                                                                                                                      
 
                                                                                                                                                                      • Forwarding rules of different ingresses: The rules are sorted based on the priorities (ranging from 1 to 1000) of the kubernetes.io/elb.ingress-order annotation. A smaller value indicates a higher priority.
                                                                                                                                                                      • Forwarding rules of an ingress: If the kubernetes.io/elb.rule-priority-enabled annotation is set to true, the forwarding rules are sorted based on the sequence in which they are added during ingress creation. A forwarding rule added earlier indicates a higher priority. If the kubernetes.io/elb.rule-priority-enabled annotation is not configured, the default sorting of the forwarding rules on the load balancer will be used.
                                                                                                                                                                      
 
                                                                                                                                                                      If the preceding annotations are not configured, the default sorting of the forwarding rules on the load balancer will be used, regardless of whether the forwarding rules are of the same ingress or different ingresses under the same load balancer listener.
                                                                                                                                                                      
-
                                                                                                                                                                      Prerequisites
                                                                                                                                                                      • A CCE standard or Turbo cluster is available, and the cluster version meets the following requirements:
                                                                                                                                                                        • v1.23: v1.23.15-r0 or later
                                                                                                                                                                        • v1.25: v1.25.10-r0-r0 or later
                                                                                                                                                                        • v1.27: v1.27.7-r0 or later
                                                                                                                                                                        • v1.28: v1.28.5-r0 or later
                                                                                                                                                                        • v1.29: v1.29.1-r10 or later
                                                                                                                                                                        • Other clusters of later versions
                                                                                                                                                                        
+
                                                                                                                                                                        Prerequisites
                                                                                                                                                                        • A CCE standard or Turbo cluster is available, and the cluster version meets the following requirements:
                                                                                                                                                                          • v1.23: v1.23.15-r0 or later
                                                                                                                                                                          • v1.25: v1.25.10-r0 or later
                                                                                                                                                                          • v1.27: v1.27.7-r0 or later
                                                                                                                                                                          • v1.28: v1.28.5-r0 or later
                                                                                                                                                                          • v1.29: v1.29.1-r10 or later
                                                                                                                                                                          • Other clusters of later versions
                                                                                                                                                                          
 
                                                                                                                                                                        • An available workload has been deployed in the cluster for external access. If no workload is available, deploy a workload by referring to Creating a Deployment, Creating a StatefulSet, or Creating a DaemonSet.
                                                                                                                                                                        • A Service for external access has been configured for the workload. Services Supported by LoadBalancer Ingresses lists the Service types supported by LoadBalancer ingresses.
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        Notes and Constraints
                                                                                                                                                                        Ingresses support prioritizing forwarding rules only when dedicated load balancers are used.
                                                                                                                                                                        
+
                                                                                                                                                                        Notes and Constraints
                                                                                                                                                                        • This feature is only available when dedicated load balancers are used.
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        Using kubectl
                                                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                          vi ingress-test.yaml
                                                                                                                                                                          
+
                                                                                                                                                                          Using kubectl
                                                                                                                                                                          1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                                          2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                            vi ingress-test.yaml
                                                                                                                                                                            
 
                                                                                                                                                                            The following shows an example configuration using an existing load balancer:
                                                                                                                                                                            
 
                                                                                                                                                                            apiVersion: networking.k8s.io/v1
 kind: Ingress
diff --git a/docs/cce/umn/cce_10_0940.html b/docs/cce/umn/cce_10_0940.html
index e9a752a72..7e5e958fc 100644
--- a/docs/cce/umn/cce_10_0940.html
+++ b/docs/cce/umn/cce_10_0940.html
@@ -2,13 +2,13 @@
 
 
                                                                                                                                                                            Configuring Advanced Forwarding Rules for a LoadBalancer Ingress
                                                                                                                                                                            
 
                                                                                                                                                                            Ingresses offer diverse forwarding rules that can match listeners based on different request parameters like HTTP request methods, headers, query strings, CIDR blocks, and cookies. Each listener is associated with an ELB access port. This facilitates flexible service distribution and resource allocation.
                                                                                                                                                                            
-
                                                                                                                                                                            Figure 1 How an advanced forwarding rule operates
                                                                                                                                                                            
+
                                                                                                                                                                            Figure 1 How an advanced forwarding rule operates
                                                                                                                                                                            
 
                                                                                                                                                                            Prerequisites
                                                                                                                                                                            • A CCE standard or Turbo cluster is available, and the cluster version meets the following requirements:
                                                                                                                                                                              • v1.23: v1.23.18-r10 or later
                                                                                                                                                                              • v1.25: v1.25.16-r0 or later
                                                                                                                                                                              • v1.27: v1.27.16-r0 or later
                                                                                                                                                                              • v1.28: v1.28.13-r0 or later
                                                                                                                                                                              • v1.29: v1.29.8-r0 or later
                                                                                                                                                                              • v1.30: v1.30.4-r0 or later
                                                                                                                                                                              • Other clusters of later versions
                                                                                                                                                                              
-
                                                                                                                                                                            • The cluster can be accessed using kubectl. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                            
+
                                                                                                                                                                          3. The cluster can be accessed using kubectl. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                      Notes and Constraints
                                                                                                                                                                      Ingresses support advanced forwarding rules only when dedicated load balancers are used.
                                                                                                                                                                      
+
                                                                                                                                                                      Notes and Constraints
                                                                                                                                                                      • This feature is only available when dedicated load balancers are used.
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                      Using kubectl
                                                                                                                                                                      1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                      2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                        vi ingress-test.yaml
                                                                                                                                                                        
+
                                                                                                                                                                        Using kubectl
                                                                                                                                                                        1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                          vi ingress-test.yaml
                                                                                                                                                                          
 
                                                                                                                                                                          An example YAML file of an ingress created using an existing load balancer is as follows:
                                                                                                                                                                          apiVersion: networking.k8s.io/v1 
 kind: Ingress 
 metadata: 
@@ -99,10 +99,10 @@ spec:
 
 
                                                                                                                                                                      
-
diff --git a/docs/cce/umn/cce_10_0944.html b/docs/cce/umn/cce_10_0944.html
index 1d2e6fd6b..ee5e366ec 100644
--- a/docs/cce/umn/cce_10_0944.html
+++ b/docs/cce/umn/cce_10_0944.html
@@ -28,7 +28,7 @@
 
                                                                                                                                                                    3. Redeploy the custom-metrics-apiserver workload in the monitoring namespace.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                    4. Run the following command to check whether the metric has been added:
                                                                                                                                                                      kubectl get --raw  "/apis/custom.metrics.k8s.io/v1beta1/namespaces/default/pods/*/container_cpu_usage_core_per_second"
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      
 
                                                                                                                                                                      5. Step 4: Verify HPA Scaling
                                                                                                                                                                      1. Choose Workloads in the navigation pane. Locate the target workload and choose More > Auto Scaling in the Operation column.
                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0945.html b/docs/cce/umn/cce_10_0945.html
new file mode 100644
index 000000000..8d29aa470
--- /dev/null
+++ b/docs/cce/umn/cce_10_0945.html
@@ -0,0 +1,136 @@
+
+
+
                                                                                                                                                                        DataPlane V2 Network Acceleration
                                                                                                                                                                        
+
                                                                                                                                                                        DataPlane V2 can be enabled for clusters that use Cloud Native 2.0 networks. After this function is enabled, eBPF redirection will be enabled for the capability of network policies.
                                                                                                                                                                        
+
                                                                                                                                                                         
                                                                                                                                                                        CCE DataPlane V2 is released with restrictions. To use this feature, submit a service ticket to CCE.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
                                                                                                                                                                      Table 1 Annotations for custom listening ports
                                                                                                                                                                      Parameter
                                                                                                                                                                      
 
                                                                                                                                                                      Type
                                                                                                                                                                      
+
                                                                                                                                                                      Type
                                                                                                                                                                      
 
                                                                                                                                                                      Description
                                                                                                                                                                      
+
                                                                                                                                                                      Description
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      
 
                                                                                                                                                                      kubernetes.io/elb.listen-ports
                                                                                                                                                                      
+
                                                                                                                                                                      kubernetes.io/elb.listen-ports
                                                                                                                                                                      
 
                                                                                                                                                                      String
                                                                                                                                                                      
+
                                                                                                                                                                      String
                                                                                                                                                                      
 
                                                                                                                                                                      Configure multiple listening ports for an ingress. The port number ranges from 1 to 65535.
                                                                                                                                                                      
+
                                                                                                                                                                      Configure multiple listening ports for an ingress. The port number ranges from 1 to 65535.
                                                                                                                                                                      
 
                                                                                                                                                                      The following is an example for JSON characters:
                                                                                                                                                                      
 
                                                                                                                                                                      kubernetes.io/elb.listen-ports: '[{"HTTP":80},{"HTTPS":443}]'
                                                                                                                                                                      
-
                                                                                                                                                                      • Only the listening ports that comply with both HTTP and HTTPS are allowed.
                                                                                                                                                                      • This function is available only for newly created ingresses in clusters of a version earlier than v1.23.18-r10, v1.25.16-r0, v1.27.16-r0, v1.28.13-r0, v1.29.8-r0, or v1.30.4-r0. Additionally, after you configure multiple listening ports, the annotations cannot be modified or deleted. In clusters of v1.23.18-r10, v1.25.16-r0, v1.27.16-r0, v1.28.13-r0, v1.29.8-r0, v1.30.4-r0, or later, the annotations can be modified or deleted.
                                                                                                                                                                      • If both kubernetes.io/elb.listen-ports and kubernetes.io/elb.port are configured, kubernetes.io/elb.listen-ports takes a higher priority.
                                                                                                                                                                      • Ingress configuration items such as the blocklist, trustlist, and timeout concurrently take effect on multiple listening ports. When HTTP/2 is enabled for an ingress, HTTP/2 takes effect only on the HTTPS port.
                                                                                                                                                                      
+
                                                                                                                                                                      • Only the listening ports that comply with both HTTP and HTTPS are allowed.
                                                                                                                                                                      • This function is available only for newly created ingresses in clusters of a version earlier than v1.23.18-r10, v1.25.16-r0, v1.27.16-r0, v1.28.13-r0, v1.29.8-r0, or v1.30.4-r0. Additionally, after you configure multiple listening ports, the annotations cannot be modified or deleted. In clusters of v1.23.18-r10, v1.25.16-r0, v1.27.16-r0, v1.28.13-r0, v1.29.8-r0, v1.30.4-r0, or later, the annotations can be modified and deleted.
                                                                                                                                                                      • If both kubernetes.io/elb.listen-ports and kubernetes.io/elb.port are configured, kubernetes.io/elb.listen-ports takes a higher priority.
                                                                                                                                                                      • Ingress configuration items such as the blocklist, trustlist, and timeout concurrently take effect on multiple listening ports. When HTTP/2 is enabled for an ingress, HTTP/2 takes effect only on the HTTPS port.
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      
 
                                                                                                                                                                      String
                                                                                                                                                                      
 
                                                                                                                                                                      Configure an advanced forwarding rule. ${svc_name} indicates the Service name, which contains a maximum of 48 characters.
                                                                                                                                                                      
+
                                                                                                                                                                      Configure an advanced forwarding rule. ${svc_name} indicates the Service name, which can contain a maximum of 48 characters.
                                                                                                                                                                      
 
                                                                                                                                                                      If the annotation value is set to [], the advanced forwarding rule is deleted.
                                                                                                                                                                      
 
                                                                                                                                                                      An annotation value is in the form of a JSON array. For details, see Table 2.
                                                                                                                                                                      
-
                                                                                                                                                                       NOTICE: 
                                                                                                                                                                      • Due to ELB API restrictions, a kubernetes.io/elb.conditions.{svcName} can contain a maximum of 10 key-value pairs.
                                                                                                                                                                      • The rules in a condition array are connected by an AND relationship, while the values in the same rule block are connected by an OR relationship. For example, if both Method and QueryString are configured, the target traffic can be distributed only when both rules are met. However, if the Method value is GET or POST, the target traffic can be distributed only when both rules are met and the Method value must be GET or POST.
                                                                                                                                                                      
+
                                                                                                                                                                       NOTICE: 
                                                                                                                                                                      The rules in a condition array are connected by an AND relationship, while the values in the same rule block are connected by an OR relationship. For example, if both Method and QueryString are configured, the target traffic can be distributed only when both rules are met. However, if the Method value is GET or POST, the target traffic can be distributed only when both rules are met and the Method value must be GET or POST.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      		
 
                                                                                                                                                                      
 
 
                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      DataPlane V2
                                                                                                                                                                      
+
                                                                                                                                                                      Description
                                                                                                                                                                      
+
                                                                                                                                                                      Technical implementation
                                                                                                                                                                      
+
                                                                                                                                                                      DataPlane V2 integrates open-source Cilium to provide capabilities such as network policies.
                                                                                                                                                                      
+
                                                                                                                                                                      Supported cluster versions
                                                                                                                                                                      
+
                                                                                                                                                                      CCE Turbo clusters of v1.27.16-r10, v1.28.15-r0, v1.29.10-r0, v1.30.6-r0, or later
                                                                                                                                                                      
+
                                                                                                                                                                      Usage
                                                                                                                                                                      
+
                                                                                                                                                                      • When creating a CCE Turbo cluster, select Cloud Native Network 2.0 and enable DataPlane V2.
                                                                                                                                                                      
+
                                                                                                                                                                       NOTICE: 
                                                                                                                                                                      • After DataPlane V2 is enabled, secure containers (Kata Containers as the container runtime) are not supported.
                                                                                                                                                                      • Enabled DataPlane V2 cannot be disabled.
                                                                                                                                                                      • DataPlane V2 can only be enabled for new clusters.
                                                                                                                                                                      • DataPlane V2 is in limited OBT. Upgrading it to a commercial version requires the node to be reset. Exercise caution when enabling this function.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Supported OS
                                                                                                                                                                      
+
                                                                                                                                                                      HCE OS 2.0
                                                                                                                                                                      
+
                                                                                                                                                                      Performance optimization
                                                                                                                                                                      
+
                                                                                                                                                                      • EDT is used to limit the egress bandwidth. This makes bandwidth limitation more accurate and resource consumption lower.
                                                                                                                                                                      
+
                                                                                                                                                                      Bandwidth
                                                                                                                                                                      
+
                                                                                                                                                                      After DataPlane V2 network acceleration is enabled, pods on HCE OS 2.0 use EDT to limit the egress bandwidth. The ingress bandwidth limitation is not supported. In other network modes, a TBF qdisc is used to limit the bandwidth. For details, see Configuring QoS for a Pod.
                                                                                                                                                                      
+
                                                                                                                                                                      NetworkPolicy
                                                                                                                                                                      
+
                                                                                                                                                                      • The implementation of network policies is different from that of container tunnel networks. For details, see Configuring Network Policies to Restrict Pod Access.
                                                                                                                                                                        • The IPBlock selector can only select CIDR blocks outside a cluster.
                                                                                                                                                                        • The IPBlock selector does not have good support for the except keyword, so this keyword is not recommended.
                                                                                                                                                                        • If a network policy of the egress type is used, the pod fails to access the IP addresses of the hostNetwork pod and node in the cluster.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
+
                                                                                                                                                                      Resource consumption
                                                                                                                                                                      
+
                                                                                                                                                                      The resident cilium-agent process on each node is responsible for eBPF network acceleration. Each cilium-agent process may occupy 80 MiB of memory. Each time a pod is added, the cilium-agent memory consumption may increase by 10 KiB.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Components
                                                                                                                                                                      After DataPlane V2 is enabled, components listed in the following table are installed.
                                                                                                                                                                      
+
+
                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      Component
                                                                                                                                                                      
+
                                                                                                                                                                      Description
                                                                                                                                                                      
+
                                                                                                                                                                      Resource Type
                                                                                                                                                                      
+
                                                                                                                                                                      cilium-operator
                                                                                                                                                                      
+
                                                                                                                                                                      • Synchronizes CRDs.
                                                                                                                                                                      • Removes the node.cilium.io/agent-not-ready taint of a node.
                                                                                                                                                                      • Tunes and recycles internal resources.
                                                                                                                                                                      
+
                                                                                                                                                                      Deployment
                                                                                                                                                                      
+
                                                                                                                                                                      yangtse-cilium
                                                                                                                                                                      
+
                                                                                                                                                                      • Installs the auxiliary CNI (cilium-cni) for CCE to adapt to Cilium.
                                                                                                                                                                      • Deploys cilium-agent.
                                                                                                                                                                      
+
                                                                                                                                                                      DaemonSet
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Change History
                                                                                                                                                                      
+
                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      Add-on Version
                                                                                                                                                                      
+
                                                                                                                                                                      Cluster Version
                                                                                                                                                                      
+
                                                                                                                                                                      New Feature
                                                                                                                                                                      
+
                                                                                                                                                                      Community Version
                                                                                                                                                                      
+
                                                                                                                                                                      1.08
                                                                                                                                                                      
+
                                                                                                                                                                      v1.27
                                                                                                                                                                      
+
                                                                                                                                                                      v1.28
                                                                                                                                                                      
+
                                                                                                                                                                      v1.29
                                                                                                                                                                      
+
                                                                                                                                                                      v1.30
                                                                                                                                                                      
+
                                                                                                                                                                      v1.31
                                                                                                                                                                      
+
                                                                                                                                                                      • Added Cloud Native Network 2.0 for CCE Turbo clusters.
                                                                                                                                                                      • Disabled host-based firewalls (by setting enable-host-firewall=false).
                                                                                                                                                                      • Disabled L7 network policies (by setting enable-l7-proxy=false).
                                                                                                                                                                      
+
                                                                                                                                                                      v1.14
                                                                                                                                                                      
+
                                                                                                                                                                      1.0.14
                                                                                                                                                                      
+
                                                                                                                                                                      v1.27
                                                                                                                                                                      
+
                                                                                                                                                                      v1.28
                                                                                                                                                                      
+
                                                                                                                                                                      v1.29
                                                                                                                                                                      
+
                                                                                                                                                                      v1.30
                                                                                                                                                                      
+
                                                                                                                                                                      v1.31
                                                                                                                                                                      
+
                                                                                                                                                                      • Disabled bpf-lb-sock (by setting bpf-lb-sock=false).
                                                                                                                                                                      
+
                                                                                                                                                                      v1.14
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Parent topic: Pod Network Settings
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_10_0947.html b/docs/cce/umn/cce_10_0947.html
new file mode 100644
index 000000000..7ff1ba43b
--- /dev/null
+++ b/docs/cce/umn/cce_10_0947.html
@@ -0,0 +1,89 @@
+
+
+
                                                                                                                                                                      Configuring an ELB Certificate for NGINX Ingress Controller
                                                                                                                                                                      
+
                                                                                                                                                                      CCE provides the following options for configuring ingress certificates for the Nginx Ingress Controller add-on:
                                                                                                                                                                      
+
                                                                                                                                                                      • Secret certificate. Import the required certificate to a CCE secret and specify the default server certificate (default-ssl-certificate) for the add-on.
                                                                                                                                                                      • ELB certificate. Use an ELB certificate created on the ELB console. There is no need to specify a secret certificate for the add-on.
                                                                                                                                                                      
+
                                                                                                                                                                      Figure 1 Differences between the two methods of configuring certificates for the NGINX Ingress Controller
                                                                                                                                                                      
+
                                                                                                                                                                      This section describes how to configure an ELB certificate for the NGINX Ingress Controller add-on and use that ELB certificate to manage the certificates used by requests.
                                                                                                                                                                      
+
                                                                                                                                                                      Prerequisites
                                                                                                                                                                      • The version of the NGINX Ingress Controller add-on installed in the cluster must be 2.2.104, 2.6.53, 3.0.30, or later.
                                                                                                                                                                      • Before enabling the NGINX Ingress Controller add-on, it is necessary to ensure that the associated dedicated load balancer meets the required protocols. For example, an application load balancer supports only HTTP and HTTPS. If TCP is required, the load balancer must support both application and network load balancing.
                                                                                                                                                                      • With an ELB certificate configured, the default server certificate (default-ssl-certificate) of the NGINX Ingress Controller add-on cannot be used. All external requests must carry the ELB certificate to access services within the cluster.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Procedure
                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate NGINX Ingress Controller on the right, and click Install.
                                                                                                                                                                        If the add-on has been installed, click Manage, select the pod for which you want to configure an ELB certificate, and click Edit.
                                                                                                                                                                        
+
                                                                                                                                                                      2. In the Extended Parameter Settings area, modify the parameters settings.
                                                                                                                                                                        1. Configure the service.annotations parameter and check whether the protocol is correct.
                                                                                                                                                                          An example is as follows:
                                                                                                                                                                          
+
                                                                                                                                                                          ...
+        "service": {
+           "annotations": {
+              "kubernetes.io/elb.class": "performance",
+              "kubernetes.io/elb.id": "*****",
+              "kubernetes.io/elb.protocol-port": "https:443,http:80",
+              "kubernetes.io/elb.cert-id": "*****"
+        },
+...
                                                                                                                                                                          
+
+
                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Value Type
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.class
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          Load balancer type.
                                                                                                                                                                          
+
                                                                                                                                                                          • union: shared load balancer
                                                                                                                                                                          • performance: dedicated load balancer
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.id
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          The load balancer ID. You can view the load balancer ID on the ELB console.
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.protocol-port
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          The listener port of the NGINX Ingress Controller add-on. The listener protocol must match the type supported by the associated load balancer. For example, if the HTTP/HTTPS protocol is used, a dedicated load balancer that supports application load balancing is needed.
                                                                                                                                                                          
+
                                                                                                                                                                          • HTTP/HTTPS: If ports 443 and 80 are used for HTTPS and HTTP, respectively, the parameter value is https:443,http:80.
                                                                                                                                                                          • TLS: If ports 443 and 80 are used for TLS, the parameter value is tls:443,tls:80.
                                                                                                                                                                             NOTE: 
                                                                                                                                                                            • To configure TLS for ingresses, make sure the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or a later version.
                                                                                                                                                                            • TLS relies on ELB. Before enabling TLS on an ingress, check whether TLS is supported in the current region.
                                                                                                                                                                            
+
                                                                                                                                                                            
+
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.cert-id
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          ID of the ELB certificate.
                                                                                                                                                                          
+
                                                                                                                                                                          To obtain the certificate, log in to the CCE console, choose Service List > Networking > Elastic Load Balance, and click Certificates in the navigation pane. In the load balancer list, copy the ID under the target certificate name.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          For details about the preceding parameters, see Configuring HTTP/HTTPS for a LoadBalancer Service.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                        2. Configure the targetPort parameter to direct the load balancer access traffic to the HTTP port of the container.
                                                                                                                                                                          An example is as follows:
                                                                                                                                                                          
+
                                                                                                                                                                          ...
+		"targetPorts": {
+			"http": "http",
+			"https": "http"
+		},
+...
                                                                                                                                                                          
+
                                                                                                                                                                           
                                                                                                                                                                          Once an ELB certificate is configured, the default server certificate (default-ssl-certificate) configured for the NGINX Ingress Controller becomes unavailable and invalid. It is essential for external requests to include the configured ELB certificate, because requests without it will not be processed properly.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                      3. Configure other mandatory parameters as required and click Install. For details about the parameters, see NGINX Ingress Controller.
                                                                                                                                                                      4. After completing the configuration, choose Services & Ingresses in the navigation pane, switch to the kube-system namespace, and check the protocols and listening ports of the add-on. In this example, the protocol is HTTP and HTTPS instead of TCP.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
+
diff --git a/docs/cce/umn/cce_10_0949.html b/docs/cce/umn/cce_10_0949.html
new file mode 100644
index 000000000..e032210b7
--- /dev/null
+++ b/docs/cce/umn/cce_10_0949.html
@@ -0,0 +1,409 @@
+
+
+
                                                                                                                                                                      Configuring Advanced Forwarding Actions for a LoadBalancer Ingress
                                                                                                                                                                      
+
                                                                                                                                                                      Dedicated load balancers offer different forwarding actions to effectively distribute traffic. ELB directs client requests to backend servers based on the specified forwarding rules.
                                                                                                                                                                      
+
                                                                                                                                                                      Figure 1 How an advanced forwarding action operates
                                                                                                                                                                      
+
+
                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      Table 1 Advanced forwarding actions
                                                                                                                                                                      Action
                                                                                                                                                                      
+
                                                                                                                                                                      Additional Action
                                                                                                                                                                      
+
                                                                                                                                                                      Description
                                                                                                                                                                      
+
                                                                                                                                                                      Reference
                                                                                                                                                                      
+
                                                                                                                                                                      Cluster Version
                                                                                                                                                                      
+
                                                                                                                                                                      Forward to a backend server group
                                                                                                                                                                      
+
                                                                                                                                                                      None
                                                                                                                                                                      
+
                                                                                                                                                                      Default forwarding action of a LoadBalancer ingress. Requests are directly forwarded to backend servers (backend nodes or pods in a cluster) without being processed.
                                                                                                                                                                      
+
                                                                                                                                                                      Creating a LoadBalancer Ingress on the Console
                                                                                                                                                                      
+
                                                                                                                                                                      No requirements on cluster versions
                                                                                                                                                                      
+
                                                                                                                                                                      Forward to a backend server group
                                                                                                                                                                      
+
                                                                                                                                                                      Limit traffic on requests
                                                                                                                                                                      
+
                                                                                                                                                                      Support traffic limit on requests.
                                                                                                                                                                      
+
                                                                                                                                                                      Configuring Traffic Limit for LoadBalancer Ingresses
                                                                                                                                                                      
+
                                                                                                                                                                      • v1.27: v1.27.16-r10 or later
                                                                                                                                                                      • v1.28: v1.28.15-r0 or later
                                                                                                                                                                      • v1.29: v1.29.10-r0 or later
                                                                                                                                                                      • v1.30: v1.30.6-r0 or later
                                                                                                                                                                      • Other clusters of later versions
                                                                                                                                                                      
+
                                                                                                                                                                      Return a specific response body
                                                                                                                                                                      
+
                                                                                                                                                                      None
                                                                                                                                                                      
+
                                                                                                                                                                      Directly return a fixed response and do not continue to forward the response to the backend server.
                                                                                                                                                                      
+
                                                                                                                                                                      Returning a Specific Response Body for a LoadBalancer Ingress
                                                                                                                                                                      
+
                                                                                                                                                                      • v1.25: v1.25.16-r10 or later
                                                                                                                                                                      • v1.27: v1.27.16-r10 or later
                                                                                                                                                                      • v1.28: v1.28.15-r0 or later
                                                                                                                                                                      • v1.29: v1.29.10-r0 or later
                                                                                                                                                                      • v1.30: v1.30.6-r0 or later
                                                                                                                                                                      • Other clusters of later versions
                                                                                                                                                                      
+
                                                                                                                                                                      Return a fixed response
                                                                                                                                                                      
+
                                                                                                                                                                      Limit traffic on requests
                                                                                                                                                                      
+
                                                                                                                                                                      Support traffic limit on requests.
                                                                                                                                                                      
+
                                                                                                                                                                      Configuring Traffic Limit for LoadBalancer Ingresses
                                                                                                                                                                      
+
                                                                                                                                                                      • v1.27: v1.27.16-r10 or later
                                                                                                                                                                      • v1.28: v1.28.15-r0 or later
                                                                                                                                                                      • v1.29: v1.29.10-r0 or later
                                                                                                                                                                      • v1.30: v1.30.6-r0 or later
                                                                                                                                                                      • Other clusters of later versions
                                                                                                                                                                      
+
                                                                                                                                                                      Forward to a custom backend server group
                                                                                                                                                                      
+
                                                                                                                                                                      Forward LoadBalancer ingress requests to both pods in the CCE cluster (default backend server group) and the ECS groups (custom backend server group) located outside the cluster.
                                                                                                                                                                      
+
                                                                                                                                                                      Configuring a Custom Backend Server Group for a LoadBalancer Ingress
                                                                                                                                                                      
+
                                                                                                                                                                      • v1.25: v1.25.16-r20 or later
                                                                                                                                                                      • v1.27: v1.27.16-r20 or later
                                                                                                                                                                      • v1.28: v1.28.15-r10 or later
                                                                                                                                                                      • v1.29: v1.29.10-r10 or later
                                                                                                                                                                      • v1.30: v1.30.6-r10 or later
                                                                                                                                                                      • v1.31: v1.31.4-r0 or later
                                                                                                                                                                      • Other clusters of later versions
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                       
                                                                                                                                                                      CCE allows you to configure and traffic limit on requests, based on ELB's advanced forwarding for LoadBalancer ingresses. These functions are coming soon. To use some advanced forwarding actions that are not available on the console yet, submit a service ticket to enable required functions.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Prerequisites
                                                                                                                                                                      • A CCE standard or Turbo cluster is available, and the cluster version meets the requirements.
                                                                                                                                                                      • The cluster can be accessed using kubectl. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Notes and Constraints
                                                                                                                                                                      • This feature is only available when dedicated load balancers are used.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Returning a Specific Response Body for a LoadBalancer Ingress
                                                                                                                                                                      1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                                      2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                        vi ingress-test.yaml
                                                                                                                                                                        
+
                                                                                                                                                                        An example YAML file of an ingress created using an existing load balancer is as follows:
                                                                                                                                                                        apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/elb.class: performance
+    kubernetes.io/elb.id: 034baaf0-40e8-4e39-b0d9-bf6e5b883cf9
+    kubernetes.io/elb.port: "80"
+    # Configure the capability of returning a fixed response body for the Service named test-service.
+    kubernetes.io/elb.actions.test-service: |
+    [{  
+       "type": "FixedResponse", 
+       "fixedResponseConfig": { 
+           "contentType": "text/plain", 
+           "statusCode": "503",
+           "messageBody": "503 error text"  
+       } 
+     }]
+  name: ingress-test
+  namespace: default
+spec:
+  ingressClassName: cce
+  rules:
+    - http:
+        paths:
+          - backend:
+              service:
+                name: test-service
+                port:
+                  number: 8888
+            path: /
+            pathType: ImplementationSpecific
+            property:
+              ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 2 Annotations for advanced forwarding actions
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Type
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.actions.${svc_name}
                                                                                                                                                                        
+
                                                                                                                                                                        String
                                                                                                                                                                        
+
                                                                                                                                                                        Configure an advanced forwarding action for an ingress. ${svc_name} indicates the Service name, which can contain a maximum of 51 characters.
                                                                                                                                                                        
+
                                                                                                                                                                        If the annotation value is set to [], all advanced forwarding actions will be deleted.
                                                                                                                                                                        
+
                                                                                                                                                                        The annotation value of a fixed response is a JSON string array. For details, see Table 3.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 3 Parameters for a fixed response
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        Example
                                                                                                                                                                        
+
                                                                                                                                                                        type
                                                                                                                                                                        
+
                                                                                                                                                                        The value is fixed at FixedResponse, indicating that a fixed response will be returned.
                                                                                                                                                                        
+
                                                                                                                                                                         NOTE: 
                                                                                                                                                                        For advanced forwarding actions, you can add a maximum of one fixed response configuration to an annotation.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        fixedResponseConfig
                                                                                                                                                                        
+
                                                                                                                                                                        • contentType: format of the returned content. The options are text/plain, text/css, text/html, application/javascript, and application/json.
                                                                                                                                                                        • statusCode: By default, 2xx, 4xx, and 5xx status codes are supported.
                                                                                                                                                                        • messageBody: Enter 0 to 1024 characters.
                                                                                                                                                                           NOTICE: 
                                                                                                                                                                          This parameter cannot be left empty when rate limiting is configured.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        { 
+   "type": "FixedResponse", 
+   "fixedResponseConfig": { 
+      "contentType": "text/plain", 
+      "statusCode": "503",
+      "messageBody": "503 error text"  
+    } 
+} 
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      3. Create an ingress.
                                                                                                                                                                        kubectl create -f ingress-test.yaml
                                                                                                                                                                        
+
                                                                                                                                                                        If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                        
+
                                                                                                                                                                        ingress/ingress-test created
                                                                                                                                                                        
+
                                                                                                                                                                      4. Check the created ingress.
                                                                                                                                                                        kubectl get ingress
                                                                                                                                                                        
+
                                                                                                                                                                        If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                        NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
+ingress-test  cce      *         121.**.**.**     80      10s
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Configuring Traffic Limit for LoadBalancer Ingresses
                                                                                                                                                                      1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                                      2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                        vi ingress-test.yaml
                                                                                                                                                                        
+
                                                                                                                                                                        An example YAML file of an ingress created using an existing load balancer is as follows:
                                                                                                                                                                        apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/elb.class: performance
+    kubernetes.io/elb.id: 034baaf0-40e8-4e39-b0d9-bf6e5b883cf9
+    kubernetes.io/elb.port: "80"
+    # Configure ELB traffic limit for the test-service Service.
+    kubernetes.io/elb.actions.test-service: |
+     [{ 
+       "type": "TrafficLimit", 
+       "trafficLimitConfig": { 
+           "QPS": 4,
+           "perSourceIpQps": 2,
+           "burst": 2
+       } 
+     }]
+  name: ingress-test
+  namespace: default
+spec:
+  ingressClassName: cce
+  rules:
+    - http:
+        paths:
+          - backend:
+              service:
+                name: test-service
+                port:
+                  number: 8888
+            path: /
+            pathType: ImplementationSpecific
+            property:
+              ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 4 Annotations for advanced forwarding actions
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Type
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.actions.${svc_name}
                                                                                                                                                                        
+
                                                                                                                                                                        String
                                                                                                                                                                        
+
                                                                                                                                                                        Configure an advanced forwarding action for an ingress. ${svc_name} indicates the Service name, which can contain a maximum of 51 characters.
                                                                                                                                                                        
+
                                                                                                                                                                        If the annotation value is set to [], all advanced forwarding actions will be deleted.
                                                                                                                                                                        
+
                                                                                                                                                                        The value of an annotation for configuring traffic limit is a JSON array. For details, see Table 5.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 5 Parameters for configuring traffic limit
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        Example
                                                                                                                                                                        
+
                                                                                                                                                                        type
                                                                                                                                                                        
+
                                                                                                                                                                        The value is fixed at TrafficLimit, indicating that traffic limit is enabled for a load balancer.
                                                                                                                                                                        
+
                                                                                                                                                                         NOTE: 
                                                                                                                                                                        For advanced forwarding actions, you can add a maximum of one traffic limit configuration to an annotation.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        trafficLimitConfig
                                                                                                                                                                        
+
                                                                                                                                                                        • QPS: the total traffic limit, which specifies the maximum QPS value. The value ranges from 0 to 100000. Value 0 means no limit. If the number of requests reaches the specified value, new requests will be discarded and 503 Service Unavailable will be returned to the client.
                                                                                                                                                                        • (Optional) perSourceIpQps: traffic limit per client source IP address. The value ranges from 0 to 100000. Value 0 means no limit.
                                                                                                                                                                          If both QPS and perSourceIpQps are configured, the latter value must be smaller than the former. If the number of requests reaches the specified value, new requests will be discarded and 503 Service Unavailable will be returned to the client.
                                                                                                                                                                          
+
                                                                                                                                                                        • (Optional) burst: the size of a burst buffer. The value ranges from 0 to 100000. The burst rate enables temporary surges above the average rate to manage sudden spikes in requests. For instance, if the limit is set to 5 but the burst rate is 10, five more requests can be processed within 1 second. However, if the number of requests exceeds 10, only five requests are allowed within 1 second.
                                                                                                                                                                        
+
                                                                                                                                                                        { 
+   "type": "TrafficLimit", 
+   "trafficLimitConfig": { 
+      "QPS": "4", 
+      "perSourceIpQps": "2",
+      "burst": "2"  
+    } 
+} 
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      3. Create an ingress.
                                                                                                                                                                        kubectl create -f ingress-test.yaml
                                                                                                                                                                        
+
                                                                                                                                                                        If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                        
+
                                                                                                                                                                        ingress/ingress-test created
                                                                                                                                                                        
+
                                                                                                                                                                      4. Check the created ingress.
                                                                                                                                                                        kubectl get ingress
                                                                                                                                                                        
+
                                                                                                                                                                        If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                        NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
+ingress-test  cce      *         121.**.**.**     80      10s
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Configuring a Custom Backend Server Group for a LoadBalancer Ingress
                                                                                                                                                                       
                                                                                                                                                                      • Configuring a custom backend server group for a LoadBalancer ingress is subject to the capabilities of your ELB service. Before using this feature, submit a service ticket to enable the required ELB capabilities.
                                                                                                                                                                      • Custom backend server groups cannot be used for grayscale release or fixed responses.
                                                                                                                                                                      • If you configure a custom backend server group for a LoadBalancer ingress, the number field for the backend Services of the ingress will be invalid and the port name must be set to use-annotation. For details, see the example provided in this section.
                                                                                                                                                                      • When configuring a custom backend server group for a LoadBalancer ingress, ensure that each Service name and backend server group ID are unique.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
                                                                                                                                                                      2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                        vi ingress-test.yaml
                                                                                                                                                                        
+
                                                                                                                                                                        An example YAML file of an ingress created using an existing load balancer is as follows:
                                                                                                                                                                        apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/elb.class: performance
+    kubernetes.io/elb.id: 034baaf0-40e8-4e39-b0d9-bf6e5b883cf9
+    kubernetes.io/elb.port: "80"
+    # Configure a custom backend server group for Service forward-demo, where the Service name in paths must match forward-demo and the port name must be use-annotation.
+    kubernetes.io/elb.actions.forward-demo: |
+    [{ 
+       "type": "ForwardPool", 
+       "forwardConfig": [{ 
+          "serviceName": "test", 
+          "servicePort": 80, 
+          "weight": 90, 
+          "type": "service" 
+          },{ 
+            "poolID": "53d8516e-xxxx-xxxx-xxxx-b15ffd6b3cca",  
+            "weight": 70, 
+            "type": "pool" 
+         }]
+    }] 
+  name: ingress-test
+  namespace: default
+spec:
+  ingressClassName: cce
+  rules:
+    - host: example.com
+      http:
+        paths:
+          - backend:
+              service:
+                name: forward-demo
+                port:
+                  name: use-annotation   # When forwardPool is enabled, this parameter becomes invalid, and the port name must be set to use-annotation.
+            path: /
+            pathType: ImplementationSpecific
+            property:
+              ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 6 Annotations for advanced forwarding actions
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Type
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.actions.${svc_name}
                                                                                                                                                                        
+
                                                                                                                                                                        String
                                                                                                                                                                        
+
                                                                                                                                                                        Configure an advanced forwarding action for an ingress. ${svc_name} indicates the Service name, which can contain a maximum of 51 characters.
                                                                                                                                                                        
+
                                                                                                                                                                        If the annotation value is set to [], all advanced forwarding actions will be deleted.
                                                                                                                                                                        
+
                                                                                                                                                                        The value of an annotation for configuring a custom backend server group is a JSON string array. For details, see Table 7.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 7 Parameters for configuring a custom backend server group
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        Example
                                                                                                                                                                        
+
                                                                                                                                                                        type
                                                                                                                                                                        
+
                                                                                                                                                                        The value is fixed at ForwardPool, indicating that a custom backend server group is configured for a load balancer.
                                                                                                                                                                        
+
                                                                                                                                                                         NOTE: 
                                                                                                                                                                        A maximum of one custom backend server group can be added to an advanced forwarding action annotation.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        forwardConfig
                                                                                                                                                                        
+
                                                                                                                                                                         NOTE: 
                                                                                                                                                                        A maximum of five custom backend server groups can be added to this parameter.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        • type: type of a custom backend server group, which can be service or pool.
                                                                                                                                                                          • service: CCE automatically creates a backend server group for each Service and manages its lifecycle.
                                                                                                                                                                          • pool: You need to create and maintain the backend server group on the ELB console.
                                                                                                                                                                          
+
                                                                                                                                                                        • poolID: mandatory when type is set to pool.
                                                                                                                                                                          This parameter specifies the ID of the backend server group under the target ingress's load balancer. The ID must be unique for each group.
                                                                                                                                                                          
+
                                                                                                                                                                        • serviceName: mandatory when type is set to service.
                                                                                                                                                                          Before configuring a Service name, ensure that it is unique and the Service exists in the cluster.
                                                                                                                                                                          
+
                                                                                                                                                                        • servicePort: mandatory when type is set to service.
                                                                                                                                                                          This parameter specifies a Service port.
                                                                                                                                                                          
+
                                                                                                                                                                        • weight: weight for distributing traffic to each backend server group, ranging from 0 to 100.
                                                                                                                                                                        
+
                                                                                                                                                                        { 
+    "type": "ForwardPool", 
+    "forwardConfig": [{ 
+       "serviceName": "test",
+       "servicePort": 80,
+       "weight": 90,
+       "type": "service"
+       },{ 
+       "poolID": "53d8516e-xxxx-xxxx-xxxx-b15ffd6b3cca", 
+       "weight": 70,
+       "type": "pool"
+    }]
+}
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      3. Create an ingress.
                                                                                                                                                                        kubectl create -f ingress-test.yaml
                                                                                                                                                                        
+
                                                                                                                                                                        If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                        
+
                                                                                                                                                                        ingress/ingress-test created
                                                                                                                                                                        
+
                                                                                                                                                                      4. Check the created ingress.
                                                                                                                                                                        kubectl get ingress
                                                                                                                                                                        
+
                                                                                                                                                                        If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                        NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
+ingress-test  cce      *         121.**.**.**     80      10s
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
+
diff --git a/docs/cce/umn/cce_10_0950.html b/docs/cce/umn/cce_10_0950.html
new file mode 100644
index 000000000..022f9a212
--- /dev/null
+++ b/docs/cce/umn/cce_10_0950.html
@@ -0,0 +1,83 @@
+
+
+
                                                                                                                                                                      Forwarding Policy Priorities of LoadBalancer Ingresses
                                                                                                                                                                      
+
                                                                                                                                                                      CCE sets up forwarding policies on the ELB console based on the rules specified in the ingress configurations when creating LoadBalancer ingresses.
                                                                                                                                                                      
+
                                                                                                                                                                      To handle more complex traffic routing needs, CCE has integrated the advanced forwarding policies of ELB, which means it supports advanced features like URL redirection and rewriting. However, note that the sorting logic for the advanced forwarding policies is different from the logic used for common forwarding policies.
                                                                                                                                                                      
+
                                                                                                                                                                      Specifically:
                                                                                                                                                                      
+
                                                                                                                                                                      • If the ELB advanced forwarding policies are not enabled, the forwarding policies are sorted by domain name or path. For details, see Default Sorting.
                                                                                                                                                                      • After the ELB advanced forwarding policies are enabled, requests are matched based on the priorities and then forwarded to clients. For details, see Priority.
                                                                                                                                                                      
+
                                                                                                                                                                      Default Sorting
                                                                                                                                                                      If the ELB advanced forwarding policies are not enabled, the default sorting rule of forwarding policies is as follows:
                                                                                                                                                                      
+
                                                                                                                                                                      • Forwarding rule priorities are independent of each other regardless of domain names. When a request matches both a domain name-based rule and a URL-based rule, the domain name-based rule is matched first.
                                                                                                                                                                      • URL-based forwarding rules are applied in the following order of priority: an exact match rule, a prefix match rule, and a regular expression match rule. For multiple matches of the same type, only the longest URL-based forwarding rule will be applied.
                                                                                                                                                                      
+
+
                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      Table 1 Example of a forwarding policy with the default sorting
                                                                                                                                                                      Forwarding Policy
                                                                                                                                                                      
+
                                                                                                                                                                      Specified Value
                                                                                                                                                                      
+
                                                                                                                                                                      Order
                                                                                                                                                                      
+
                                                                                                                                                                      URL (exact match)
                                                                                                                                                                      
+
                                                                                                                                                                      /test1/test2/test3
                                                                                                                                                                      
+
                                                                                                                                                                      1
                                                                                                                                                                      
+
                                                                                                                                                                      URL (prefix match)
                                                                                                                                                                      
+
                                                                                                                                                                      /test1/test2
                                                                                                                                                                      
+
                                                                                                                                                                      2
                                                                                                                                                                      
+
                                                                                                                                                                      URL (prefix match)
                                                                                                                                                                      
+
                                                                                                                                                                      /test1
                                                                                                                                                                      
+
                                                                                                                                                                      3
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Once a forwarding policy is created, the system automatically sorts it based on the default sorting rule. Examples are as follows:
                                                                                                                                                                      
+
                                                                                                                                                                      • The access request to www.example.com/test1/test2 matches both forwarding policies 2 and 3. If the match types are the same, the priority is determined by the length of the URL, with longer URLs having higher priority. In this case, the access request will be forwarded based on the forwarding policy 2.
                                                                                                                                                                      • The access request to www.example.com/test1/test2/test3 matches forwarding policies 1, 2, and 3. An exact match is preferred, so the access request will be forwarded based on the forwarding policy 1.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Priority
                                                                                                                                                                      With ELB advanced forwarding policies enabled, each request is matched based on the forwarding policy priority (a smaller value indicates a higher priority). Once a forwarding policy is matched, the request is forwarded based on this forwarding policy.
                                                                                                                                                                      
+
                                                                                                                                                                      The rules for configuring the priority of a forwarding policy are as follows:
                                                                                                                                                                      
+
                                                                                                                                                                      • The existing forwarding policies will maintain their original priority sequence before an advanced forwarding policy is configured.
                                                                                                                                                                      • Once an advanced forwarding policy is set up, any new forwarding policy added will have the lowest priority. The default forwarding policy always has the lowest priority and is not included in the sorting process. Additionally, you have the option to manually specify the priority of a new forwarding policy. For details, see Configuring the Priorities of Forwarding Rules for LoadBalancer Ingresses.
                                                                                                                                                                      
+
+
                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      Table 2 Example of a forwarding policy configured with priorities
                                                                                                                                                                      Forwarding Policy
                                                                                                                                                                      
+
                                                                                                                                                                      Specified Value
                                                                                                                                                                      
+
                                                                                                                                                                      Priority
                                                                                                                                                                      
+
                                                                                                                                                                      URL (prefix match)
                                                                                                                                                                      
+
                                                                                                                                                                      /test1
                                                                                                                                                                      
+
                                                                                                                                                                      1
                                                                                                                                                                      
+
                                                                                                                                                                      URL (exact match)
                                                                                                                                                                      
+
                                                                                                                                                                      /test1
                                                                                                                                                                      
+
                                                                                                                                                                      2
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      In this example, the access request to www.example.com/test1 satisfies both forwarding policies 1 and 2, so the request will be forwarded based on the forwarding policy 1.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Parent topic: LoadBalancer Ingresses
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_10_0954.html b/docs/cce/umn/cce_10_0954.html
new file mode 100644
index 000000000..c373a6c7f
--- /dev/null
+++ b/docs/cce/umn/cce_10_0954.html
@@ -0,0 +1,61 @@
+
+
+
                                                                                                                                                                      Configuring Multiple Ingresses to Use the Same External ELB Port
                                                                                                                                                                      
+
                                                                                                                                                                      In a cluster, multiple ingresses can share a listener, allowing them to use the same port on a single load balancer. If two ingresses have different listener configurations, the listener configuration of the earlier ingress (known as the first route) will be used. 
                                                                                                                                                                      
+
                                                                                                                                                                      The following table lists listener parameters.
                                                                                                                                                                      
+
+
                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      Listener
                                                                                                                                                                      
+
                                                                                                                                                                      Annotation
                                                                                                                                                                      
+
                                                                                                                                                                      Documentation
                                                                                                                                                                      
+
                                                                                                                                                                      Configuring ELB Certificates
                                                                                                                                                                      
+
                                                                                                                                                                      kubernetes.io/elb.tls-certificate-ids
                                                                                                                                                                      
+
                                                                                                                                                                      kubernetes.io/elb.tls-ciphers-policy
                                                                                                                                                                      
+
                                                                                                                                                                      Configuring an HTTPS Certificate for a LoadBalancer Ingress
                                                                                                                                                                      
+
                                                                                                                                                                      Using HTTP/2
                                                                                                                                                                      
+
                                                                                                                                                                      kubernetes.io/elb.http2-enable
                                                                                                                                                                      
+
                                                                                                                                                                      Configuring HTTP/2 for a LoadBalancer Ingress
                                                                                                                                                                      
+
                                                                                                                                                                      Configuring Timeout for an Ingress
                                                                                                                                                                      
+
                                                                                                                                                                      kubernetes.io/elb.keepalive_timeout
                                                                                                                                                                      
+
                                                                                                                                                                      kubernetes.io/elb.client_timeout
                                                                                                                                                                      
+
                                                                                                                                                                      kubernetes.io/elb.member_timeout
                                                                                                                                                                      
+
                                                                                                                                                                      Configuring Timeout for a LoadBalancer Ingress
                                                                                                                                                                      
+
                                                                                                                                                                      Configuring a Blocklist/Trustlist
                                                                                                                                                                      
+
                                                                                                                                                                      kubernetes.io/elb.acl-id
                                                                                                                                                                      
+
                                                                                                                                                                      kubernetes.io/elb.acl-status
                                                                                                                                                                      
+
                                                                                                                                                                      kubernetes.io/elb.acl-type
                                                                                                                                                                      
+
                                                                                                                                                                      Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Ingress
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Ensure that the configurations of different listeners for various ingresses are synchronized. To do so, perform the following operations:
                                                                                                                                                                      
+
                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                      2. In the navigation pane, choose Services & Ingresses. Then, click the Ingresses tab, and choose More > Update in the Operation column.
                                                                                                                                                                      3. Synchronize Configuration is available if the listener configuration of the ingress differs from that of the ELB. Click Synchronize Configuration. Then, the listener configuration will be automatically synchronized.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Parent topic: LoadBalancer Ingresses
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_10_0955.html b/docs/cce/umn/cce_10_0955.html
new file mode 100644
index 000000000..8ff978880
--- /dev/null
+++ b/docs/cce/umn/cce_10_0955.html
@@ -0,0 +1,350 @@
+
+
+
                                                                                                                                                                      GPU Metrics
                                                                                                                                                                      
+
                                                                                                                                                                      The CCE AI Suite (NVIDIA GPU) add-on provides GPU monitoring metrics. This add-on offers additional GPU observability options. This section describes the metrics provided by CCE AI Suite (NVIDIA GPU).
                                                                                                                                                                      
+
                                                                                                                                                                      GPU Metrics Provided by CCE
                                                                                                                                                                      
+
                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      Table 1 Basic GPU monitoring metrics
                                                                                                                                                                      Category
                                                                                                                                                                      
+
                                                                                                                                                                      Metric
                                                                                                                                                                      
+
                                                                                                                                                                      Type
                                                                                                                                                                      
+
                                                                                                                                                                      Unit
                                                                                                                                                                      
+
                                                                                                                                                                      Monitoring Level
                                                                                                                                                                      
+
                                                                                                                                                                      Description
                                                                                                                                                                      
+
                                                                                                                                                                      Utilization
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_utilization
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      %
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      GPU compute usage
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_memory_utilization
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      %
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      GPU memory usage
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_encoder_utilization
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      %
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      GPU encoding usage
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_decoder_utilization
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      %
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      GPU decoding usage
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_utilization_process
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      %
                                                                                                                                                                      
+
                                                                                                                                                                      GPU processes
                                                                                                                                                                      
+
                                                                                                                                                                      GPU compute usage of each process
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_memory_utilization_process
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      %
                                                                                                                                                                      
+
                                                                                                                                                                      GPU processes
                                                                                                                                                                      
+
                                                                                                                                                                      GPU memory usage of each process
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_encoder_utilization_process
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      %
                                                                                                                                                                      
+
                                                                                                                                                                      GPU processes
                                                                                                                                                                      
+
                                                                                                                                                                      GPU encoding usage of each process
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_decoder_utilization_process
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      %
                                                                                                                                                                      
+
                                                                                                                                                                      GPU processes
                                                                                                                                                                      
+
                                                                                                                                                                      GPU decoding usage of each process
                                                                                                                                                                      
+
                                                                                                                                                                      Memory
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_memory_used
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      Byte
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      Used GPU memory
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_memory_total
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      Byte
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      Total GPU memory
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_memory_free
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      Byte
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      Idle GPU memory
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_bar1_memory_used
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      Byte
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      Used GPU BAR1 memory
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_bar1_memory_total
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      Byte
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      Total GPU BAR1 memory
                                                                                                                                                                      
+
                                                                                                                                                                      Frequency
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_clock
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      MHz
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      GPU clock frequency
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_memory_clock
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      MHz
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      The speed at which the GPU memory operates
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_graphics_clock
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      MHz
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      GPU frequency
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_video_clock
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      MHz
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      GPU video processor frequency
                                                                                                                                                                      
+
                                                                                                                                                                      Physical status
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_temperature
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      °C
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      GPU temperature
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_power_usage
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      Milliwatt
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      GPU power
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_total_energy_consumption
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      Millijoule
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      Total GPU energy consumption
                                                                                                                                                                      
+
                                                                                                                                                                      Bandwidth
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_pcie_link_bandwidth
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      bit
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      GPU PCIe bandwidth
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_nvlink_bandwidth
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      Gbit/s
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      GPU NVLink bandwidth
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_pcie_throughput_rx
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      KB/s
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      GPU PCIe RX bandwidth
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_pcie_throughput_tx
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      KB/s
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      GPU PCIe TX bandwidth
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_nvlink_utilization_counter_rx
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      KB/s
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      GPU NVLink RX bandwidth
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_nvlink_utilization_counter_tx
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      KB/s
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      GPU NVLink TX bandwidth
                                                                                                                                                                      
+
                                                                                                                                                                      Memory isolation page
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_retired_pages_sbe
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      N/A
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      Number of isolated GPU memory pages with single-bit errors
                                                                                                                                                                      
+
                                                                                                                                                                      cce_gpu_retired_pages_dbe
                                                                                                                                                                      
+
                                                                                                                                                                      Gauge
                                                                                                                                                                      
+
                                                                                                                                                                      N/A
                                                                                                                                                                      
+
                                                                                                                                                                      GPU cards
                                                                                                                                                                      
+
                                                                                                                                                                      Number of isolated GPU memory pages with dual-bit errors
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Parent topic: GPU Scheduling
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_10_0957.html b/docs/cce/umn/cce_10_0957.html
new file mode 100644
index 000000000..294e12f50
--- /dev/null
+++ b/docs/cce/umn/cce_10_0957.html
@@ -0,0 +1,118 @@
+
+
+
                                                                                                                                                                      Using the AccessPolicy API to Manage Namespace Permissions (Kubernetes RBAC-based)
                                                                                                                                                                      
+
                                                                                                                                                                      Prerequisites
                                                                                                                                                                      • Before assigning permissions to users or user groups, you need to review the information provided in Namespace Permissions (Kubernetes RBAC-based).
                                                                                                                                                                      • To use an access policy, an IAM user or user group must have the specific permissions. These include CreateAccessPolicy, UpdateAccessPolicy, DeleteAccessPolicy, ListAccessPolicy, and GetAccessPolicy. Learn about the CCE system policies that can be added to a user group and select appropriate ones as needed. For details about how to assign permissions to a user group, see Granting Cluster Permissions to an IAM User.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Configuring Namespace Permissions Through APIs
                                                                                                                                                                      You can regulate users' or user groups' access to Kubernetes resources in a single namespace based on their Kubernetes RBAC roles. Users with the configuration permission can configure access policies through APIs.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      1. Call the API to create an access policy. 
                                                                                                                                                                        POST   /api/v3/access-policies
                                                                                                                                                                        
+
                                                                                                                                                                        Request body:
                                                                                                                                                                        
+
                                                                                                                                                                        {
+    "kind": "AccessPolicy",
+    "apiVersion": "v3",
+    "name": "policy-test",
+    "clusters": [ "*" ],
+    "accessScope": {
+        "namespaces": [ "ns1", "ns2" ]
+    },
+    "policyType": "CCEAdminPolicy/CCEClusterAdminPolicy/CCEEditPolicy/CCEViewPolicy",
+    "principal": {
+        "type": "user/group/agency",
+        "ids": ["id1", "id2" ]
+    }
+}
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Item
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        name
                                                                                                                                                                        
+
                                                                                                                                                                        Name
                                                                                                                                                                        
+
                                                                                                                                                                        Name of the access policy.
                                                                                                                                                                        
+
                                                                                                                                                                        clusters
                                                                                                                                                                        
+
                                                                                                                                                                        Cluster list
                                                                                                                                                                        
+
                                                                                                                                                                        IDs of the clusters to which access policies are to be added. Wildcard characters (*) are supported.
                                                                                                                                                                        
+
                                                                                                                                                                        namespaces
                                                                                                                                                                        
+
                                                                                                                                                                        Namespaces
                                                                                                                                                                        
+
                                                                                                                                                                        Namespaces to which access policies are to be added. Wildcard characters (*) are supported.
                                                                                                                                                                        
+
                                                                                                                                                                        policyType
                                                                                                                                                                        
+
                                                                                                                                                                        Permission type
                                                                                                                                                                        
+
                                                                                                                                                                        Permission type. Options:
                                                                                                                                                                        
+
                                                                                                                                                                        • CCEClusterAdminPolicy: administrator permission
                                                                                                                                                                        • CCEAdminPolicy: O&M permission
                                                                                                                                                                        • CCEEditPolicy: developer permission
                                                                                                                                                                        • CCEViewPolicy: read-only permission
                                                                                                                                                                        
+
                                                                                                                                                                        principalType
                                                                                                                                                                        
+
                                                                                                                                                                        User or user group type
                                                                                                                                                                        
+
                                                                                                                                                                        Type of a user or user group. Options:
                                                                                                                                                                        
+
                                                                                                                                                                        • user: user
                                                                                                                                                                        • group: user group
                                                                                                                                                                        • agency: agency account
                                                                                                                                                                        
+
                                                                                                                                                                        principalId
                                                                                                                                                                        
+
                                                                                                                                                                        User or user group list
                                                                                                                                                                        
+
                                                                                                                                                                        IDs of the users or user groups to be authorized.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. The CCE management plane automatically synchronizes the access policies to the associated cluster. Run the kubectl command. Then, RoleBinding or ClusterRoleBinding will be created in the cluster.
                                                                                                                                                                         
                                                                                                                                                                        The synchronization will take several minutes to take effect.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        1. Check RoleBinding in the cluster.
                                                                                                                                                                          kubectl get rolebinding
                                                                                                                                                                          
+
                                                                                                                                                                          In the following command output, clusterrole_access_policy_069fcc2116c347b89869eae3cd38ba23 is the automatically created RoleBinding:
                                                                                                                                                                          
+
                                                                                                                                                                          NAME                                                         ROLE                AGE
+clusterrole_access_policy_069fcc2116c347b89869eae3cd38ba23   ClusterRole/admin   18s
                                                                                                                                                                          
+
                                                                                                                                                                        2. Check RoleBinding details.
                                                                                                                                                                          kubectl get rolebinding clusterrole_access_policy_069fcc2116c347b89869eae3cd38ba23 -oyaml
                                                                                                                                                                          
+
                                                                                                                                                                          Command output:
                                                                                                                                                                          
+
                                                                                                                                                                          apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+CCE.com/IAM: "true"
+  label:
+rbac.kubernetes.io/GeneratedByAccessPolicy: "true"
+  creationTimestamp: "2021-06-24T01:30:08Z"
+  name: clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7
+  resourceVersion: "36963685"
+  selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/default/rolebindings/clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7
+  uid: 6c6f46a6-8584-47da-83f5-9eef1f7b75d6
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: admin
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: 0c96fad22880f32a3f84c009862af6f7
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                      3. Log in to the CCE console as the newly authorized IAM user for verification. 
                                                                                                                                                                        In the service list, choose Cloud Container Engine. On the CCE console, access the cluster and choose the target namespace. If only the default namespace is authorized and the kube-system namespace is unavailable, the access policy has taken effect.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Parent topic: Permissions
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_10_0967.html b/docs/cce/umn/cce_10_0967.html
new file mode 100644
index 000000000..22fbe3d94
--- /dev/null
+++ b/docs/cce/umn/cce_10_0967.html
@@ -0,0 +1,55 @@
+
+
+
                                                                                                                                                                      Specifying Node Scale-in Conditions for a Node Pool
                                                                                                                                                                      
+
                                                                                                                                                                      When you use the CCE Cluster Autoscaler add-on to automatically adjust the number of nodes, you need to specify the scale-in conditions for each node pool in a cluster based on service requirements.
                                                                                                                                                                      
+
                                                                                                                                                                      Prerequisites
                                                                                                                                                                      • A cluster of v1.25 or later is available.
                                                                                                                                                                      • The CCE Cluster Autoscaler add-on has been installed in the cluster, and the add-on version is 1.25.181, 1.27.152, 1.28.120, 1.29.81, 1.30.48, 1.31.10, or later.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Step 1: Create a Node Pool
                                                                                                                                                                      In this example, you need to create a node pool and configure custom scale-in conditions for it.
                                                                                                                                                                      
+
                                                                                                                                                                      1. Log in to the CCE console.
                                                                                                                                                                      2. Click the cluster name to access the cluster console. In the navigation pane, choose Nodes. Then click the Node Pools tab.
                                                                                                                                                                      3. Click Create Node Pool in the upper right corner and then configure the parameters as required. For details about the parameter settings, see Creating a Node Pool.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Step 2: Specify Custom Scale-in Conditions for the Node Pool
                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                      2. In the navigation pane, choose Settings. Then click the Auto Scaling tab.
                                                                                                                                                                        • If CCE Cluster Autoscaler is not installed, configure add-on parameters based on service requirements, click Install, and wait until the add-on is installed. For details about how to configure the add-on, see CCE Cluster Autoscaler.
                                                                                                                                                                        • If CCE Cluster Autoscaler has been installed, configure scaling policies.
                                                                                                                                                                        
+
                                                                                                                                                                      3. Configure auto scale-in. Auto scale-in is disabled by default. After you enable this feature, you can configure Node Scale-In Conditions.
                                                                                                                                                                        Nodes in a cluster are automatically scaled in when the scale-in conditions are met. If no custom scale-in conditions are configured, the default scale-in conditions are used for each node pool. If you configure custom scale-in conditions for a node pool, the custom scale-in conditions are preferentially used for the node pool.
                                                                                                                                                                        
+
                                                                                                                                                                        Default Scale-In Conditions
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, if the pre-allocated CPU and memory of a node in the cluster are below 50% for 10 minutes, or the node is unavailable for more than 20 minutes, the node is selected for scale-in.
                                                                                                                                                                        
+
                                                                                                                                                                        (Optional) Custom Scale-In Conditions
                                                                                                                                                                        
+
                                                                                                                                                                        Click Add, select a node pool, enter the scale-in conditions, and click Confirm Settings. If auto scaling is not enabled for all specifications in a node pool, custom scale-in conditions configured for the node pool do not take effect. For details about how to enable auto scaling for a node pool, see Configuring Auto Scaling Policies for a Node Pool.
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        Example Value
                                                                                                                                                                        
+
                                                                                                                                                                        Pre-allocated CPU and memory in the Node Scale-In Condition column
                                                                                                                                                                        
+
                                                                                                                                                                        When the ratio of the total CPU or memory of all pods running on the node to the allocatable resources on the node is lower than the threshold, the node can be scaled in.
                                                                                                                                                                        
+
                                                                                                                                                                        For example, if this parameter is set to 30%, scale-in evaluation is triggered when the resource usage is lower than 30%. If this parameter is not configured, the CCE Cluster Autoscaler add-on uses the default resource usage threshold.
                                                                                                                                                                        
+
                                                                                                                                                                        30%
                                                                                                                                                                        
+
                                                                                                                                                                        Time specified in the Node Scale-In Condition column
                                                                                                                                                                        
+
                                                                                                                                                                        This is the duration during which a node is in the unneeded state before the scale-in operation can be performed. CCE Cluster Autoscaler removes a node only when the node is not needed for a specified period of time. This prevents frequent scale-in triggered by temporary resource fluctuation and improves system stability. If this parameter is not configured, the CCE Cluster Autoscaler add-on uses the default setting.
                                                                                                                                                                        
+
                                                                                                                                                                        10 minutes
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      4. In the displayed dialog box, click Save.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Step 3: Verify that the Custom Scale-in Conditions Take Effect
                                                                                                                                                                      In this example, the custom scale-in threshold is set to 30% for the node pool, while the default scale-in threshold is 50%. If the node CPU and memory in the node pool remains between 30% and 50% and scale-in is not triggered, the node pool preferentially follows the custom scale-in conditions instead of the default scale-in conditions.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Related Operations
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Parent topic: Scaling a Node
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_10_0968.html b/docs/cce/umn/cce_10_0968.html
new file mode 100644
index 000000000..de99fad12
--- /dev/null
+++ b/docs/cce/umn/cce_10_0968.html
@@ -0,0 +1,35 @@
+
+
+
                                                                                                                                                                      NGINX Ingress Controller Upgrade Compatibility
                                                                                                                                                                      
+
                                                                                                                                                                      Compatibility
                                                                                                                                                                      CCE NGINX Ingress Controller is based on the community version of Ingress NGINX Controller. Upgrades to the community version may introduce new features, optimize existing ones, or address security issues. As a result, compatibility differences may occur after you upgrade CCE NGINX Ingress Controller. These differences can include configuration changes between versions, deprecated Kubernetes APIs, default actions, and compatibility with dependency components. 
                                                                                                                                                                      
+
                                                                                                                                                                      Before upgrading the NGINX Ingress Controller, pay attention to the following compatibility issues identified by CCE:
                                                                                                                                                                      
+
+
                                                                                                                                                                      
+
                                                                                                                                                                      Native Nginx Validity Check Disabled by Default
                                                                                                                                                                      Affected versions: earlier than 3.0.33
                                                                                                                                                                      
+
                                                                                                                                                                      The NGINX Ingress Controller v3.0.33 corresponds to community version v1.11.5. In this community version, the security vulnerability CVE-2025-1974 has been fixed, and nginx -t (syntax check) has been removed from webhooks. In the community version v1.11.5, the format of ingress resources is still verified using admission webhooks. However, if you enable snippet annotations and the configuration contains syntax errors, invalid configurations may be directly injected into the nginx.conf file. Since there is no pre-check to validate the injected configuration, such errors may cause the Nginx configuration reload to fail. Therefore, if you enable snippet annotations, check NGINX Ingress Controller's pod logs for errors each time you modify the ingress rules. To do so, run the following command:
                                                                                                                                                                      
+
                                                                                                                                                                      kubectl logs -f {nginx-ingress-controller-pod-name} -n kube-system | grep Error
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Snippet Annotations Disabled by Default
                                                                                                                                                                      Affected versions: earlier than 2.4.6
                                                                                                                                                                      
+
                                                                                                                                                                      Starting from version 2.4.6, the NGINX Ingress Controller has disabled snippet annotations by default to improve security and configuration stability. The snippet annotations include:
                                                                                                                                                                      
+
                                                                                                                                                                      • nginx.ingress.kubernetes.io/configuration-snippet
                                                                                                                                                                      • nginx.ingress.kubernetes.io/server-snippet
                                                                                                                                                                      • nginx.ingress.kubernetes.io/stream-snippet
                                                                                                                                                                      • nginx.ingress.kubernetes.io/auth-snippet
                                                                                                                                                                      • nginx.ingress.kubernetes.io/modsecurity-snippet
                                                                                                                                                                      
+
                                                                                                                                                                      For security and stability, use built-in annotations or other configuration settings provided by the NGINX Ingress Controller to implement the required functionality, rather than relying on snippet annotations.
                                                                                                                                                                      
+
                                                                                                                                                                      If you still need to use snippet annotations, fully evaluate the associated risks and manually enable the annotation function. To do so, go to Settings, click YAML under Nginx Parameters and add "allow-snippet-annotations": "true".
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Earlier TLS Versions Not Supported
                                                                                                                                                                      Affected versions: earlier than 2.3.3
                                                                                                                                                                      
+
                                                                                                                                                                      TLS v1.1 and earlier versions have security issues. The NGINX Ingress Controller of v2.3.3 and later versions does not support TLS v1.1 and TLS v1.0 by default. Therefore, before upgrading the NGINX Ingress Controller, ensure your services do not rely on TLS v1.1 or earlier versions. Remove these versions from your configuration to maintain compatibility and security.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Nginx Native root and alias Directives Not Supported
                                                                                                                                                                      Affected versions: earlier than 2.1.1
                                                                                                                                                                      
+
                                                                                                                                                                      To prevent sensitive file leakage or path conflicts caused by incorrect configurations, the NGINX Ingress Controller of v2.1.1 and later versions has removed support for the root and alias directives. Therefore, before upgrading the NGINX Ingress Controller, ensure your ingresses do not contain the Nginx native root or alias directives configured using snippets.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Graceful Upgrades Supported by NGINX Ingress Controller
                                                                                                                                                                      To ensure a smooth upgrade and maintain service stability, pay attention to the following add-on versions:
                                                                                                                                                                      
+
                                                                                                                                                                      • 2.1.x: The NGINX Ingress Controller of v2.1.33 and later versions supports graceful shutdown and hitless upgrade.
                                                                                                                                                                      • 2.2.x: The NGINX Ingress Controller of v2.2.42 and later versions supports graceful shutdown and hitless upgrade.
                                                                                                                                                                      • 2.4.6 or later: The NGINX Ingress Controller supports graceful shutdown and hitless upgrade.
                                                                                                                                                                      
+
                                                                                                                                                                      For versions beyond the preceding ranges, services may experience temporary downtime during upgrades. To ensure service continuity and stability, plan and conduct an upgrade during off-peak hours.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Parent topic: Nginx Ingresses
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_bestpractice_00004.html b/docs/cce/umn/cce_bestpractice_00004.html
index 73223a5f0..aa99383c1 100644
--- a/docs/cce/umn/cce_bestpractice_00004.html
+++ b/docs/cce/umn/cce_bestpractice_00004.html
@@ -3,37 +3,37 @@
 
                                                                                                                                                                      Planning CIDR Blocks for a Cluster
                                                                                                                                                                      
 
                                                                                                                                                                      Before creating a cluster on CCE, determine the number of VPCs, number of subnets, container CIDR blocks, and Services for access based on service requirements.
                                                                                                                                                                      
 
                                                                                                                                                                      This topic describes the addresses in a CCE cluster in a VPC and how to plan CIDR blocks.
                                                                                                                                                                      
-
                                                                                                                                                                      Constraints
                                                                                                                                                                      To access a CCE cluster through a VPN, ensure that the VPN does not conflict with the VPC CIDR block where the cluster resides and the container CIDR block.
                                                                                                                                                                      
+
                                                                                                                                                                      Notes and Constraints
                                                                                                                                                                      To access a CCE cluster through a VPN, ensure that the VPN does not conflict with the VPC CIDR block where the cluster resides and the container CIDR block.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Basic Concepts
                                                                                                                                                                      • VPC CIDR Block
                                                                                                                                                                        Virtual Private Cloud (VPC) enables you to provision logically isolated, configurable, and manageable virtual networks for cloud servers, cloud containers, and cloud databases. You have complete control over your virtual network, including selecting your own CIDR block, creating subnets, and configuring security groups. You can also assign EIPs and allocate bandwidth in your VPC for secure and easy access to your business system.
                                                                                                                                                                        
-
                                                                                                                                                                      • Subnet CIDR Block
                                                                                                                                                                        A subnet is a network that manages ECS network planes. It supports IP address management and DNS. The IP addresses of all ECSs in a subnet belong to the subnet.
                                                                                                                                                                        Figure 1 VPC CIDR block architecture
                                                                                                                                                                        
+
                                                                                                                                                                      • Subnet CIDR Block
                                                                                                                                                                        A subnet is a network that manages ECS network planes. It supports IP address management and DNS. The IP addresses of all ECSs in a subnet belong to the subnet.
                                                                                                                                                                        Figure 1 VPC CIDR block architecture
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        By default, ECSs in all subnets of the same VPC can communicate with one another, while ECSs in different VPCs cannot communicate with each other.
                                                                                                                                                                        
 
                                                                                                                                                                        You can create a peering connection on VPC to enable ECSs in different VPCs to communicate with each other.
                                                                                                                                                                        
 
                                                                                                                                                                      • Container (Pod) CIDR Block
                                                                                                                                                                        Pod is a Kubernetes concept. Each pod has an IP address.
                                                                                                                                                                        
-
                                                                                                                                                                        When creating a cluster on CCE, you can specify the pod (container) CIDR block, which cannot overlap with the subnet CIDR block. For example, if the subnet CIDR block is 192.168.0.0/16, the container CIDR block cannot be 192.168.0.0/18 or 192.168.1.0/18, because these addresses are included in 192.168.0.0/16.
                                                                                                                                                                        
+
                                                                                                                                                                        When creating a cluster on CCE, you can specify the pod (container) CIDR block, which cannot overlap with the subnet CIDR block. For example, if the subnet CIDR block is 192.168.0.0/16, the container CIDR block of the cluster cannot be 192.168.0.0/18 or 192.168.64.0/18 because these addresses are covered by 192.168.0.0/16.
                                                                                                                                                                        
 
                                                                                                                                                                      • Container Subnet (Only for CCE Turbo Clusters)
                                                                                                                                                                        In a CCE Turbo cluster, a container is assigned an IP address from the CIDR block of a VPC. The container subnet can overlap with the subnet CIDR block. Note that the subnet you select determines the maximum number of pods in the cluster.
                                                                                                                                                                        
 
                                                                                                                                                                      • Service CIDR Block
                                                                                                                                                                        Service is also a Kubernetes concept. Each Service has an address. When creating a cluster on CCE, you can specify the Service CIDR block. Similarly, the Service CIDR block cannot overlap with the subnet CIDR block or the container CIDR block. The Service CIDR block can be used only within a cluster.
                                                                                                                                                                        
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Single-VPC Single-Cluster Scenarios
                                                                                                                                                                      CCE Clusters: include clusters in VPC network model and container tunnel network model. Figure 2 shows the CIDR block planning of a cluster.
                                                                                                                                                                      • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                      • Subnet CIDR Block: specifies the subnet CIDR block where the node in the cluster resides. The subnet CIDR block is included in the VPC CIDR block. Different nodes in the same cluster can be allocated to different subnet CIDR blocks.
                                                                                                                                                                      • Container CIDR Block: cannot overlap with the subnet CIDR block.
                                                                                                                                                                      • Service CIDR Block: cannot overlap with the subnet CIDR block or the container CIDR block.
                                                                                                                                                                      
-
                                                                                                                                                                      Figure 2 Network CIDR block planning in single-VPC single-cluster scenarios (CCE cluster)
                                                                                                                                                                      
+
                                                                                                                                                                      Figure 2 Network CIDR block planning in single-VPC single-cluster scenarios (CCE cluster)
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Figure 3 shows the CIDR block planning for a CCE Turbo cluster (Cloud Native Network 2.0).
                                                                                                                                                                      • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                      • Subnet CIDR Block: specifies the subnet CIDR block where the node in the cluster resides. The subnet CIDR block is included in the VPC CIDR block. Different nodes in the same cluster can be allocated to different subnet CIDR blocks.
                                                                                                                                                                      • Container Subnet CIDR Block: The container subnet is included in the VPC CIDR block and can overlap with the subnet CIDR block or even be the same as the subnet CIDR block. Note that the container subnet size determines the maximum number of containers in the cluster because IP addresses in the VPC are directly allocated to containers. Set a larger IP address segment for the container subnet to prevent insufficient container IP addresses.
                                                                                                                                                                      • Service CIDR Block: cannot overlap with the subnet CIDR block or the container CIDR block.
                                                                                                                                                                      
-
                                                                                                                                                                      Figure 3 Network CIDR block planning in single-VPC single-cluster scenarios (CCE Turbo cluster)
                                                                                                                                                                      
+
                                                                                                                                                                      Figure 3 Network CIDR block planning in single-VPC single-cluster scenarios (CCE Turbo cluster)
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Single-VPC Multi-Cluster Scenarios
                                                                                                                                                                      VPC network model
                                                                                                                                                                      
 
                                                                                                                                                                      Pod packets are forwarded through VPC routes. CCE automatically configures a routing table on the VPC routes to each container CIDR block. The network scale is limited by the VPC route table. Figure 4 shows the CIDR block planning of the cluster.
                                                                                                                                                                      • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                      • Subnet CIDR Block: The subnet CIDR block in each cluster cannot overlap with the container CIDR block.
                                                                                                                                                                      • Container CIDR Block: If multiple VPC network model clusters exist in a single VPC, the container CIDR blocks of all clusters cannot overlap because the clusters use the same routing table. In this case, if the node security group allows container CIDR block from the peer cluster, pods in one cluster can directly access pods in another cluster through the pod IP addresses.
                                                                                                                                                                      • Service CIDR Block: can be used only in clusters. Therefore, the Service CIDR blocks of different clusters can overlap, but cannot overlap with the subnet CIDR block and container CIDR block of the cluster.
                                                                                                                                                                      
-
                                                                                                                                                                      Figure 4 VPC network - multi-cluster scenario
                                                                                                                                                                      
+
                                                                                                                                                                      Figure 4 VPC network - multi-cluster scenario
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Tunnel network model
                                                                                                                                                                      
-
                                                                                                                                                                      Though at some cost of performance, the tunnel encapsulation enables higher interoperability and compatibility with advanced features (such as network policy-based isolation), meeting the requirements of most applications. Figure 5 shows the CIDR block planning of the cluster.
                                                                                                                                                                      • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                      • Subnet CIDR Block: The subnet CIDR block in each cluster cannot overlap with the container CIDR block.
                                                                                                                                                                      • Container CIDR Block: The container CIDR blocks of all clusters can overlap. In this case, pods in different clusters cannot be directly accessed through pod IP addresses. Services are needed for accessing pods in different clusters needs. The LoadBlancer Services are recommended.
                                                                                                                                                                      • Service CIDR Block: can be used only in clusters. Therefore, the Service CIDR blocks of different clusters can overlap, but cannot overlap with the subnet CIDR block and container CIDR block of the cluster.
                                                                                                                                                                      
-
                                                                                                                                                                      Figure 5 Tunnel network - multi-cluster scenario
                                                                                                                                                                      
+
                                                                                                                                                                      Though at some cost of performance, the tunnel encapsulation enables higher interoperability and compatibility with advanced features (such as network policy-based isolation), meeting the requirements of most applications. Figure 5 shows the CIDR block planning of the cluster.
                                                                                                                                                                      • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                      • Subnet CIDR Block: The subnet CIDR block in each cluster cannot overlap with the container CIDR block.
                                                                                                                                                                      • Container CIDR Block: The container CIDR blocks of all clusters can overlap. In this case, pods in different clusters cannot be directly accessed through pod IP addresses. Services are needed for accessing pods in different clusters. The LoadBalancer Services are recommended.
                                                                                                                                                                      • Service CIDR Block: can be used only in clusters. Therefore, the Service CIDR blocks of different clusters can overlap, but cannot overlap with the subnet CIDR block and container CIDR block of the cluster.
                                                                                                                                                                      
+
                                                                                                                                                                      Figure 5 Tunnel network - multi-cluster scenario
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Cloud Native 2.0 network model (CCE Turbo Clusters)
                                                                                                                                                                      
 
                                                                                                                                                                      In this mode, container IP addresses are allocated from the VPC CIDR block. ELB passthrough networking is supported to direct access requests to containers. Security groups and multiple types of VPC networks can be bound to deliver high performance.
                                                                                                                                                                      • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. In a CCE Turbo cluster, the CIDR block size affects the total number of nodes and containers that can be created in the cluster.
                                                                                                                                                                      • Subnet CIDR Block: There is no special restriction on the subnet CIDR blocks in CCE Turbo clusters.
                                                                                                                                                                      • Container Subnet: The CIDR block of the container subnet is included in the VPC CIDR block. Container subnets in different clusters can overlap with each other or overlap with the subnet CIDR block. However, you are advised to stagger the container CIDR blocks of different clusters and ensure that the container subnet CIDR blocks have sufficient IP addresses. In this case, if the ENI security group of the cluster allows the container CIDR block of the peer cluster, pods in different clusters can directly access each other through IP addresses.
                                                                                                                                                                      • Service CIDR Block: can be used only in clusters. Therefore, the Service CIDR blocks of different clusters can overlap, but cannot overlap with the subnet CIDR block and container subnet CIDR block of the cluster.
                                                                                                                                                                      
-
                                                                                                                                                                      Figure 6 Cloud Native 2.0 network - multi-cluster scenario
                                                                                                                                                                      
+
                                                                                                                                                                      Figure 6 Cloud Native 2.0 network - multi-cluster scenario
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Clusters using different networks
                                                                                                                                                                      
 
                                                                                                                                                                      When a VPC contains clusters created with different network models, comply with the following rules when creating a cluster:
                                                                                                                                                                      
@@ -42,15 +42,15 @@
 
                                                                                                                                                                      Cross-VPC Cluster Interconnection
                                                                                                                                                                      If VPCs cannot communicate with each other, a VPC peering connection is used to ensure communication between VPCs. When two VPC networks are interconnected, you can configure the packets to be sent to the peer VPC in the route table. 
                                                                                                                                                                      
 
                                                                                                                                                                      Clusters using VPC networks
                                                                                                                                                                      
 
                                                                                                                                                                      To allow clusters that use VPC networks to access each other across VPCs, add routes to the two ends of the VPC peering after a VPC peering connection is created.
                                                                                                                                                                      
-
                                                                                                                                                                      Figure 7 VPC network - VPC interconnection scenario
                                                                                                                                                                      
+
                                                                                                                                                                      Figure 7 VPC network - VPC interconnection scenario
                                                                                                                                                                      
 
                                                                                                                                                                      When creating a VPC peering connection between containers across VPCs, pay attention to the following points:
                                                                                                                                                                      
 
                                                                                                                                                                      • The VPC to which the clusters belong must not overlap. In each cluster, the subnet CIDR block cannot overlap with the container CIDR block.
                                                                                                                                                                      • The container CIDR blocks of clusters at both ends cannot overlap, but the Service CIDR blocks can.
                                                                                                                                                                      • If the request end cluster uses the VPC network, check whether the node security group in the destination cluster allows the container CIDR block of the request end cluster. If yes, pods in one cluster can directly access pods in another cluster through the pod IP address. Similarly, if nodes running in the clusters at the two ends of the VPC peering connection need to access each other, the node security group must allow the VPC CIDR block of the peer cluster.
                                                                                                                                                                      • You need to add routes for accessing the peer network CIDR block to the VPC routing tables at both ends. For example, you need to add a route for accessing the CIDR block of VPC 2 to the route table of VPC 1, and add a route for accessing VPC 1 to the route table of VPC 2.
                                                                                                                                                                        • Add the VPC CIDR block of the peer cluster: After the route of the VPC CIDR block is added, a pod in a cluster can access another cluster node. For example, the pod can access the port of a NodePort Service.
                                                                                                                                                                        • Add peer container CIDR block: After the route of the container CIDR block is added, a pod can directly access pods in another cluster through the container IP addresses.
                                                                                                                                                                        
 
                                                                                                                                                                      
 
                                                                                                                                                                      Clusters using tunnel networks
                                                                                                                                                                      
 
                                                                                                                                                                      To allow clusters that use tunnel networks to access each other across VPCs, add routes to the two ends of the VPC peering after a VPC peering connection is created.
                                                                                                                                                                      
-
                                                                                                                                                                      Figure 8 Tunnel network - VPC interconnection scenario
                                                                                                                                                                      
+
                                                                                                                                                                      Figure 8 Tunnel network - VPC interconnection scenario
                                                                                                                                                                      
 
                                                                                                                                                                      Pay attention to the following:
                                                                                                                                                                      
-
                                                                                                                                                                      • The VPCs of the peer clusters must not overlap.
                                                                                                                                                                      • The container CIDR blocks of all clusters can overlap, so do the Service CIDR blocks.
                                                                                                                                                                      • If the request end cluster uses the tunnel network, check whether the node security group in the destination cluster allows the VPC CIDR block (including the node subnets) of the request end cluster. If yes, nodes in one cluster can access nodes in another cluster. However, pods in different clusters cannot be directly accessed using pod IP addresses. Access between pods in different clusters requires Services. The LoadBlancer Services are recommended.
                                                                                                                                                                      • The VPC CIDR block route of the peer cluster must be added to the VPC routing tables of both ends. For example, you need to add a route for accessing the CIDR block of VPC 2 to the route table of VPC 1, and add a route for accessing VPC 1 to the route table of VPC 2. After the route of the VPC CIDR block is added, the pod can access another cluster node, for example, accessing the port of a NodePort Service.
                                                                                                                                                                      
+
                                                                                                                                                                      • The VPCs of the peer clusters must not overlap.
                                                                                                                                                                      • The container CIDR blocks of all clusters can overlap, so do the Service CIDR blocks.
                                                                                                                                                                      • If the request end cluster uses the tunnel network, check whether the node security group in the destination cluster allows the VPC CIDR block (including the node subnets) of the request end cluster. If yes, nodes in one cluster can access nodes in another cluster. However, pods in different clusters cannot be directly accessed using pod IP addresses. Access between pods in different clusters requires Services. The LoadBalancer Services are recommended.
                                                                                                                                                                      • The VPC CIDR block route of the peer cluster must be added to the VPC routing tables of both ends. For example, you need to add a route for accessing the CIDR block of VPC 2 to the route table of VPC 1, and add a route for accessing VPC 1 to the route table of VPC 2. After the route of the VPC CIDR block is added, the pod can access another cluster node, for example, accessing the port of a NodePort Service.
                                                                                                                                                                      
 
                                                                                                                                                                      Clusters using Cloud Native 2.0 networks (CCE Turbo clusters)
                                                                                                                                                                      
 
                                                                                                                                                                      After creating a VPC peering connection, add routes of the VPC peering connection to both ends so that the two VPCs can communicate with each other. Pay attention to the following:
                                                                                                                                                                      • The VPCs of the clusters at the two ends must not overlap.
                                                                                                                                                                      • If the request end cluster uses the Cloud Native 2.0 network, check whether the ENI security group (named in the format of {Cluster name}-cce-eni-{Random ID}) of the destination cluster allows the VPC CIDR block (including the node subnets and container CIDR block) of the request end cluster. If yes, pods in one cluster can directly access pods in another cluster through the pod IP addresses. Similarly, if nodes in the clusters at the two ends of the VPC peering need to access each other, allow the VPC CIDR block of the peer cluster in the node security group (named in the format of {Cluster name}-cce-node-{Random ID}).
                                                                                                                                                                      • The VPC CIDR block route of the peer cluster must be added to the VPC routing tables of both ends. For example, you need to add a route for accessing the CIDR block of VPC 2 to the route table of VPC 1, and add a route for accessing VPC 1 to the route table of VPC 2. After the route of the VPC CIDR block is added, the pod can access pod IP addresses or nodes in another cluster.
                                                                                                                                                                      
 
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_00006.html b/docs/cce/umn/cce_bestpractice_00006.html
index 8204781b2..a87ad6084 100644
--- a/docs/cce/umn/cce_bestpractice_00006.html
+++ b/docs/cce/umn/cce_bestpractice_00006.html
@@ -50,10 +50,10 @@
 
 
                                                                                                                                                                      Deployment
                                                                                                                                                                      
 
                                                                                                                                                                      After a cluster is created, the network model cannot be changed. Exercise caution when selecting a network model.
                                                                                                                                                                      
+
                                                                                                                                                                      After a cluster is created, the network model cannot be changed.
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      Workload
                                                                                                                                                                      
+
                                                                                                                                                                      Workload
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      When creating a workload, set the CPU and memory limits to improve service robustness.
                                                                                                                                                                      
 
                                                                                                                                                                      If the health check function is not configured, a pod cannot detect service exceptions or automatically restart the service to restore it. This results in a situation where the pod status is normal but the service in the pod is abnormal.
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      When creating a workload, select a proper access mode (Service). Currently, the following types of Services are supported: ClusterIP, NodePort, and LoadBalancer.
                                                                                                                                                                      
-
                                                                                                                                                                      Deployment
                                                                                                                                                                      
-
                                                                                                                                                                      Improper Service configuration may cause logic confusion for internal and external access and resource waste.
                                                                                                                                                                      
-
                                                                                                                                                                      
 
                                                                                                                                                                      When creating a workload, do not set the number of replicas for a single pod. Set a proper node scheduling policy based on your service requirements.
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      Reliability
                                                                                                                                                                      
@@ -97,6 +90,22 @@
 
                                                                                                                                                                      If the pre-stop processing command is not configured, the pod will be directly killed and services will be interrupted during application upgrade. 
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      Networking
                                                                                                                                                                      
+
                                                                                                                                                                      When creating a workload, select a proper access mode (Service). The following types of Services are supported: ClusterIP, NodePort, and LoadBalancer.
                                                                                                                                                                      
+
                                                                                                                                                                      Deployment
                                                                                                                                                                      
+
                                                                                                                                                                      Improper Service configuration may cause logic confusion for internal and external access and resource waste.
                                                                                                                                                                      
+
                                                                                                                                                                      When creating a LoadBalancer Service or ingress, configure health checks to ensure service reliability.
                                                                                                                                                                      
+
                                                                                                                                                                      Reliability
                                                                                                                                                                      
+
                                                                                                                                                                      If a health check is not configured, the services in a pod might not be working properly, but traffic will still be directed to that pod.
                                                                                                                                                                      
+
                                                                                                                                                                      
 
 
                                                                                                                                                                      
 
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_0002.html b/docs/cce/umn/cce_bestpractice_0002.html
index 08de92346..8c953a125 100644
--- a/docs/cce/umn/cce_bestpractice_0002.html
+++ b/docs/cce/umn/cce_bestpractice_0002.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                      Solution Overview
                                                                                                                                                                      
 
                                                                                                                                                                      This chapter provides CCE best practices to walk you through the application containerization.
                                                                                                                                                                      
 
                                                                                                                                                                      What Is a Container?
                                                                                                                                                                      A container is a lightweight high-performance resource isolation mechanism implemented based on the Linux kernel. It is a built-in capability of the operating system (OS) kernel. 
                                                                                                                                                                      
-
                                                                                                                                                                      CCE is an enterprise-class container service based on open-source Kubernetes. It is a high-performance and high-reliability service through which enterprises can manage containerized applications. CCE supports native Kubernetes applications and tools, allowing you to easily set up a container runtime in the cloud.
                                                                                                                                                                      
+
                                                                                                                                                                      CCE is an enterprise-class container service based on open source Kubernetes. It is a high-performance and high-reliability service through which enterprises can manage containerized applications. CCE supports native Kubernetes applications and tools, allowing you to easily set up a container runtime in the cloud.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Why Is a Container Preferred?
                                                                                                                                                                      • More efficient use of system resources
                                                                                                                                                                        A container does not require extra costs such as fees for hardware virtualization and those for running a complete OS. Therefore, a container has higher resource usage. Compared with a VM with the same configurations, a container can run more applications. 
                                                                                                                                                                        
 
                                                                                                                                                                      • Faster startup
                                                                                                                                                                        A container directly runs on the host kernel and does not need to start a complete OS. Therefore, a container can be started within seconds or even milliseconds, greatly saving the development, testing, and deployment time.
                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_bestpractice_0003.html b/docs/cce/umn/cce_bestpractice_0003.html
index 385a168a8..6f44991ee 100644
--- a/docs/cce/umn/cce_bestpractice_0003.html
+++ b/docs/cce/umn/cce_bestpractice_0003.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                        No recoding or re-architecting is required. You only need to pack the entire application into a container image and deploy the container image on CCE.
                                                                                                                                                                        
 
                                                                                                                                                                        Introduction
                                                                                                                                                                        In this example, the enterprise management application is developed by enterprise A. This application is provided for third-party enterprises for use, and enterprise A is responsible for application maintenance.
                                                                                                                                                                        
 
                                                                                                                                                                        When a third-party enterprise needs to use this application, a suit of Tomcat application and MongoDB database must be deployed for the third-party enterprise. The MySQL database, used to store data of third-party enterprises, is provided by enterprise A.
                                                                                                                                                                        
-
                                                                                                                                                                        Figure 1 Application architecture
                                                                                                                                                                        
+
                                                                                                                                                                        Figure 1 Application architecture
                                                                                                                                                                        
 
                                                                                                                                                                        As shown in Figure 1, the application is a standard Tomcat application, and its backend interconnects with MongoDB and MySQL databases. For this type of applications, there is no need to split the architecture. The entire application is built as an image, and the MongoDB database is deployed in the same image as the Tomcat application. In this way, the application can be deployed or upgraded through the image.
                                                                                                                                                                        
 
                                                                                                                                                                        • Interconnecting with the MongoDB database for storing user files.
                                                                                                                                                                        • Interconnecting with the MySQL database for storing third-party enterprise data. The MySQL database is an external cloud database.
                                                                                                                                                                        
 
                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_bestpractice_00035.html b/docs/cce/umn/cce_bestpractice_00035.html
index f628fb2e2..b1dbbad84 100644
--- a/docs/cce/umn/cce_bestpractice_00035.html
+++ b/docs/cce/umn/cce_bestpractice_00035.html
@@ -1,25 +1,25 @@
 
 
 
                                                                                                                                                                        Obtaining the Client Source IP Address for a Container
                                                                                                                                                                        
-
                                                                                                                                                                        When using containers, clients may communicate with them through multiple proxy servers. However, this can cause issues with transferring the clients' source IP addresses to the containers' services. This section describes how to effectively obtain the source IP address of a client in a container based on different network solutions provided by CCE clusters.
                                                                                                                                                                        
+
                                                                                                                                                                        When using containers, clients may communicate with them through multiple proxy servers. However, this can cause issues with transferring the clients' source IP addresses to the containers' services. This section describes how to effectively obtain the client source IP address from a container based on different network solutions provided by CCE clusters.
                                                                                                                                                                        
 
                                                                                                                                                                        Description
                                                                                                                                                                        The method for obtaining source client IP addresses may vary with the network settings. The following shows some typical network configurations and their corresponding solutions:
                                                                                                                                                                        
-
                                                                                                                                                                        • Ingress Layer-7 forwarding: When accessing an application at Layer-7, the client's source IP address is automatically saved in the X-Forwarded-For field of the HTTP header. No additional configurations are needed to obtain the client's source IP address.
                                                                                                                                                                        • Service Layer-4 forwarding: The method and principle for obtaining the source IP addresses will depend on the type of Services being used.
                                                                                                                                                                          • LoadBalancer Service: A load balancer is used as the traffic entry. Both shared and dedicated load balancers are supported.
                                                                                                                                                                            • For a shared load balancer, you need to enable the function of obtaining client IP addresses on the listeners.
                                                                                                                                                                            • By default, the function of obtaining client IP addresses is enabled for a dedicated load balancer listener.
                                                                                                                                                                            
+
                                                                                                                                                                            • Ingress Layer-7 forwarding: When accessing an application at Layer-7, the client's source IP address is automatically saved in the X-Forwarded-For field of the HTTP header. No additional configurations are needed to obtain the client's source IP address.
                                                                                                                                                                            • Service Layer-4 forwarding: The method and principle for obtaining the source IP addresses will depend on the type of Services being used.
                                                                                                                                                                              • LoadBalancer Service: A load balancer is used as the traffic entry. Both shared and dedicated load balancers are supported.
                                                                                                                                                                                • For a shared load balancer, you need to enable the function of obtaining client IP addresses on the listeners.
                                                                                                                                                                                • By default, the function of obtaining client IP addresses is enabled for a dedicated load balancer listener.
                                                                                                                                                                                
 
                                                                                                                                                                              • NodePort Service: Container ports are mapped to node ports, which are used as the entry for external services. The capability of obtaining client source IP addresses depends on the service affinity.
                                                                                                                                                                                • In a cluster-level service affinity for a NodePort Service, traffic is forwarded within the cluster, which means the backend containers of the Service cannot access the client's source IP address.
                                                                                                                                                                                • In a node-level service affinity for a NodePort Service, the traffic can directly reach the container without any forwarding. This allows the backend containers of the Service to obtain the source IP address of the client.
                                                                                                                                                                                
 
                                                                                                                                                                              
 
                                                                                                                                                                            
 
                                                                                                                                                                        
-
                                                                                                                                                                        ELB Ingress
                                                                                                                                                                        For the ELB Ingresses (using HTTP- or HTTPS-compliant), the function of obtaining the source IP addresses of the client is enabled by default. No other operation is required.
                                                                                                                                                                        
-
                                                                                                                                                                        A client source IP address is placed in the X-Forwarded-For field of the HTTP header by the load balancer. The format is as follows:
                                                                                                                                                                        
-
                                                                                                                                                                        X-Forwarded-For: <client-source-IP-address>, <proxy-server-1-IP-address>, <proxy-server-2-IP-address>, ...
                                                                                                                                                                        
-
                                                                                                                                                                        The first IP address obtained from the X-Forwarded-For field is the client source IP address.
                                                                                                                                                                        
+
                                                                                                                                                                        LoadBalancer Ingress
                                                                                                                                                                        For the ELB Ingresses (using HTTP- or HTTPS-compliant), the function of obtaining the source IP addresses of the client is enabled by default. No other operation is required.
                                                                                                                                                                        
+
                                                                                                                                                                        A client source IP address is placed in the X-Forwarded-For field of the HTTP header by the load balancer. The format is as follows:
                                                                                                                                                                        
+
                                                                                                                                                                        X-Forwarded-For: <client-source-IP-address>, <proxy-server-1-IP-address>, <proxy-server-2-IP-address>, ...
                                                                                                                                                                        
+
                                                                                                                                                                        The first IP address obtained from the X-Forwarded-For field is the client source IP address.
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        Nginx Ingress
                                                                                                                                                                        • For an Nginx Ingress that uses a dedicated load balancer, transparent transmission of source IP addresses is enabled by default. This means that you can easily obtain the source IP address of the client without any additional configurations.
                                                                                                                                                                        • For an Nginx Ingress that uses a shared load balancer, perform the following steps to obtain the source IP address of the client:
                                                                                                                                                                        
+
                                                                                                                                                                        Nginx Ingress
                                                                                                                                                                        • For an Nginx ingress that uses a dedicated load balancer, transparent transmission of source IP addresses is enabled by default. This means that you can easily obtain the source IP address of the client without any additional configurations.
                                                                                                                                                                        • For an Nginx ingress that uses a shared load balancer, perform the following steps to obtain the source IP address of the client:
                                                                                                                                                                        
 
                                                                                                                                                                        1. Take the Nginx workload as an example. Before configuring the source IP address, obtain the access logs. nginx-c99fd67bb-ghv4q indicates the pod name.
                                                                                                                                                                          kubectl logs nginx-c99fd67bb-ghv4q
                                                                                                                                                                          
 
                                                                                                                                                                          Information similar to the following is displayed:
                                                                                                                                                                          
 
                                                                                                                                                                          ...
 10.0.0.7 - - [17/Aug/2023:01:30:11 +0000] "GET / HTTP/1.1" 200 19 "http://114.114.114.114:9421/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203" "100.125.**.**"
                                                                                                                                                                          
 
                                                                                                                                                                          100.125.**.** specifies the CIDR block of the load balancer, indicating that the traffic is forwarded through the load balancer.
                                                                                                                                                                          
-
                                                                                                                                                                        2. Enable Transfer Client IP Address. This operation is required only when shared load balancers are used. For dedicated load balancers, source IP address-based transparent transmission is enabled by default.
                                                                                                                                                                          1. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                          2. Choose Service List > Networking > Elastic Load Balance.
                                                                                                                                                                          3. On the Elastic Load Balance page, click the name of the target load balancer.
                                                                                                                                                                          4. Click the Listeners tab, locate the row containing the target listener, and click Edit. If modification protection exists, disable the protection on the basic information page of the listener and try again.
                                                                                                                                                                          5. Enable Transfer Client IP Address.
                                                                                                                                                                          
+
                                                                                                                                                                        3. Enable Transfer Client IP Address. This operation is required only when shared load balancers are used. For dedicated load balancers, source IP address-based transparent transmission is enabled by default.
                                                                                                                                                                          1. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                          2. Choose Service List > Networking > Elastic Load Balance.
                                                                                                                                                                          3. On the Elastic Load Balance page, click the name of the target load balancer.
                                                                                                                                                                          4. Click the Listeners tab, locate the row containing the target listener, and click Edit. If modification protection exists, disable the protection on the basic information page of the listener and try again.
                                                                                                                                                                          5. Enable Transfer Client IP Address.
                                                                                                                                                                          
 
                                                                                                                                                                        4. Access the workload again and view the new access log.
                                                                                                                                                                          ...
 10.0.0.7 - - [17/Aug/2023:02:43:11 +0000] "GET / HTTP/1.1" 304 0 "http://114.114.114.114:9421/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203" "124.**.**.**"
                                                                                                                                                                          
 
                                                                                                                                                                          The source IP address of the client is obtained.
                                                                                                                                                                          
@@ -40,7 +40,7 @@
 
                                                                                                                                                                        
 
                                                                                                                                                                        VPC and Container Tunnel Network Models
                                                                                                                                                                        
 
                                                                                                                                                                        To enable the function of obtaining the source IP address on the console, perform the following steps:
                                                                                                                                                                        
-
                                                                                                                                                                        1. When creating a LoadBalancer Service on the CCE console, set Service Affinity to Node-level instead of Cluster-level.
                                                                                                                                                                        2. Go to the ELB console and enable the function of obtaining the client IP address of the listener corresponding to the load balancer. Transparent transmission of source IP addresses is enabled for dedicated load balancers by default. You do not need to manually enable this function.
                                                                                                                                                                          1. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                          2. Choose Service List > Networking > Elastic Load Balance.
                                                                                                                                                                          3. On the Elastic Load Balance page, click the name of the target load balancer.
                                                                                                                                                                          4. Click the Listeners tab, locate the row containing the target listener, and click Edit. If modification protection exists, disable the protection on the basic information page of the listener and try again.
                                                                                                                                                                          5. Enable Transfer Client IP Address.
                                                                                                                                                                          
+
                                                                                                                                                                          1. When creating a LoadBalancer Service on the CCE console, set Service Affinity to Node-level instead of Cluster-level.
                                                                                                                                                                          2. Go to the ELB console and enable the function of obtaining the client IP address of the listener corresponding to the load balancer. Transparent transmission of source IP addresses is enabled for dedicated load balancers by default. You do not need to manually enable this function.
                                                                                                                                                                            1. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                            2. Choose Service List > Networking > Elastic Load Balance.
                                                                                                                                                                            3. On the Elastic Load Balance page, click the name of the target load balancer.
                                                                                                                                                                            4. Click the Listeners tab, locate the row containing the target listener, and click Edit. If modification protection exists, disable the protection on the basic information page of the listener and try again.
                                                                                                                                                                            5. Enable Transfer Client IP Address.
                                                                                                                                                                            
 
                                                                                                                                                                          
 
                                                                                                                                                                          Cloud Native 2.0 Network Model (CCE Turbo Clusters)
                                                                                                                                                                          
 
                                                                                                                                                                          When a LoadBalancer Service associated with a shared load balancer is created:
                                                                                                                                                                          • For workloads with hostNetwork enabled, you can set Service Affinity to Node-level to obtain the source IP addresses.
                                                                                                                                                                          • For other workloads, you cannot set Service Affinity to Node-level, so the source IP addresses cannot be obtained.
                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_0004.html b/docs/cce/umn/cce_bestpractice_0004.html
index cbec7301a..bc02f8066 100644
--- a/docs/cce/umn/cce_bestpractice_0004.html
+++ b/docs/cce/umn/cce_bestpractice_0004.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                          To fully containerize an application, you must go through the entire process.
                                                                                                                                                                          
 
                                                                                                                                                                          This involves analyzing the application, setting up the runtime environment for the application, compiling the startup script and Dockerfile, creating and uploading images, and creating containerized workloads.
                                                                                                                                                                          
 
                                                                                                                                                                          For details about each step of the containerization, see Containerization Process.
                                                                                                                                                                          
-
                                                                                                                                                                          Figure 1 Process of containerizing an application
                                                                                                                                                                          
+
                                                                                                                                                                          Figure 1 Process of containerizing an application
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_0008.html b/docs/cce/umn/cce_bestpractice_0008.html
index 445290280..83e304cc5 100644
--- a/docs/cce/umn/cce_bestpractice_0008.html
+++ b/docs/cce/umn/cce_bestpractice_0008.html
@@ -7,9 +7,9 @@
 
                                                                                                                                                                           
                                                                                                                                                                          Dockerfiles vary according to applications. Dockerfiles need to be compiled based on actual service requirements.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Procedure
                                                                                                                                                                          1. Log in as the root user to the device running Docker.
                                                                                                                                                                          2. Compile a Dockerfile.
                                                                                                                                                                            vi Dockerfile
                                                                                                                                                                            
-
                                                                                                                                                                            The Dockerfile content is as follows: (You can pull CentOS images from the image repository.)
                                                                                                                                                                            
-
                                                                                                                                                                            # CentOS 7 is used as the basic image.
-FROM hub.atomgit.com/amd64/centos:centos7   
+
                                                                                                                                                                            The content is as follows:
                                                                                                                                                                            
+
                                                                                                                                                                            # CentOS 7.1.1503 is used as the base image.
+FROM centos:7.1.1503   
 # Create a folder to store data and dependency files. You are advised to write multiple commands into one line to reduce the image size.
 RUN mkdir -p /usr/local/mongodb/data \   
  && mkdir -p /usr/local/mongodb/bin \ 
diff --git a/docs/cce/umn/cce_bestpractice_0009.html b/docs/cce/umn/cce_bestpractice_0009.html
index f5a009419..d05b41fbe 100644
--- a/docs/cce/umn/cce_bestpractice_0009.html
+++ b/docs/cce/umn/cce_bestpractice_0009.html
@@ -10,7 +10,7 @@
 
                                                                                                                                                                          
 
                                                                                                                                                                          Procedure
                                                                                                                                                                          1. Log in as the root user to the device running Docker.
                                                                                                                                                                          2. Enter the apptest directory.
                                                                                                                                                                            cd apptest
                                                                                                                                                                            
 
                                                                                                                                                                            Ensure that files used to build the image are stored in the same directory.
                                                                                                                                                                            
-
                                                                                                                                                                            
+
                                                                                                                                                                            
 
                                                                                                                                                                          3. Build an image.
                                                                                                                                                                            docker build -t apptest:v1 .
                                                                                                                                                                            
 
                                                                                                                                                                          4. Upload the image to SWR. For details, see Uploading an Image Through the Client.
                                                                                                                                                                          
 
                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_0010.html b/docs/cce/umn/cce_bestpractice_0010.html
index 0f9c6c641..870d4b774 100644
--- a/docs/cce/umn/cce_bestpractice_0010.html
+++ b/docs/cce/umn/cce_bestpractice_0010.html
@@ -24,7 +24,7 @@
 
                                                                                                                                                              		
 
                                                                                                                                                              Create a VPC before you create a cluster. A VPC provides an isolated, configurable, and manageable virtual network environment for CCE clusters.
                                                                                                                                                              
 
                                                                                                                                                              If you have a VPC already, skip to the next task.
                                                                                                                                                              
-
                                                                                                                                                              1. Log in to the management console.
                                                                                                                                                              2. In the service list, choose Networking > Virtual Private Cloud.
                                                                                                                                                              3. On the Dashboard page, click Create VPC.
                                                                                                                                                              4. Follow the instructions to create a VPC. Retain default settings for parameters unless otherwise specified.
                                                                                                                                                              
+
                                                                                                                                                              1. Log in to the management console.
                                                                                                                                                              2. In the service list, choose Networking > Virtual Private Cloud.
                                                                                                                                                              3. On the Dashboard page, click Create VPC.
                                                                                                                                                              4. Follow the instructions to create a VPC. Retain default settings for parameters unless otherwise specified.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              2
                                                                                                                                                              
@@ -38,9 +38,9 @@
 
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                            8. Create a cluster and a node.
                                                                                                                                                              1. Log in to the CCE console. On the Clusters page, click Create Cluster and select the type for the cluster to be created.
                                                                                                                                                                Configure cluster parameters and select the VPC created in 1. 
                                                                                                                                                                
+
                                                                                                                                                              2. Create a cluster and a node.
                                                                                                                                                                1. Log in to the CCE console. On the Clusters page, click Create Cluster and select the type for the cluster to be created.
                                                                                                                                                                  Configure cluster parameters and select the VPC created in 1. 
                                                                                                                                                                  
 
                                                                                                                                                                2. Create a node and select the key pair created in 1 as the login option. 
                                                                                                                                                                
-
                                                                                                                                                              3. Deploy a workload on CCE.
                                                                                                                                                                1. Log in to the CCE console and click the name of the cluster to access the cluster console. In the navigation pane, choose Workloads and click Create Workload.
                                                                                                                                                                2. Configure the following parameters, and retain the default settings for other parameters:
                                                                                                                                                                  • Workload Name: Set it to apptest.
                                                                                                                                                                  • Pods: Set it to 1.
                                                                                                                                                                  
+
                                                                                                                                                                3. Deploy a workload on CCE.
                                                                                                                                                                  1. Log in to the CCE console and click the name of the cluster to access the cluster console. In the navigation pane, choose Workloads and click Create Workload.
                                                                                                                                                                  2. Configure the following parameters, and retain the default settings for other parameters:
                                                                                                                                                                    • Workload Name: Set it to apptest.
                                                                                                                                                                    • Pods: Set it to 1.
                                                                                                                                                                    
 
                                                                                                                                                                  3. In the Container Settings area, select the image uploaded in Building and Uploading an Image.
                                                                                                                                                                  4. In the Container Settings area, choose Environment Variables and add environment variables for interconnecting with the MySQL database. The environment variables are set in the startup script.
                                                                                                                                                                     
                                                                                                                                                                    In this example, interconnection with the MySQL database is implemented through configuring the environment variables. Determine whether to use environment variables based on your service requirements.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
@@ -76,9 +76,9 @@
 
                                                                                                                                                                  5. In the Container Settings area, choose Data Storage and configure cloud storage for persistent data storage.
                                                                                                                                                                     
                                                                                                                                                                    In this example, the MongoDB database is used and persistent data storage is also needed, so you need to configure cloud storage. Determine whether to use cloud storage based on your service requirements.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    The mounted path must be the same as the MongoDB storage path in the Docker startup script. For details, see the startup script. In this example, the path is /usr/local/mongodb/data.
                                                                                                                                                                    
-
                                                                                                                                                                  6. In the Service Settings area, click  to add a service, configure workload access parameters, and click OK.
                                                                                                                                                                     
                                                                                                                                                                    In this example, the application will be accessible from public networks by using an elastic IP address.
                                                                                                                                                                    
+
                                                                                                                                                                  7. In the Service Settings area, click  to add a service, configure workload access parameters, and click OK.
                                                                                                                                                                     
                                                                                                                                                                    In this example, the application will be accessible from public networks by using an elastic IP address.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    • Service Name: name of the application that can be accessed externally. In this example, this parameter is set to apptest.
                                                                                                                                                                    • Service Type: Select NodePort.
                                                                                                                                                                    • Service Affinity
                                                                                                                                                                      • Cluster-level: The IP addresses and access ports of all nodes in a cluster can be used to access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                                                                                                                                                      • Node-level: Only the IP address and access port of the node where the workload is located can be used to access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                                                                                                                                                                      
+
                                                                                                                                                                      • Service Name: name of the application that can be accessed externally. In this example, this parameter is set to apptest.
                                                                                                                                                                      • Service Type: Select NodePort.
                                                                                                                                                                      • Service Affinity
                                                                                                                                                                        • Cluster-level: The IP addresses and access ports of all nodes in a cluster can be used to access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                                                                                                                                                        • Node-level: Only the IP address and access port of the node where the workload is located can be used to access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                                                                                                                                                                        
 
                                                                                                                                                                      • Port
                                                                                                                                                                        • Protocol: Set it to TCP.
                                                                                                                                                                        • Service Port: port for accessing the Service.
                                                                                                                                                                        • Container Port: port that the application will listen on the container. In this example, this parameter is set to 8080.
                                                                                                                                                                        • Node Port: Set it to Auto. The system automatically opens a real port on all nodes in the current cluster and then maps the port number to the container port.
                                                                                                                                                                        
 
                                                                                                                                                                      
 
                                                                                                                                                                    • Click Create Workload.
                                                                                                                                                                      After the workload is created, you can view the running workload in the workload list.
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_0013.html b/docs/cce/umn/cce_bestpractice_0013.html
index 6677214b5..20a37e5c3 100644
--- a/docs/cce/umn/cce_bestpractice_0013.html
+++ b/docs/cce/umn/cce_bestpractice_0013.html
@@ -6,7 +6,7 @@
 
                                                                                                                                                                        
 
                                                                                                                                                                      • Solution Overview
                                                                                                                                                                        
 
                                                                                                                                                                        • 
-
                                                                                                                                                                      • Planning Resources for the Target Cluster
                                                                                                                                                                        
+
                                                                                                                                                                      • Resource Planning for the Target Cluster
                                                                                                                                                                        
 
                                                                                                                                                                        • 
 
                                                                                                                                                                      • Procedure
                                                                                                                                                                        
 
                                                                                                                                                                        • 
diff --git a/docs/cce/umn/cce_bestpractice_0014.html b/docs/cce/umn/cce_bestpractice_0014.html
index 75553bcfb..74a4eea27 100644
--- a/docs/cce/umn/cce_bestpractice_0014.html
+++ b/docs/cce/umn/cce_bestpractice_0014.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                        Planning Resources for the Target Cluster
                                                                                                                                                                        
+
                                                                                                                                                                        Resource Planning for the Target Cluster
                                                                                                                                                                        
 
                                                                                                                                                                        CCE allows you to customize cluster resources to meet various service requirements. Table 1 lists the key performance parameters of a cluster and provides the planned values. You can set the parameters based on your service requirements. It is recommended that the performance configuration be the same as that of the source cluster.
                                                                                                                                                                        
 
                                                                                                                                                                         
                                                                                                                                                                        After a cluster is created, the resource parameters marked with asterisks (*) in Table 1 cannot be modified.
                                                                                                                                                                        
 
                                                                                                                                                                        
@@ -19,7 +19,7 @@
 
 
                                                                                                                                                              9. *Cluster Type
                                                                                                                                                              
 
                                                                                                                                                              • CCE cluster: supports VM nodes. You can run your containers in a secure and stable container runtime environment based on a high-performance network model.
                                                                                                                                                              • CCE Turbo cluster: runs on a cloud native infrastructure that features hardware-software synergy to support passthrough networking, high security and reliability, intelligent scheduling, and BMS nodes.
                                                                                                                                                              
+
                                                                                                                                                              • CCE cluster: supports VM nodes. You can run your containers in a secure and stable container runtime environment based on a high-performance network model.
                                                                                                                                                              • CCE Turbo cluster: runs on a cloud native infrastructure that features software-hardware synergy to support passthrough networking, high security and reliability, and intelligent scheduling, and BMS nodes.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              CCE cluster
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              Node Specifications (vary depending on the actual region)
                                                                                                                                                              
 
                                                                                                                                                              • General-purpose: provides a balance of computing, memory, and network resources. It is a good choice for many applications. General-purpose nodes can be used for web servers, workload development, workload testing, and small-scale databases.
                                                                                                                                                              • Memory-optimized: provides higher memory capacity than general-purpose nodes and is suitable for relational databases, NoSQL, and other workloads that are both memory-intensive and data-intensive.
                                                                                                                                                              • GPU-accelerated: provides powerful floating-point computing and is suitable for real-time, highly concurrent massive computing. Graphical processing units (GPUs) of P series are suitable for deep learning, scientific computing, and CAE. GPUs of G series are suitable for 3D animation rendering and CAD. GPU-accelerated nodes can be added only to clusters of v1.11 or later.
                                                                                                                                                              • General computing-plus: provides stable performance and exclusive resources to enterprise-class workloads with high and stable computing performance.
                                                                                                                                                              • Disk-intensive: supports local disk storage and provides high networking performance. It is designed for workloads requiring high throughput and data switching, such as big data workloads.
                                                                                                                                                              
+
                                                                                                                                                              • General-purpose: provides a balance of computing, memory, and network resources. It is a good choice for many applications. General purpose nodes can be used for web servers, workload development, workload testing, and small-scale databases.
                                                                                                                                                              • Memory-optimized: provides higher memory capacity than general-purpose nodes and is suitable for relational databases, NoSQL, and other workloads that are both memory-intensive and data-intensive.
                                                                                                                                                              • GPU-accelerated: provides powerful floating-point computing and is suitable for real-time, highly concurrent massive computing. Graphical processing units (GPUs) of P series are suitable for deep learning, scientific computing, and CAE. GPUs of G series are suitable for 3D animation rendering and CAD. GPU-accelerated nodes can be added only to clusters of v1.11 or later.
                                                                                                                                                              • General computing-plus: provides stable performance and exclusive resources to enterprise-class workloads with high and stable computing performance.
                                                                                                                                                              • Disk-intensive: supports local disk storage and provides high networking performance. It is designed for workloads requiring high throughput and data switching, such as big data workloads.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              General-purpose (node specifications: 4 vCPUs and 8 GiB memory)
                                                                                                                                                              
                                                                                                                                                               		
 
 
                                                                                                                                                              • Low requirements on performance: As the container tunnel network requires additional VXLAN tunnel encapsulation, it has about 5% to 15% of performance loss when compared with the other two container network models. Therefore, the container tunnel network applies to the scenarios that do not have high performance requirements, such as web applications, and middle-end and back-end services with a small number of access requests.
                                                                                                                                                              • Large-scale networking: Different from the VPC network that is limited by the VPC route quota, the container tunnel network does not have any restriction on the infrastructure. In addition, the container tunnel network controls the broadcast domain to the node level. The container tunnel network supports a maximum of 2000 nodes.
                                                                                                                                                              
 
                                                                                                                                                              • High performance requirements: As no tunnel encapsulation is required, the VPC network model delivers the performance close to that of a VPC network when compared with the container tunnel network model. Therefore, the VPC network model applies to scenarios that have high requirements on performance, such as AI computing and big data computing.
                                                                                                                                                              • Small- and medium-scale networks: Due to the limitation on VPC routing tables, it is recommended that the number of nodes in a cluster be less than or equal to 1000.
                                                                                                                                                              
+
                                                                                                                                                              • High performance requirements: As no tunnel encapsulation is required, the VPC network model delivers the performance close to that of a VPC network when compared with the container tunnel network model. Therefore, the VPC network model applies to scenarios that have high requirements on performance, such as AI computing and big data computing.
                                                                                                                                                              • Small- and medium-scale networks: Due to the limitation on VPC route tables, it is recommended that the number of nodes in a cluster be less than or equal to 1000.
                                                                                                                                                              
 
                                                                                                                                                              • High performance requirements: Cloud Native 2.0 networks use VPC networks to construct container networks, eliminating the need for tunnel encapsulation or NAT when containers communicate. This makes Cloud Native 2.0 networks ideal for scenarios that demand high bandwidth and low latency.
                                                                                                                                                              • Large-scale networking: Cloud Native 2.0 networks support a maximum of 2,000 ECS nodes and 100,000 pods.
                                                                                                                                                              
+
                                                                                                                                                              • High performance requirements: Cloud Native Network 2.0 uses VPC networks to construct container networks, eliminating the need for tunnel encapsulation or NAT when containers communicate. This makes Cloud Native Network 2.0 ideal for scenarios that demand high bandwidth and low latency.
                                                                                                                                                              • Large-scale networking: Cloud Native Network 2.0 supports up to 2,000 ECS nodes and 100,000 pods.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              Core technology
                                                                                                                                                              
@@ -88,8 +88,8 @@
                                                                                                                                                               		
 
                                                                                                                                                              A maximum of 2000 nodes are supported.
                                                                                                                                                              
 
                                                                                                                                                              Suitable for small- and medium-scale networks due to the limitation on VPC routing tables. It is recommended that the number of nodes be less than or equal to 1000.
                                                                                                                                                              
-
                                                                                                                                                              Each time a node is added to the cluster, a route is added to the VPC routing tables. Evaluate the cluster scale that is limited by the VPC routing tables before creating the cluster. 
                                                                                                                                                              
+
                                                                                                                                                              Suitable for small- and medium-scale networks due to the limitation on VPC route tables. It is recommended that the number of nodes be less than or equal to 1000.
                                                                                                                                                              
+
                                                                                                                                                              Each time a node is added to the cluster, a route is added to the VPC route tables. Evaluate the cluster scale that is limited by the VPC route tables before creating the cluster. 
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              A maximum of 2000 nodes are supported.
                                                                                                                                                              
 
                                                                                                                                                              In a cloud-native network 2.0 cluster, containers' IP addresses are assigned from VPC CIDR blocks, and the number of containers supported is restricted by these blocks. Evaluate the cluster's scale limitations before creating it.
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bestpractice_00198.html b/docs/cce/umn/cce_bestpractice_00198.html
index a385d0028..6ee8be5e7 100644
--- a/docs/cce/umn/cce_bestpractice_00198.html
+++ b/docs/cce/umn/cce_bestpractice_00198.html
@@ -49,7 +49,7 @@
 
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              Expanding System Disk Capacity
                                                                                                                                                              EulerOS 2.9 is used as the sample OS. There is only one partition (/dev/vda1) with a capacity of 50 GiB in the system disk /dev/vda, and then 50 GiB is added to the system disk. In this example, the additional 50 GiB is allocated to the existing /dev/vda1 partition.
                                                                                                                                                              
-
                                                                                                                                                              1. Expand the system disk capacity on the EVS console. 
                                                                                                                                                                Only the storage capacity of the EVS disk is expanded. You also need to perform the following steps to expand the partition and file system.
                                                                                                                                                                
+
                                                                                                                                                                1. Expand the system disk capacity on the EVS console. 
                                                                                                                                                                  Only the storage capacity of the EVS disk is expanded. You also need to perform the following operations to expand the partition and file system.
                                                                                                                                                                  
 
                                                                                                                                                                2. Log in to the node and run the growpart command to check whether growpart has been installed.
                                                                                                                                                                  If the tool operation guide is displayed, the growpart has been installed. Otherwise, run the following command to install growpart:
                                                                                                                                                                  
 
                                                                                                                                                                  yum install cloud-utils-growpart
                                                                                                                                                                  
 
                                                                                                                                                                3. Run the following command to view the total capacity of the system disk /dev/vda:
                                                                                                                                                                  fdisk -l
                                                                                                                                                                  
@@ -118,17 +118,17 @@ tmpfs                         tmpfs     1.8G   75M  1.8G   5% /tmp
 /dev/mapper/vgpaas-dockersys  ext4       95G  1.3G   89G   2% /var/lib/docker
 /dev/mapper/vgpaas-kubernetes ext4       11G   39M   10G   1% /mnt/paas/kubernetes/kubelet
 ...
-
                                                                                                                                                                4. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                
+
                                                                                                                                                              2. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Nodes. In the right pane, click the Nodes tab, locate the row containing the target node, and choose More > Sync Server Data in the Operation column.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              Expanding the Container Engine Capacity
                                                                                                                                                              The available container engine space affects image pulls and container startup and running. This section uses containerd as an example to describe how to expand the container engine capacity.
                                                                                                                                                              
-
                                                                                                                                                              1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                Only the storage capacity of the EVS disk is expanded. You also need to perform the following steps to expand the capacity of the logical volume and file system.
                                                                                                                                                                
-
                                                                                                                                                              2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                              3. Log in to the target node.
                                                                                                                                                              4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                
+
                                                                                                                                                                1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                  Only the storage capacity of EVS disks can be expanded. You need to perform the following operations to expand the capacity of logical volumes and file systems.
                                                                                                                                                                  
+
                                                                                                                                                                2. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Nodes. In the right pane, click the Nodes tab, locate the row containing the target node, and choose More > Sync Server Data in the Operation column.
                                                                                                                                                                3. Log in to the target node.
                                                                                                                                                                4. Run lsblk to view the block device information of the node.
                                                                                                                                                                  A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                  
 
                                                                                                                                                                  Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys.
                                                                                                                                                                  
-
                                                                                                                                                                  1. Check the disk and partition sizes of the device.
                                                                                                                                                                    # lsblk
+
                                                                                                                                                                    1. Check the disk and partition space of the device.
                                                                                                                                                                      # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 sda                   8:0    0   50G  0 disk 
 └─sda1                8:1    0   50G  0 part /
-sdb                   8:16   0  150G  0 disk      # The data disk has been expanded to 150 GiB, but 50 GiB space is not allocated.
+sdb                   8:16   0  150G  0 disk      # The data disk has been expanded to 150 GiB, but 50 GiB space is free.
 ├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd
 └─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                      
 
                                                                                                                                                                    2. Expand the disk capacity.
                                                                                                                                                                      Add the new disk capacity to the dockersys logical volume used by the container engine.
                                                                                                                                                                      
@@ -146,7 +146,7 @@ Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                    
 old_desc_blocks = 12, new_desc_blocks = 18
 The filesystem on /dev/vgpaas/dockersys is now 36700160 blocks long.
 
                                                                                                                                                                  
-
                                                                                                                                                                5. Check whether the capacity is expanded.
                                                                                                                                                                  # lsblk
+
                                                                                                                                                                6. Check whether the capacity has been expanded.
                                                                                                                                                                  # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 sda                   8:0    0   50G  0 disk 
 └─sda1                8:1    0   50G  0 part /
@@ -154,22 +154,22 @@ sda                   8:0    0   50G  0 disk
 ├─vgpaas-dockersys  253:0    0   140G  0 lvm  /var/lib/containerd
 └─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                  
 
                                                                                                                                                                
-
                                                                                                                                                                Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                
-
                                                                                                                                                                1. Check the disk and partition sizes of the device.
                                                                                                                                                                  # lsblk
+
                                                                                                                                                                  Device Mapper: A thin pool is allocated to store image data.
                                                                                                                                                                  
+
                                                                                                                                                                  1. Check the disk and partition space of the device.
                                                                                                                                                                    # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
 vdb                                   8:16   0  200G  0 disk 
 ├─vgpaas-dockersys                  253:0    0   18G  0 lvm  /var/lib/docker    
 ├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
-│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm                   # Space used by thinpool
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm                   # Space used by thin pool
 │   ...
 ├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
 │ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
 │   ...
 └─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                    
-
                                                                                                                                                                  2. Expand the disk capacity.
                                                                                                                                                                    Option 1: Add the new disk capacity to the thin pool disk.
                                                                                                                                                                    
-
                                                                                                                                                                    1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where thinpool is located.
                                                                                                                                                                      pvresize /dev/vdb
                                                                                                                                                                      
+
                                                                                                                                                                    2. Expand the disk capacity.
                                                                                                                                                                      Option 1: Add the new disk capacity to the thin pool.
                                                                                                                                                                      
+
                                                                                                                                                                      1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where thin pool is located.
                                                                                                                                                                        pvresize /dev/vdb
                                                                                                                                                                        
 
                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                        
 
                                                                                                                                                                        Physical volume "/dev/vdb" changed
 1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                        
@@ -177,7 +177,7 @@ vda                                   8:0    0   50G  0 disk
 
                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                        
 
                                                                                                                                                                        Size of logical volume vgpaas/thinpool changed from <67.00 GiB (23039 extents) to <167.00 GiB (48639 extents).
 Logical volume vgpaas/thinpool successfully resized.
                                                                                                                                                                        
-
                                                                                                                                                                      2. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                      3. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the thin pool, the capacity is expanded.
                                                                                                                                                                        # lsblk
+
                                                                                                                                                                      4. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                      5. Run the lsblk command to check the disk and partition space of the device and check whether the capacity has been expanded. If the new disk capacity was added to the thin pool, the capacity has been expanded.
                                                                                                                                                                        # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
@@ -205,7 +205,7 @@ Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                        
 
                                                                                                                                                                        Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/docker; on-line resizing required
 old_desc_blocks = 3, new_desc_blocks = 15
 The filesystem on /dev/vgpaas/dockersys is now 30932992 blocks long.
                                                                                                                                                                        
-
                                                                                                                                                                      6. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the dockersys, the capacity is expanded.
                                                                                                                                                                        # lsblk
+
                                                                                                                                                                      7. Run the lsblk command to check the disk and partition space of the device and check whether the capacity has been expanded. If the new disk capacity was added to the dockersys, the capacity has been expanded.
                                                                                                                                                                        # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
@@ -222,9 +222,9 @@ vda                                   8:0    0   50G  0 disk
 
                                                                                                                                                                      
 
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Expanding the kubelet Capacity
                                                                                                                                                                    The kubelet space serves as a temporary storage location for kubelet components and EmptyDir. You can follow the following steps to increase the kubelet capacity:
                                                                                                                                                                    
-
                                                                                                                                                                    1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                      Only the storage capacity of the EVS disk is expanded. You also need to perform the following steps to expand the capacity of the logical volume and file system.
                                                                                                                                                                      
-
                                                                                                                                                                    2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                    3. Log in to the target node.
                                                                                                                                                                    4. Run lsblk to view the block device information of the node.
                                                                                                                                                                      # lsblk
+
                                                                                                                                                                      Expanding the kubelet Capacity
                                                                                                                                                                      The kubelet space serves as a temporary storage location for kubelet components and emptyDir. You can follow the following steps to increase the kubelet capacity:
                                                                                                                                                                      
+
                                                                                                                                                                      1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                        Only the storage capacity of EVS disks can be expanded. You need to perform the following operations to expand the capacity of logical volumes and file systems.
                                                                                                                                                                        
+
                                                                                                                                                                      2. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Nodes. In the right pane, click the Nodes tab, locate the row containing the target node, and choose More > Sync Server Data in the Operation column.
                                                                                                                                                                      3. Log in to the target node.
                                                                                                                                                                      4. Run lsblk to view the block device information of the node.
                                                                                                                                                                        # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 sda                   8:0    0   50G  0 disk 
 └─sda1                8:1    0   50G  0 part /
@@ -257,11 +257,11 @@ sda                   8:0    0   50G  0 disk
 
                                                                                                                                                                        Expanding the Capacity of a Data Disk Used by Pod (basesize)
                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                        2. Choose Nodes from the navigation pane.
                                                                                                                                                                        3. Click the Nodes tab, locate the row containing the target node, and choose More > Reset Node in the Operation column.
                                                                                                                                                                           
                                                                                                                                                                          Resetting a node may make the node-specific resources (such as local storage and workloads scheduled to this node) unavailable. Exercise caution when performing this operation to avoid impact on running services.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                        4. Reconfigure node parameters.
                                                                                                                                                                          If you need to adjust the container storage space, pay attention to the following configurations:
                                                                                                                                                                          
-
                                                                                                                                                                          Storage Settings: Click Expand next to the data disk to set the following parameter:
                                                                                                                                                                          
+
                                                                                                                                                                          Storage Settings: Click Expand next to the data disk to configure the following parameter:
                                                                                                                                                                          
 
                                                                                                                                                                          Space Allocation for Pods: indicates the base size of a pod. It is the maximum size that a workload's pods (including the container images) can grow to in the disk space. Proper settings can prevent pods from taking all the disk space available and avoid service exceptions. It is recommended that the value is less than or equal to 80% of the container engine space. This parameter is related to the node OS and container storage rootfs and is not supported in some scenarios. For details, see Data Disk Space Allocation.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                        5. After the node is reset, log in to the node and check whether the container capacity has been expanded. The command output varies with the container storage rootfs.
                                                                                                                                                                          • Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys. Run the following command to check whether the container capacity has been expanded:
                                                                                                                                                                            docker exec -it container_id /bin/sh or kubectl exec -it container_id /bin/sh
                                                                                                                                                                            
-
                                                                                                                                                                            df -h
                                                                                                                                                                            
+
                                                                                                                                                                          • After the node is reset, log in to the node and check whether the container capacity has been expanded. The command output varies with the container storage rootfs.
                                                                                                                                                                            • Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys. Run the following command to check whether the container capacity has been expanded:
                                                                                                                                                                              kubectl exec -it pod_name -- /bin/sh
+df -h
                                                                                                                                                                              
 
                                                                                                                                                                              If the information similar to the following is displayed, the overlay capacity has been expanded from 10 GiB to 15 GiB.
                                                                                                                                                                              
 
                                                                                                                                                                              Filesystem                    Size   Used   Avail   Use%   Mounted on
 overlay                        15G   104K     15G     1%   /
@@ -269,8 +269,8 @@ tmpfs                          64M      0     64M     0%   /dev
 tmpfs                         3.6G      0    3.6G     0%   /sys/fs/cgroup
 /dev/mapper/vgpaas-share       98G   4.0G     89G     5%   /etc/hosts
 ...
                                                                                                                                                                              
-
                                                                                                                                                                            • Devicemapper: A thin pool is allocated to store image data. Run the following command to check whether the container capacity has been expanded:
                                                                                                                                                                              docker exec -it container_id /bin/sh or kubectl exec -it container_id /bin/sh
                                                                                                                                                                              
-
                                                                                                                                                                              df -h
                                                                                                                                                                              
+
                                                                                                                                                                            • Device Mapper: A thin pool is allocated to store image data. Run the following command to check whether the container capacity has been expanded:
                                                                                                                                                                              kubectl exec -it pod_name -- /bin/sh
+df -h
                                                                                                                                                                              
 
                                                                                                                                                                              If the information similar to the following is displayed, the thin pool capacity has been expanded from 10 GiB to 15 GiB.
                                                                                                                                                                              
 
                                                                                                                                                                              Filesystem                            Size   Used   Avail   Use%   Mounted on
 /dev/mapper/vgpaas-thinpool-snap-84    15G   232M     15G     2%   /
@@ -283,9 +283,11 @@ tmpfs                                 3.6G      0    3.6G     0%   /sys/fs/cgrou
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        Expanding a PVC
                                                                                                                                                                        Cloud storage:
                                                                                                                                                                        
-
                                                                                                                                                                        • OBS and SFS: There is no storage restriction and capacity expansion is not required.
                                                                                                                                                                        • EVS:
                                                                                                                                                                          • You can expand the capacity of automatically created volumes on the console. The procedure is as follows:
                                                                                                                                                                            1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                                                                            2. Enter the capacity to be added and click OK.
                                                                                                                                                                            
+
                                                                                                                                                                            • OBS and SFS: There is no storage restriction and capacity expansion is not required.
                                                                                                                                                                            • EVS:
                                                                                                                                                                              • You can expand the capacity of automatically created volumes on the CCE console. The procedure is as follows:
                                                                                                                                                                                1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                                                                                2. Enter the capacity to be added and click OK.
                                                                                                                                                                                
+
                                                                                                                                                                              
+
                                                                                                                                                                            • SFS Turbo:
                                                                                                                                                                              • If no subdirectory is used, you can expand the capacity on the CCE console.
                                                                                                                                                                              • If a subdirectory is used, the following situations may occur:
                                                                                                                                                                                • If the expanded capacity does not surpass the underlying SFS Turbo file system's capacity, you can increase the PVC capacity on the CCE console.
                                                                                                                                                                                • If the expanded capacity exceeds the underlying SFS Turbo file system's capacity, you can expand the file system capacity on the SFS console first and then adjust the capacity in the PVC on the CCE console.
                                                                                                                                                                                
+
                                                                                                                                                                              
 
                                                                                                                                                                            
-
                                                                                                                                                                          • SFS Turbo: You can expand the capacity on the SFS console and then change the capacity in the PVC.
                                                                                                                                                                          
 
                                                                                                                                                                        
 
                                                                                                                                                                      
 
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_00199.html b/docs/cce/umn/cce_bestpractice_00199.html
index c54ddb056..880a38fdb 100644
--- a/docs/cce/umn/cce_bestpractice_00199.html
+++ b/docs/cce/umn/cce_bestpractice_00199.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                      By linking object storage across accounts, you can share data, lower storage and transmission expenses, and guarantee data security and consistency. This enables various teams or organizations to securely and conveniently access each other's data resources, eliminating the need for repeated storage and redundant transmission. Additionally, data is kept current and compliant, enhancing overall service efficiency and security.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Procedure
                                                                                                                                                                      Assume that account B needs to access and use an OBS bucket of account A. For details, see Figure 1 and Table 1.
                                                                                                                                                                      
-
                                                                                                                                                                      Figure 1 Mounting an OBS bucket across accounts
                                                                                                                                                                      
+
                                                                                                                                                                      Figure 1 Mounting an OBS bucket across accounts
                                                                                                                                                                      
 
 
                                                                                                                                                                      
@@ -347,7 +347,7 @@ obs-deployment-example-6b4dfd7b57-frfxv   1/1     Running             0
 
                                                                                                                                                                      Step 3: Check the Pod Actions on the OBS Bucket
                                                                                                                                                                      Check whether the pod created by account B has the required permissions based on the bucket policy.
                                                                                                                                                                      
-
                                                                                                                                                                      1. Check whether the pod can read and write objects in the OBS bucket created by account A and assume that a test.txt file is present in the OBS bucket.
                                                                                                                                                                        Run the following command to access the created workload. (You can press Ctrl+D to exit the current workload.)
                                                                                                                                                                        kubectl -n default exec -it obs-deployment-example-6b4dfd7b57-frfxv -c container-0 /bin/bash
                                                                                                                                                                        
+
                                                                                                                                                                        1. Check whether the pod can read and write objects in the OBS bucket created by account A and assume that a test.txt file is present in the OBS bucket.
                                                                                                                                                                          Run the following command to access the created workload. (You can press Ctrl+D to exit the current workload.)
                                                                                                                                                                          kubectl -n default exec -it obs-deployment-example-6b4dfd7b57-frfxv -c container-0 -- bash
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Run the following command to check the pod actions on test.txt. /tmp specifies the PVC mount path.
                                                                                                                                                                          
 
                                                                                                                                                                          ls -l /tmp/test.txt
                                                                                                                                                                          
@@ -393,9 +393,9 @@ obs-deployment-example-6b4dfd7b57-frfxv   1/1     Running             0
 
 
                                                                                                                                                                      
-
@@ -414,7 +414,7 @@ obs-deployment-example-6b4dfd7b57-frfxv   1/1     Running             0
 
-
                                                                                                                                                                      Table 1 Process description
                                                                                                                                                                      Procedure
                                                                                                                                                                      
                                                                                                                                                                       		
 
 
                                                                                                                                                                      The PVC is not bound to any PV.
                                                                                                                                                                      
 
                                                                                                                                                                      1. Run the following command to check the PVC status:
                                                                                                                                                                        kubectl get pv
                                                                                                                                                                        
+
                                                                                                                                                                      1. Run the following command to check the PVC status:
                                                                                                                                                                        kubectl get pvc
                                                                                                                                                                        
 
                                                                                                                                                                        If the PVC is in the Pending state, it is not bound to any PV.
                                                                                                                                                                        
-
                                                                                                                                                                      2. Check the PVC details and locate the cause of the binding failure.
                                                                                                                                                                        kubectl describe pv <pv_name>
                                                                                                                                                                        
+
                                                                                                                                                                      3. Check the PVC details and locate the cause of the binding failure.
                                                                                                                                                                        kubectl describe pvc <pvc_name>
                                                                                                                                                                        
 
                                                                                                                                                                      4. Modify the YAML file to rectify the fault if the fault is caused by any of the following reasons:
                                                                                                                                                                        • The PVC is not bound to the proper PV.
                                                                                                                                                                        • The PVC and PV parameters do not match. This includes fsType, StorageClass, accessModes, and storage. The StorageClass must be object storage, and accessModes must be set to ReadWriteMany because OBS buckets only support this mode. Additionally, the storage value requested by the PVC must be equal to or less than the storage value provided by the PV.
                                                                                                                                                                        
 
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      The ConfigMap that stores the OBS endpoint is not present or is incorrectly configured.
                                                                                                                                                                      
 
                                                                                                                                                                      1. Check whether the ConfigMap is present.
                                                                                                                                                                        kubectl get configmap
                                                                                                                                                                        
+
                                                                                                                                                                      1. Check whether the ConfigMap is present.
                                                                                                                                                                        kubectl get configmap -n kube-system
                                                                                                                                                                        
 
                                                                                                                                                                        If it is present, the ConfigMap may be incorrectly configured. If it is not present, you can create one by referring to 1.
                                                                                                                                                                        
 
                                                                                                                                                                      2. Check the ConfigMap parameter configurations. The following shows the common issues:
                                                                                                                                                                        • The name parameter is not set to paas-obs-endpoint.
                                                                                                                                                                        • The namespace parameter is not set to kube-system.
                                                                                                                                                                        • The region name is not set to the region where the OBS bucket is located.
                                                                                                                                                                        
 
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_00221.html b/docs/cce/umn/cce_bestpractice_00221.html
index 2e40fc248..07e9cccc1 100644
--- a/docs/cce/umn/cce_bestpractice_00221.html
+++ b/docs/cce/umn/cce_bestpractice_00221.html
@@ -10,7 +10,7 @@
 
                                                                                                                                                                      Configuration Method
                                                                                                                                                                       
                                                                                                                                                                      In the following example, only pods and Deployments in the test space can be viewed and added, and they cannot be deleted.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      1. Set the service account name to my-sa and namespace to test.
                                                                                                                                                                        kubectl create sa my-sa -n test
                                                                                                                                                                        
-
                                                                                                                                                                        
+
                                                                                                                                                                        
 
                                                                                                                                                                      2. Configure the role table and assign operation permissions to different resources.
                                                                                                                                                                        vi role-test.yaml
                                                                                                                                                                        
 
                                                                                                                                                                        The content is as follows:
                                                                                                                                                                         
                                                                                                                                                                        In this example, the permission rules include the read-only permission (get/list/watch) of pods in the test namespace, and the read (get/list/watch) and create permissions of deployments.
                                                                                                                                                                        
 
                                                                                                                                                                        
@@ -45,7 +45,7 @@ rules:
 
                                                                                                                                                                        
 
                                                                                                                                                                        Create a Role.
                                                                                                                                                                        
 
                                                                                                                                                                        kubectl create -f role-test.yaml
                                                                                                                                                                        
-
                                                                                                                                                                        
+
                                                                                                                                                                        
 
                                                                                                                                                                      3. Create a RoleBinding and bind the service account to the role so that the user can obtain the corresponding permissions.
                                                                                                                                                                        vi myrolebinding.yaml
                                                                                                                                                                        
 
                                                                                                                                                                        The content is as follows:
                                                                                                                                                                        apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -63,7 +63,7 @@ subjects:
 
                                                                                                                                                                        
 
                                                                                                                                                                        Create a RoleBinding.
                                                                                                                                                                        
 
                                                                                                                                                                        kubectl create -f myrolebinding.yaml
                                                                                                                                                                        
-
                                                                                                                                                                        
+
                                                                                                                                                                        
 
                                                                                                                                                                        The user information is configured. Now perform 5 to 7 to write the user information to the configuration file.
                                                                                                                                                                        
 
                                                                                                                                                                      4. Manually create a token that is valid for a long time for ServiceAccount.
                                                                                                                                                                        vi my-sa-token.yaml
                                                                                                                                                                        
 
                                                                                                                                                                        The content is as follows:
                                                                                                                                                                        apiVersion: v1
@@ -82,7 +82,7 @@ type: kubernetes.io/service-account-token
                                                                                                                                                                        
 
                                                                                                                                                                        1. Set a cluster access mode. test-arm specifies the cluster to be accessed. https://192.168.0.110:5443 specifies the apiserver IP address of the cluster. /home/test.config specifies the path for storing the configuration file.
                                                                                                                                                                          • If the internal API server address is used, run the following command:
                                                                                                                                                                            kubectl config set-cluster test-arm --server=https://192.168.0.110:5443  --certificate-authority=/home/ca.crt  --embed-certs=true --kubeconfig=/home/test.config
                                                                                                                                                                            
 
                                                                                                                                                                          • If the public API server address is used, run the following command:
                                                                                                                                                                            kubectl config set-cluster test-arm --server=https://192.168.0.110:5443 --kubeconfig=/home/test.config --insecure-skip-tls-verify=true
                                                                                                                                                                            
 
                                                                                                                                                                          
-
                                                                                                                                                                          
+
                                                                                                                                                                          
 
                                                                                                                                                                        
 
                                                                                                                                                                         
                                                                                                                                                                        If you perform operations on a node in the cluster or the node that uses the configuration is a cluster node, do not set the path of kubeconfig to /root/.kube/config.
                                                                                                                                                                        
 
                                                                                                                                                                        
@@ -91,18 +91,18 @@ type: kubernetes.io/service-account-token
 
                                                                                                                                                                        token=$(kubectl describe secret my-sa-token-secret -n test | awk '/token:/{print $2}')
                                                                                                                                                                        
 
                                                                                                                                                                        1. Set the cluster user ui-admin.
                                                                                                                                                                        
 
                                                                                                                                                                        kubectl config set-credentials ui-admin --token=$token --kubeconfig=/home/test.config
                                                                                                                                                                        
-
                                                                                                                                                                        
+
                                                                                                                                                                        
 
                                                                                                                                                                      5. Configure the context information for cluster authentication access. ui-admin@test specifies the context name.
                                                                                                                                                                        kubectl config set-context ui-admin@test --cluster=test-arm --user=ui-admin --kubeconfig=/home/test.config
                                                                                                                                                                        
-
                                                                                                                                                                        
+
                                                                                                                                                                        
 
                                                                                                                                                                      6. Configure the context. For details about how to use the context, see Verification.
                                                                                                                                                                        kubectl config use-context ui-admin@test --kubeconfig=/home/test.config
                                                                                                                                                                        
-
                                                                                                                                                                        
+
                                                                                                                                                                        
 
                                                                                                                                                                         
                                                                                                                                                                        If you want to assign other users the above permissions to perform operations on the cluster, provide the generated configuration file /home/test.config to the user after performing step 7. The user must ensure that the host can access the API server address of the cluster. When performing step 8 on the host and using kubectl, the user must set the kubeconfig parameter to the path of the configuration file.
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Verification
                                                                                                                                                                      1. Pods in the test namespace cannot access pods in other namespaces.
                                                                                                                                                                        kubectl get pod -n test --kubeconfig=/home/test.config
                                                                                                                                                                        
-
                                                                                                                                                                        
-
                                                                                                                                                                      2. Pods in the test namespace cannot be deleted.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      3. Pods in the test namespace cannot be deleted.
                                                                                                                                                                        
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Further Readings
                                                                                                                                                                      For more information about users and identity authentication in Kubernetes, see Authenticating.
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_00222.html b/docs/cce/umn/cce_bestpractice_00222.html
index 17fffe14e..52d1b5a24 100644
--- a/docs/cce/umn/cce_bestpractice_00222.html
+++ b/docs/cce/umn/cce_bestpractice_00222.html
@@ -6,7 +6,7 @@
 
                                                                                                                                                                      
 
                                                                                                                                                                      Application Scenarios
                                                                                                                                                                      • If your application needs to provide Services for users who use IPv6 clients, you can use IPv6 EIPs or the IPv4 and IPv6 dual-stack function.
                                                                                                                                                                      • If your application needs to both provide Services for users who use IPv6 clients and analyze the access request data, you can use only the IPv4 and IPv6 dual-stack function.
                                                                                                                                                                      • If internal communication is required between your application systems or between your application system and another system (such as the database system), you can use only the IPv4 and IPv6 dual-stack function.
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                      Constraints
                                                                                                                                                                      • Clusters that support IPv4/IPv6 dual-stack:
+
                                                                                                                                                                        Notes and Constraints
                                                                                                                                                                        • Clusters that support IPv4/IPv6 dual-stack:
 
                                                                                                                                                                          
-
-
@@ -110,43 +111,46 @@ metadata:
 
-
-
-
-
-
-
-
+
-
-
-
+
-
-
-
+
-
@@ -155,43 +159,53 @@ metadata:
 
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
@@ -200,42 +214,64 @@ metadata:
 
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
+
+
+
+
+
@@ -244,20 +280,51 @@ metadata:
 
-
-
-
+
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -265,7 +332,7 @@ metadata:
 
-
                                                                                                                                                                          Custom Storage Classes
                                                                                                                                                                          You can customize a high I/O storage class in a YAML file. For example, the name csi-disk-sas indicates that the disk type is SAS (high I/O).
                                                                                                                                                                          
+
                                                                                                                                                                          Custom Storage Classes
                                                                                                                                                                          You can customize a high I/O storage class in a YAML file. For example, the name csi-disk-sas indicates that the disk type is SAS (high I/O).
                                                                                                                                                                          
 
                                                                                                                                                                          apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
@@ -376,29 +443,39 @@ csi-nas                  everest-csi-provisioner         17d
 csi-obs                  everest-csi-provisioner         17d
 csi-sfsturbo             everest-csi-provisioner         17d
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Verification
                                                                                                                                                                          • Use csi-disk-sas to create a PVC.
                                                                                                                                                                            apiVersion: v1
+
                                                                                                                                                                            Verification
                                                                                                                                                                            When creating a PVC, you have the following configuration methods:
                                                                                                                                                                            
+
                                                                                                                                                                            • Specify a storage class explicitly.
                                                                                                                                                                            • Use the default storage class set up in the cluster if you do not specify a storage class.
                                                                                                                                                                            
+
                                                                                                                                                                            Below are the steps to check the results of both configuration methods.
                                                                                                                                                                            
+
                                                                                                                                                                            The following steps are used to verify whether the storage class csi-disk-sas defined in Custom Storage Classes can be used to create a PVC.
                                                                                                                                                                            
+
                                                                                                                                                                            1. Create a YAML file named sas-disk.yaml. You can change the file name as needed. This file uses csi-disk-sas to create a PVC.
                                                                                                                                                                              vim sas-disk.yaml
                                                                                                                                                                              
+
                                                                                                                                                                              The file content is as follows:
                                                                                                                                                                              apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name:  sas-disk
+  name: sas-disk
 spec:
   accessModes:
   - ReadWriteOnce
   resources:
     requests:
       storage: 10Gi
-  storageClassName: csi-disk-sas
                                                                                                                                                                              
-
                                                                                                                                                                              Create a storage class and view its details. As shown below, the object can be created and the value of STORAGECLASS is csi-disk-sas.
                                                                                                                                                                              
-
                                                                                                                                                                              # kubectl create -f sas-disk.yaml 
-persistentvolumeclaim/sas-disk created
-# kubectl get pvc
-NAME       STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
-sas-disk   Bound    pvc-6e2f37f9-7346-4419-82f7-b42e79f7964c   10Gi       RWO            csi-disk-sas   24s
-# kubectl get pv
-NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM                     STORAGECLASS   REASON   AGE
-pvc-6e2f37f9-7346-4419-82f7-b42e79f7964c   10Gi       RWO            Delete           Bound       default/sas-disk          csi-disk-sas            30s
                                                                                                                                                                              
-
                                                                                                                                                                              View the PVC details on the CCE console. On the PV details page, you can see that the disk type is high I/O.
                                                                                                                                                                              
-
                                                                                                                                                                              
-
                                                                                                                                                                            2. If storageClassName is not specified, the default configuration is used, as shown below.
                                                                                                                                                                              apiVersion: v1
+  storageClassName: csi-disk-sas
                                                                                                                                                                              
+
                                                                                                                                                                            
+
                                                                                                                                                                          • Create a PVC.
                                                                                                                                                                            kubectl create -f sas-disk.yaml 
                                                                                                                                                                            
+
                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                            
+
                                                                                                                                                                            persistentvolumeclaim/sas-disk created
                                                                                                                                                                            
+
                                                                                                                                                                          • Check the PVC information.
                                                                                                                                                                            kubectl get pvc
                                                                                                                                                                            
+
                                                                                                                                                                            If information similar to the following is displayed, a PV has been associated with the PVC and the storage class is csi-disk-sas.
                                                                                                                                                                            
+
                                                                                                                                                                            NAME       STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
+sas-disk   Bound    pvc-6e2f37f9-7346-4419-82f7-b42e79f7964c   10Gi       RWO            csi-disk-sas   24s
                                                                                                                                                                            
+
                                                                                                                                                                          • Check the PV information.
                                                                                                                                                                            kubectl get pv
                                                                                                                                                                            
+
                                                                                                                                                                            If information similar to the following is displayed, the PV has been automatically created.
                                                                                                                                                                            
+
                                                                                                                                                                            NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM                     STORAGECLASS   REASON   AGE
+pvc-6e2f37f9-7346-4419-82f7-b42e79f7964c   10Gi       RWO            Delete           Bound       default/sas-disk          csi-disk-sas            30s
                                                                                                                                                                            
+
                                                                                                                                                                            The result shows that the custom storage class csi-disk-sas can be used properly.
                                                                                                                                                                            
+
                                                                                                                                                                            • 
+
                                                                                                                                                                            The following steps are used to verify whether a PVC can be created without specifying a storage class.
                                                                                                                                                                            
+
                                                                                                                                                                            1. Create a YAML file named sas-disk.yaml. You can change the file name as needed. When the file is used to create a PVC, no storage class is specified.
                                                                                                                                                                              vim sas-disk.yaml
                                                                                                                                                                              
+
                                                                                                                                                                              The file content is as follows:
                                                                                                                                                                              apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name:  ssd-disk
@@ -408,20 +485,22 @@ spec:
   resources:
     requests:
       storage: 10Gi
                                                                                                                                                                              
-
                                                                                                                                                                              Create and view the storage resource. You can see that the storage class of PVC ssd-disk is csi-disk-ssd, indicating that csi-disk-ssd is used by default.
                                                                                                                                                                              
-
                                                                                                                                                                              # kubectl create -f ssd-disk.yaml 
-persistentvolumeclaim/ssd-disk created
-# kubectl get pvc
-NAME       STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
+
                                                                                                                                                                              
+
                                                                                                                                                                            2. Create a PVC.
                                                                                                                                                                              kubectl create -f sas-disk.yaml 
                                                                                                                                                                              
+
                                                                                                                                                                              Information similar to the following is displayed:
                                                                                                                                                                              
+
                                                                                                                                                                              persistentvolumeclaim/sas-disk created
                                                                                                                                                                              
+
                                                                                                                                                                            3. Check the PVC information.
                                                                                                                                                                              kubectl get pvc
                                                                                                                                                                              
+
                                                                                                                                                                              If information similar to the following is displayed, a PV has been bound to the PVC and the default storage class of the EVS disk is used.
                                                                                                                                                                              
+
                                                                                                                                                                              NAME       STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
 sas-disk   Bound    pvc-6e2f37f9-7346-4419-82f7-b42e79f7964c   10Gi       RWO            csi-disk-sas   16m
-ssd-disk   Bound    pvc-4d2b059c-0d6c-44af-9994-f74d01c78731   10Gi       RWO            csi-disk-ssd   10s
-# kubectl get pv
-NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM                     STORAGECLASS   REASON   AGE
+ssd-disk   Bound    pvc-4d2b059c-0d6c-44af-9994-f74d01c78731   10Gi       RWO            csi-disk-ssd   10s
                                                                                                                                                                              
+
                                                                                                                                                                            4. Check the PV information.
                                                                                                                                                                              kubectl get pv
                                                                                                                                                                              
+
                                                                                                                                                                              If information similar to the following is displayed, the PV has been automatically created and the default storage class of the EVS disk is used.
                                                                                                                                                                              
+
                                                                                                                                                                              NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM                     STORAGECLASS   REASON   AGE
 pvc-4d2b059c-0d6c-44af-9994-f74d01c78731   10Gi       RWO            Delete           Bound       default/ssd-disk          csi-disk-ssd            15s
-pvc-6e2f37f9-7346-4419-82f7-b42e79f7964c   10Gi       RWO            Delete           Bound       default/sas-disk          csi-disk-sas            17m
                                                                                                                                                                              
-
                                                                                                                                                                              View the PVC details on the CCE console. On the PV details page, you can see that the disk type is ultra-high I/O.
                                                                                                                                                                              
-
                                                                                                                                                                              
-
                                                                                                                                                                          
+pvc-6e2f37f9-7346-4419-82f7-b42e79f7964c   10Gi       RWO            Delete           Bound       default/sas-disk          csi-disk-sas            17m
+
                                                                                                                                                                          The result shows that if no storage class is specified, the system will automatically use the default storage class.
                                                                                                                                                                          
+
                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_00282.html b/docs/cce/umn/cce_bestpractice_00282.html
index f578e162f..a7d1b5df4 100644
--- a/docs/cce/umn/cce_bestpractice_00282.html
+++ b/docs/cce/umn/cce_bestpractice_00282.html
@@ -2,11 +2,11 @@
 
 
                                                                                                                                                                          Using HPA and CA for Auto Scaling of Workloads and Nodes
                                                                                                                                                                          
 
                                                                                                                                                                          Application Scenarios
                                                                                                                                                                          The best way to handle surging traffic is to automatically adjust the number of machines based on the traffic volume or resource usage, which is called scaling.
                                                                                                                                                                          
-
                                                                                                                                                                          When deploying applications in pods, you can configure requested resources and resource limits for the pods to prevent unlimited usage of resources during peak hours. However, after the upper limit is reached, an application error may occur. Pod scaling can effectively resolve this issue. If the resource usage on the node increases to a certain extent, newly added pods cannot be scheduled to this node. In this case, CCE will add nodes accordingly.
                                                                                                                                                                          
+
                                                                                                                                                                          To prevent pods from using up node resources without limit during peak hours, it is a common practice to specify request and limit values for pods before deploying an application. However, this approach may encounter a resource bottleneck as an application exception may occur once the upper limit of resource usage is reached. To address this problem, you can scale the pods in or out to distribute the workload. If the node resource usage reaches its upper limit after pods are added and new pods cannot be scheduled, you can scale the nodes in or out depending on the node resource usage.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Solution
                                                                                                                                                                          Two major auto scaling policies are HPA (Horizontal Pod Autoscaling) and CA (Cluster AutoScaling). HPA is for workload auto scaling and CA is for node auto scaling.
                                                                                                                                                                          
 
                                                                                                                                                                          HPA and CA work with each other. HPA requires sufficient cluster resources for successful scaling. When the cluster resources are insufficient, CA is needed to add nodes. If HPA reduces workloads, the cluster will have a large number of idle resources. In this case, CA needs to release nodes to avoid resource waste.
                                                                                                                                                                          
-
                                                                                                                                                                          As shown in Figure 1, HPA performs scale-out based on the monitoring metrics. When cluster resources are insufficient, newly created pods are in Pending state. CA then checks these pending pods and selects the most appropriate node pool based on the configured scaling policy to scale out the node pool. 
                                                                                                                                                                          Figure 1 HPA and CA working flows
                                                                                                                                                                          
+
                                                                                                                                                                          As shown in Figure 1, HPA performs scale-out based on the monitoring metrics. When cluster resources are insufficient, newly created pods are in Pending state. CA then checks these pending pods and selects the most appropriate node pool based on the configured scaling policy to scale out the node pool. 
                                                                                                                                                                          Figure 1 HPA and CA working flows
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Using HPA and CA enables automatic scaling for most scenarios while also providing monitoring capabilities.
                                                                                                                                                                          
 
                                                                                                                                                                          This section uses an example to describe the auto scaling process using HPA and CA policies together.
                                                                                                                                                                          
@@ -29,7 +29,7 @@ RUN chmod a+rx index.php
 
                                                                                                                                                                          
 
                                                                                                                                                                        • Run the following command to build an image named hpa-example with the tag latest.
                                                                                                                                                                          docker build -t hpa-example:latest .
                                                                                                                                                                          
 
                                                                                                                                                                        • (Optional) Log in to the SWR console, choose Organizations in the navigation pane, and click Create Organization in the upper right corner.
                                                                                                                                                                          Skip this step if you already have an organization.
                                                                                                                                                                          
-
                                                                                                                                                                        • In the navigation pane, choose My Images and then click Upload Through Client. On the page displayed, click Generate a temporary login command and click  to copy the command.
                                                                                                                                                                        • Run the login command copied in the previous step on the cluster node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                                                                                                        • Tag the hpa-example image.
                                                                                                                                                                          docker tag {Image name 1:Tag 1}/{Image repository address}/{Organization name}/{Image name 2:Tag 2}
                                                                                                                                                                          
+
                                                                                                                                                                        • In the navigation pane, choose My Images and then click Upload Through Client. On the page displayed, click Generate a temporary login command and click  to copy the command.
                                                                                                                                                                        • Run the login command copied in the previous step on the cluster node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                                                                                                        • Tag the hpa-example image.
                                                                                                                                                                          docker tag {Image name 1:Tag 1}/{Image repository address}/{Organization name}/{Image name 2:Tag 2}
                                                                                                                                                                          
 
                                                                                                                                                                          • {Image name 1:Tag 1}: name and tag of the local image to be uploaded.
                                                                                                                                                                          • {Image repository address}: the domain name at the end of the login command in login command. It can be obtained on the SWR console.
                                                                                                                                                                          • {Organization name}: name of the created organization.
                                                                                                                                                                          • {Image name 2:Tag 2}: desired image name and tag to be displayed on the SWR console.
                                                                                                                                                                          
 
                                                                                                                                                                          The following is an example:
                                                                                                                                                                          
 
                                                                                                                                                                          docker tag hpa-example:latest swr.eu-de.otc.t-systems.com/group/hpa-example:latest
                                                                                                                                                                          
@@ -46,8 +46,8 @@ latest: digest: sha256:eb7e3bbd*** size: **
 
                                                                                                                                                                          • 
 
                                                                                                                                                                          
 
                                                                                                                                                                          Creating a Node Pool and a Node Scaling Policy
                                                                                                                                                                          1. Log in to the CCE console, access the created cluster, click Nodes on the left, click the Node Pools tab, and click Create Node Pool in the upper right corner.
                                                                                                                                                                          2. Configure the node pool.
                                                                                                                                                                            • Node Type: Select a node type.
                                                                                                                                                                            • Specifications: 2 vCPUs | 4 GiB
                                                                                                                                                                            
-
                                                                                                                                                                            Retain the defaults for other parameters. For details, see Creating a Node Pool.
                                                                                                                                                                            
-
                                                                                                                                                                          3. Locate the row containing the newly created node pool and click Auto Scaling in the upper right corner. For details, see Creating a Node Scaling Policy.
                                                                                                                                                                            If the CCE Cluster Autoscaler add-on is not installed in the cluster, install it first. For details, see autoscaler.
                                                                                                                                                                            • Customize scale-out rules.: Click Add Rule. In the dialog box displayed, configure parameters. If the CPU allocation rate is greater than 70%, a node is added to each associated node pool. A node scaling policy needs to be associated with a node pool. Multiple node pools can be associated. When you need to scale nodes, node with proper specifications will be added or reduced from the node pool based on the minimum waste principle.
                                                                                                                                                                            • Nodes: Modify the node quantity range. The number of nodes in a node pool will always be within the range during auto scaling.
                                                                                                                                                                            • Cooldown Period: a period during which the nodes added in the current node pool cannot be scaled in
                                                                                                                                                                            
+
                                                                                                                                                                            Retain the default values for other parameters. For details, see Creating a Node Pool.
                                                                                                                                                                            
+
                                                                                                                                                                          4. Locate the row containing the newly created node pool and click Auto Scaling in the upper right corner. For details, see Creating a Node Scaling Policy.
                                                                                                                                                                            If the CCE Cluster Autoscaler add-on is not installed in the cluster, install it first. For details, see autoscaler.
                                                                                                                                                                            • Customize scale-out rules.: Click Add Rule. In the dialog box displayed, configure parameters. If the CPU allocation rate is greater than 70%, a node is added to each associated node pool. A node scaling policy needs to be associated with a node pool. Multiple node pools can be associated. When you need to scale nodes, node with proper specifications will be added or reduced from the node pool based on the minimum waste principle.
                                                                                                                                                                            • Nodes: Modify the node quantity range. The number of nodes in a node pool will always be within the range during auto scaling.
                                                                                                                                                                            • Cooldown Period: a period during which the nodes added in the current node pool cannot be scaled in
                                                                                                                                                                            • Specifications: Configure whether to enable auto scaling for node flavors in a node pool.
                                                                                                                                                                            
 
                                                                                                                                                                            
 
                                                                                                                                                                          5. Click OK.
                                                                                                                                                                          
 
                                                                                                                                                                          
@@ -119,7 +119,7 @@ spec:
           averageUtilization: 50
 
                                                                                                                                                                          Configure the parameters as follows if you are using the console.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          
+
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Observing the Auto Scaling Process
                                                                                                                                                                          1. Check the cluster node status. In the following example, there are two nodes.
                                                                                                                                                                            # kubectl get node
 NAME            STATUS   ROLES    AGE     VERSION
@@ -210,7 +210,7 @@ Events:
   Normal  SuccessfulRescale  6m45s  horizontal-pod-autoscaler  New size: 3; reason: All metrics below target
   Normal  SuccessfulRescale  90s    horizontal-pod-autoscaler  New size: 1; reason: All metrics below target
                                                                                                                                                                            
 
                                                                                                                                                                            You can also view the HPA policy execution history on the console. Wait until the one node is reduced.
                                                                                                                                                                            
-
                                                                                                                                                                            The reason why the other two nodes in the node pool are not reduced is that they both have pods in the kube-system namespace (and these pods are not created by DaemonSets). For details, see Node Scaling Mechanisms.
                                                                                                                                                                            
+
                                                                                                                                                                            The reason why the other two nodes in the node pool are not reduced is that they both have pods in the kube-system namespace, and these pods are not created by DaemonSets. For details about the conditions in which nodes will not be removed, see Node Scaling Mechanisms.
                                                                                                                                                                            
 
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Summary
                                                                                                                                                                          By using HPA and CA, auto scaling can be effortlessly implemented in various scenarios. Additionally, the scaling process of nodes and pods can be conveniently tracked.
                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_00284.html b/docs/cce/umn/cce_bestpractice_00284.html
index 8a5149668..b396a29cd 100644
--- a/docs/cce/umn/cce_bestpractice_00284.html
+++ b/docs/cce/umn/cce_bestpractice_00284.html
@@ -2,10 +2,10 @@
 
 
                                                                                                                                                                          Scheduling EVS Disks Across AZs Using csi-disk-topology
                                                                                                                                                                          
 
                                                                                                                                                                          Background
                                                                                                                                                                          EVS disks cannot be attached to a node deployed in another AZ. For example, the EVS disks in AZ 1 cannot be attached to a node in AZ 2. If the storage class csi-disk is used for StatefulSets, when a StatefulSet is scheduled, a PVC and a PV are created immediately (an EVS disk is created along with the PV), and then the PVC is bound to the PV. However, when the cluster nodes are located in multiple AZs, the EVS disk created by the PVC and the node to which the pods are scheduled may be in different AZs. As a result, the pods fail to be scheduled.
                                                                                                                                                                          
-
                                                                                                                                                                          
+
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Solution
                                                                                                                                                                          CCE provides a storage class named csi-disk-topology, which is a late-binding EVS disk type. When you use this storage class to create a PVC, no PV will be created in pace with the PVC. Instead, the PV is created in the AZ of the node where the pod will be scheduled. An EVS disk is then created in the same AZ to ensure that the EVS disk can be attached and the pod can be successfully scheduled.
                                                                                                                                                                          
-
                                                                                                                                                                          
+
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Failed Pod Scheduling Due to csi-disk Used in Cross-AZ Node Deployment
                                                                                                                                                                          Create a cluster with three nodes in different AZs.
                                                                                                                                                                          
 
                                                                                                                                                                          Use the csi-disk storage class to create a StatefulSet and check whether the workload is successfully created.
                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_0050.html b/docs/cce/umn/cce_bestpractice_0050.html
index f57946ad9..7dec0cdbc 100644
--- a/docs/cce/umn/cce_bestpractice_0050.html
+++ b/docs/cce/umn/cce_bestpractice_0050.html
@@ -9,7 +9,7 @@
 
 
                                                                                                                                                                        • Creating an IPv4/IPv6 Dual-Stack Cluster in CCE
                                                                                                                                                                          
 
                                                                                                                                                                          • 
-
                                                                                                                                                                        • Executing the Pre- or Post-installation Commands During Node Creation
                                                                                                                                                                          
+
                                                                                                                                                                        • Executing the Pre- or Post-installation Commands During Node Creation
                                                                                                                                                                          
 
                                                                                                                                                                          • 
 
                                                                                                                                                                        • Connecting to Multiple Clusters Using kubectl
                                                                                                                                                                          
 
                                                                                                                                                                          • 
diff --git a/docs/cce/umn/cce_bestpractice_0052.html b/docs/cce/umn/cce_bestpractice_0052.html
index 22b82ddd8..a10a9e211 100644
--- a/docs/cce/umn/cce_bestpractice_0052.html
+++ b/docs/cce/umn/cce_bestpractice_0052.html
@@ -17,7 +17,7 @@
 
 
                                                                                                                                                                        • Pre-Binding Container ENI for CCE Turbo Clusters
                                                                                                                                                                          
 
                                                                                                                                                                          • 
-
                                                                                                                                                                        • Accessing an IP Address Outside a Cluster That Uses a VPC Network Using Source Pod IP Addresses in the Cluster
                                                                                                                                                                          
+
                                                                                                                                                                        • Accessing an IP Address Outside of a Cluster That Uses a VPC Network by Using Source Pod IP Addresses Within the Cluster
                                                                                                                                                                          
 
                                                                                                                                                                          • 
 
 
diff --git a/docs/cce/umn/cce_bestpractice_0053.html b/docs/cce/umn/cce_bestpractice_0053.html
index 3a2f673c4..3575cb33e 100644
--- a/docs/cce/umn/cce_bestpractice_0053.html
+++ b/docs/cce/umn/cce_bestpractice_0053.html
@@ -8,7 +8,7 @@
 
 
                                                                                                                                                                        • Mounting Object Storage Across Accounts
                                                                                                                                                                          
 
                                                                                                                                                                          • 
-
                                                                                                                                                                        • Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
                                                                                                                                                                          
+
                                                                                                                                                                        • Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
                                                                                                                                                                          
 
                                                                                                                                                                          • 
 
                                                                                                                                                                        • Changing the Storage Class Used by a Cluster of v1.15 from FlexVolume to CSI Everest
                                                                                                                                                                          
 
                                                                                                                                                                          • 
diff --git a/docs/cce/umn/cce_bestpractice_0055.html b/docs/cce/umn/cce_bestpractice_0055.html
index 4e263d7a3..57447ec7b 100644
--- a/docs/cce/umn/cce_bestpractice_0055.html
+++ b/docs/cce/umn/cce_bestpractice_0055.html
@@ -6,7 +6,7 @@
 
 
diff --git a/docs/cce/umn/cce_bestpractice_0107.html b/docs/cce/umn/cce_bestpractice_0107.html
index c344a529b..499790f1b 100644
--- a/docs/cce/umn/cce_bestpractice_0107.html
+++ b/docs/cce/umn/cce_bestpractice_0107.html
@@ -549,7 +549,7 @@ spec:
 
                                                                                                                                                                           
                                                                                                                                                                          Replace the example file name pvc-example.yaml in the preceding commands with the names of the YAML files configured in 2 and 3.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                        • Run the kubectl edit command to edit the StatefulSet and use the newly created PVC.
                                                                                                                                                                          kubectl edit sts sts-example -n xxx
                                                                                                                                                                          
-
                                                                                                                                                                          
+
                                                                                                                                                                          
 
                                                                                                                                                                           
                                                                                                                                                                          Replace sts-example in the preceding command with the actual name of the StatefulSet to upgrade. xxx indicates the namespace to which the StatefulSet belongs.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                        • Wait until the pods are running.
                                                                                                                                                                          • 
@@ -565,7 +565,7 @@ spec:
 
                                                                                                                                                                        • Change the number of pods back to the original value and wait until the pods are running.
                                                                                                                                                                          • 
 
                                                                                                                                                                           
                                                                                                                                                                          The dynamic allocation of storage for StatefulSets is achieved by using volumeClaimTemplates. This field cannot be modified by Kubernetes. Therefore, data cannot be migrated by using a new PVC.
                                                                                                                                                                          
 
                                                                                                                                                                          The PVC naming rule of the volumeClaimTemplates is fixed. When a PVC that meets the naming rule exists, this PVC is used.
                                                                                                                                                                          
-
                                                                                                                                                                          Therefore, disassociate the original PVC first, and then create a PVC with the same name in the CSI format.
                                                                                                                                                                          
+
                                                                                                                                                                          Therefore, disassociate the original PVC first and then create a PVC with the same name in the CSI format.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          6. (Optional) Recreate the stateful application to ensure that a CSI PVC is used when the application is scaled out. Otherwise, FlexVolume PVCs are used in scaling out.
                                                                                                                                                                          
 
                                                                                                                                                                          • Run the following command to obtain the YAML file of the StatefulSet:
                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_0300.html b/docs/cce/umn/cce_bestpractice_0300.html
index f9fbb7bef..5f818282d 100644
--- a/docs/cce/umn/cce_bestpractice_0300.html
+++ b/docs/cce/umn/cce_bestpractice_0300.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                          Performing Cluster Namespace RBAC
                                                                                                                                                                          
+
                                                                                                                                                                          Performing RBAC Authentication on a Namespace Using kubectl Commands
                                                                                                                                                                          
 
                                                                                                                                                                          Background
                                                                                                                                                                          CCE permissions are classified into cluster permissions and namespace permissions. Namespace permissions are based on Kubernetes RBAC and can be used to grant permissions on resources in clusters and namespaces.
                                                                                                                                                                          
 
                                                                                                                                                                          Currently, the CCE console provides four types of namespace-level ClusterRole permissions by default: cluster-admin, admin, edit, and view. However, these permissions apply to resources in the namespace regardless of resource types (pods, Deployments, and Services).
                                                                                                                                                                          
 
                                                                                                                                                                          
@@ -13,14 +13,14 @@
 
                                                                                                                                                                          
 
                                                                                                                                                                          Prerequisites
                                                                                                                                                                          RBAC is supported only on clusters of v1.11.7-r2 or later.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Creating an IAM User and User Group
                                                                                                                                                                          Log in to the IAM console and create an IAM user named user-example and a user group named cce-role-group. For details about how to create an IAM user and user group, see Creating a User and Adding the User to a User Group and Creating a User Group and Assigning Permissions.
                                                                                                                                                                          
-
                                                                                                                                                                          Grant the CCE FullAccess permission to the cce-role-group user group. For details about how to grant permissions to a user group, see Creating a User Group and Assigning Permissions.
                                                                                                                                                                          
+
                                                                                                                                                                          Creating an IAM User and User Group
                                                                                                                                                                          Log in to the IAM console and create an IAM user named user-example and a user group named cce-role-group. For details about how to create an IAM user and user group, see Creating a User and Adding the User to a User Group and Creating a User Group and Assigning Permissions.
                                                                                                                                                                          
+
                                                                                                                                                                          Grant the CCE FullAccess permission to the cce-role-group user group. For details about how to grant permissions to a user group, see Creating a User Group and Assigning Permissions.
                                                                                                                                                                          
 
                                                                                                                                                                          CCE FullAccess has the permissions for cluster operations (such as cluster creation), but does not have the permissions to operate Kubernetes resources (such as viewing pods).
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Creating a Cluster
                                                                                                                                                                          Log in to CCE and create a cluster.
                                                                                                                                                                          
 
                                                                                                                                                                           
                                                                                                                                                                          Do not use IAM user user-example to create a cluster because CCE automatically assigns the cluster-admin permissions of all namespaces in the cluster to the user who creates the cluster. That is, the user can fully control the resources in the cluster and all its namespaces.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Log in to the CCE console as IAM user user-example, download the kubectl configuration file in the cluster and access the cluster. Run the following command to obtain the pod information. The output shows that user-example does not have the permission to view the pods or other resources. This indicates that user-example does not have the permissions to operate Kubernetes resources.
                                                                                                                                                                          
+
                                                                                                                                                                          Log in to the CCE console as IAM user user-example, download the kubectl configuration file in the cluster and access the cluster, and run the following command to obtain the pod information. (The output shows that user-example does not have the permission to view the pods or other resources.) This indicates that user-example does not have the permissions to operate Kubernetes resources.
                                                                                                                                                                          
 
                                                                                                                                                                          # kubectl get pod
 Error from server (Forbidden): pods is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "pods" in API group "" in the namespace "default"
 # kubectl get deploy
diff --git a/docs/cce/umn/cce_bestpractice_0307.html b/docs/cce/umn/cce_bestpractice_0307.html
index 2c89db055..a90003e50 100644
--- a/docs/cce/umn/cce_bestpractice_0307.html
+++ b/docs/cce/umn/cce_bestpractice_0307.html
@@ -28,7 +28,7 @@
 
 
                                                                                                                                                                          
-
-
-
-
@@ -113,13 +113,13 @@ aws_secret_access_key = {SK}
                                                                                                                                                                          Cluster Type
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          Cluster Network Model
                                                                                                                                                                          
@@ -29,7 +29,7 @@
 
                                                                                                                                                                          
 
                                                                                                                                                                          CCE Turbo cluster
                                                                                                                                                                          
 
                                                                                                                                                                          Cloud Native 2.0 Network
                                                                                                                                                                          
+
                                                                                                                                                                          Cloud Native 2.0 network
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          v1.23.8-r0 or later
                                                                                                                                                                          
 
                                                                                                                                                                          v1.25.3-r0 or later
                                                                                                                                                                          
@@ -83,7 +83,7 @@
 
                                                                                                                                                                           
                                                                                                                                                                          • The basic operations for IPv4 and IPv6 dual-stack networks are the same as those for IPv4 networks. Only some parameters are different.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Perform the following operations to create a VPC named vpc-ipv6 and its default subnet named subnet-ipv6.
                                                                                                                                                                          
-
                                                                                                                                                                          1. Log in to the management console.
                                                                                                                                                                          2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                          3. Under Network, select Virtual Private Cloud.
                                                                                                                                                                          4. Click Create VPC.
                                                                                                                                                                          5. Configure the VPC and subnet following instructions. For details about the mandatory parameters, see Table 1 and Table 2. 
                                                                                                                                                                            When configuring a subnet, select Enable for IPv6 CIDR Block to automatically allocate an IPv6 CIDR block to the subnet. IPv6 cannot be disabled after the subnet is created. Currently, you are not allowed to specify a custom IPv6 CIDR block.
                                                                                                                                                                            
+
                                                                                                                                                                            1. Log in to the management console.
                                                                                                                                                                            2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                            3. Choose Network > Virtual Private Cloud.
                                                                                                                                                                            4. Click Create VPC.
                                                                                                                                                                            5. Configure the VPC and subnet following instructions. For details about the mandatory parameters, see Table 1 and Table 2. 
                                                                                                                                                                              When configuring a subnet, select Enable for IPv6 CIDR Block to automatically allocate an IPv6 CIDR block to the subnet. IPv6 cannot be disabled after the subnet is created. Currently, you are not allowed to specify a custom IPv6 CIDR block.
                                                                                                                                                                              
 
 
                                                                                                                                                                              
@@ -181,13 +181,13 @@
 
                                                                                                                                                                            6. Click Create Now.
                                                                                                                                                                              7. 
-
                                                                                                                                                                              Step 2: Create a CCE Cluster
                                                                                                                                                                              Creating a CCE cluster
                                                                                                                                                                              1. Log in to the CCE console and create a cluster.
                                                                                                                                                                                Complete the network settings as follows:
                                                                                                                                                                                • Network Model: Select Tunnel network.
                                                                                                                                                                                • VPC: Select the created VPC vpc-ipv6.
                                                                                                                                                                                • Default Node Subnet: Select a subnet with IPv6 enabled.
                                                                                                                                                                                • IPv6: Enable this function. After this function is enabled, cluster resources, including nodes and workloads, can be accessed through IPv6 CIDR blocks.
                                                                                                                                                                                • Container CIDR Block: A proper mask must be set for the container CIDR block. The mask determines the number of available nodes in the cluster. If the mask of the container CIDR block in the cluster is set improperly, there will be only a small number of available nodes in the cluster.
                                                                                                                                                                                
+
                                                                                                                                                                                Step 2: Create a CCE Cluster
                                                                                                                                                                                Creating a CCE cluster
                                                                                                                                                                                1. Log in to the CCE console and create a cluster.
                                                                                                                                                                                  Complete the network settings as follows:
                                                                                                                                                                                  • VPC: Select the created VPC vpc-ipv6.
                                                                                                                                                                                  • Default Node Subnet: Select a subnet with IPv6 enabled.
                                                                                                                                                                                  • IPv6: Enable this function. After this function is enabled, cluster resources, including nodes and workloads, can be accessed through IPv6 CIDR blocks.
                                                                                                                                                                                  • Network Model: Select Tunnel network.
                                                                                                                                                                                  • Network Policies: This function is enabled by default. It restricts the objects that can be accessed by pods.
                                                                                                                                                                                  • Container CIDR Block: A proper mask must be set for the container CIDR block. The mask determines the number of available nodes in the cluster. If the mask of the container CIDR block in the cluster is set improperly, there will be only a small number of available nodes in the cluster.
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                2. Create a node.
                                                                                                                                                                                  The CCE console displays the nodes that support IPv6. You can directly select a node. 
                                                                                                                                                                                  
 
                                                                                                                                                                                  After the creation is complete, access the cluster details page. Then, click the node name to go to the ECS details page and view the automatically allocated IPv6 address.
                                                                                                                                                                                  
 
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Creating a CCE Turbo cluster
                                                                                                                                                                                1. Log in to the CCE console and create a CCE Turbo cluster.
                                                                                                                                                                                  Complete the network settings as follows:
                                                                                                                                                                                  • Network Model: Select Cloud Native Network 2.0.
                                                                                                                                                                                  • IPv6: Enable this function. After this function is enabled, cluster resources, including nodes and workloads, can be accessed through IPv6 CIDR blocks.
                                                                                                                                                                                  • VPC: Select the created VPC vpc-ipv6.
                                                                                                                                                                                  • Default Node Subnet: Only subnets with IPv6 enabled can be selected.
                                                                                                                                                                                  • Pod Subnet: Only subnets with IPv6 enabled can be selected.
                                                                                                                                                                                  • Service CIDR Block: A proper mask must be set for the container CIDR block. The mask determines the number of available nodes in the cluster. If the mask of the container CIDR block in the cluster is set improperly, there will be only a small number of available nodes in the cluster.
                                                                                                                                                                                  • IPv6 Service CIDR Block: determines the maximum number of Services that can be created. The value cannot be changed after being specified. The default value is fc00::/112. To customize the CIDR block, ensure that the CIDR block meets the following requirements: .
                                                                                                                                                                                    • The IPv6 Service CIDR block must belong to the fc00::/8 CIDR block.
                                                                                                                                                                                    • The prefix length of an IPv6 address ranges from 112 to 120. You can adjust the number of IPv6 addresses by adjusting the prefix value. A maximum of 65536 IPv6 addresses are allowed.
                                                                                                                                                                                    
+
                                                                                                                                                                                    Creating a CCE Turbo cluster
                                                                                                                                                                                    1. Log in to the CCE console and create a CCE Turbo cluster.
                                                                                                                                                                                      Complete the network settings as follows:
                                                                                                                                                                                      • Network Model: Select Cloud Native Network 2.0.
                                                                                                                                                                                      • IPv6: Enable this function. After this function is enabled, cluster resources, including nodes and workloads, can be accessed through IPv6 CIDR blocks.
                                                                                                                                                                                      • VPC: Select the created VPC vpc-ipv6.
                                                                                                                                                                                      • Default Node Subnet: Only subnets with IPv6 enabled can be selected.
                                                                                                                                                                                      • Pod Subnet: Only subnets with IPv6 enabled can be selected.
                                                                                                                                                                                      • Service CIDR Block: A proper mask must be set for the container CIDR block. The mask determines the number of available nodes in the cluster. If the mask of the container CIDR block in the cluster is set improperly, there will be only a small number of available nodes in the cluster.
                                                                                                                                                                                      • IPv6 Service CIDR Block: determines the maximum number of Services that can be created. The value cannot be changed after being specified. The default value is fc00::/112. To customize the CIDR block, ensure that the CIDR block meets the following requirements:
                                                                                                                                                                                        • The IPv6 Service CIDR block must belong to the fc00::/8 CIDR block.
                                                                                                                                                                                        • The prefix length of an IPv6 address ranges from 112 to 120. You can adjust the number of IPv6 addresses by adjusting the prefix value. A maximum of 65536 IPv6 addresses are allowed.
                                                                                                                                                                                        
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      
 
                                                                                                                                                                                    2. Create a node.
                                                                                                                                                                                      The CCE console displays the nodes that support IPv6. You can directly select a node. 
                                                                                                                                                                                      
@@ -197,8 +197,8 @@
 
                                                                                                                                                                                    
 
                                                                                                                                                                                    Step 3: Apply for a Shared Bandwidth and Adding an IPv6 Address to It
                                                                                                                                                                                    By default, the IPv6 address can only be used for private network communication. If you want to use this IPv6 address to access the Internet or be accessed by IPv6 clients on the Internet, apply for a shared bandwidth and add the IPv6 address to it.
                                                                                                                                                                                    
 
                                                                                                                                                                                    If you already have a shared bandwidth, you can add the IPv6 address to the shared bandwidth without applying for one.
                                                                                                                                                                                    
-
                                                                                                                                                                                    Applying a Shared Bandwidth
                                                                                                                                                                                    
-
                                                                                                                                                                                    1. Log in to the management console.
                                                                                                                                                                                    2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                                    3. Choose Service List > Network > Virtual Private Cloud.
                                                                                                                                                                                    4. In the navigation pane, choose Elastic IP and Bandwidth > Shared Bandwidths.
                                                                                                                                                                                    5. In the upper right corner, click Assign Shared Bandwidth. On the displayed page, configure parameters following instructions.
+
                                                                                                                                                                                      Applying for a Shared Bandwidth
                                                                                                                                                                                      
+
                                                                                                                                                                                      1. Log in to the management console.
                                                                                                                                                                                      2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                                      3. Choose Service List > Network > Virtual Private Cloud.
                                                                                                                                                                                      4. In the navigation pane, choose Elastic IP and Bandwidth > Shared Bandwidths.
                                                                                                                                                                                      5. In the upper right corner, click Assign Shared Bandwidth. On the displayed page, configure parameters following instructions.
 
                                                                                                                                                                              Table 1 VPC configuration parameters
                                                                                                                                                                              Parameter
                                                                                                                                                                              
                                                                                                                                                                               		
 
 
                                                                                                                                                                              Table 3 Parameters
                                                                                                                                                                              Parameter
                                                                                                                                                                              
                                                                                                                                                                               		
 
                                                                                                                                                                              Description
                                                                                                                                                                              
@@ -231,14 +231,14 @@
 
 
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                            7. Click Assign Now.
                                                                                                                                                                            
+
                                                                                                                                                                          6. Click Assign Now.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Adding an IPv6 Address to a Shared Bandwidth
                                                                                                                                                                          
-
                                                                                                                                                                          1. On the shared bandwidth list page, locate the row containing the target shared bandwidth and click Add Public IP Address in the Operation column.
                                                                                                                                                                          2. Add the IPv6 address to the shared bandwidth.
                                                                                                                                                                          3. Click OK.
                                                                                                                                                                          
+
                                                                                                                                                                          1. On the shared bandwidth list page, locate the row containing the target shared bandwidth and choose More > Add Public IP Address in the Operation column.
                                                                                                                                                                          2. Add the IPv6 address to the shared bandwidth.
                                                                                                                                                                          3. Click OK.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Verifying the Result
                                                                                                                                                                          
 
                                                                                                                                                                          Log in to an ECS and ping an IPv6 address on the Internet to verify the connectivity. ping6 ipv6.baidu.com is used as an example here. The execution result is displayed in Figure 1.
                                                                                                                                                                          
-
                                                                                                                                                                          Figure 1 Result verification
                                                                                                                                                                          
+
                                                                                                                                                                          Figure 1 Result verification
                                                                                                                                                                          
 
 
 
                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_00226.html b/docs/cce/umn/cce_bestpractice_00226.html
index 68b8e1d7a..e2049dc53 100644
--- a/docs/cce/umn/cce_bestpractice_00226.html
+++ b/docs/cce/umn/cce_bestpractice_00226.html
@@ -145,7 +145,7 @@ spec:
 hostaliases-pod       1/1            Running      0             16m
 
                                                                                                                                                                        • Check whether the hostAliases functions properly.
                                                                                                                                                                          docker ps |grep hostaliases-pod
                                                                                                                                                                          
 
                                                                                                                                                                          docker exec -ti Container ID /bin/sh
                                                                                                                                                                          
-
                                                                                                                                                                          
+
                                                                                                                                                                          
 
                                                                                                                                                                          • 
 
                                                                                                                                                                          
 
diff --git a/docs/cce/umn/cce_bestpractice_00227.html b/docs/cce/umn/cce_bestpractice_00227.html
index 1afa96fad..4f6d021a0 100644
--- a/docs/cce/umn/cce_bestpractice_00227.html
+++ b/docs/cce/umn/cce_bestpractice_00227.html
@@ -1,13 +1,13 @@
 
 
 
                                                                                                                                                                          Modifying Kernel Parameters Using a Privileged Container
                                                                                                                                                                          
-
                                                                                                                                                                          Prerequisites
                                                                                                                                                                          To access a Kubernetes cluster from a client, you can use the Kubernetes command line tool kubectl. 
                                                                                                                                                                          
+
                                                                                                                                                                          Prerequisites
                                                                                                                                                                          To access a Kubernetes cluster from a client, you can use the Kubernetes command line tool kubectl. 
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Procedure
                                                                                                                                                                          1. Create a DaemonSet in the background, select the Nginx image, enable the Privileged Container, configure the lifecycle, and add the hostNetwork field (value: true).
                                                                                                                                                                            1. Create a daemonSet file.
                                                                                                                                                                              vi daemonSet.yaml
                                                                                                                                                                              
-
                                                                                                                                                                              An example YAML file is provided as follows:
                                                                                                                                                                              
-
                                                                                                                                                                               
                                                                                                                                                                              The spec.spec.containers.lifecycle field indicates the command that will be run after the container is started.
                                                                                                                                                                              
+
                                                                                                                                                                              Procedure
                                                                                                                                                                              1. Create a DaemonSet in the background, select the Nginx image, enable the Privileged Container, configure the lifecycle, and add the hostNetwork field (value: true).
                                                                                                                                                                                1. Create a daemonSet file.
                                                                                                                                                                                  vi daemonSet.yaml
                                                                                                                                                                                  
+
                                                                                                                                                                                  An example YAML file is provided as follows:
                                                                                                                                                                                  
+
                                                                                                                                                                                   
                                                                                                                                                                                  The spec.spec.containers.lifecycle field indicates the command that will be run after the container is started.
                                                                                                                                                                                  
 
                                                                                                                                                                                  
-
                                                                                                                                                                                  kind: DaemonSet
+
                                                                                                                                                                                  kind: DaemonSet
 apiVersion: apps/v1
 metadata:
   name: daemonset-test
@@ -43,25 +43,25 @@ spec:
           privileged: true
       imagePullSecrets:
       - name: default-secret
                                                                                                                                                                                  
-
                                                                                                                                                                                2. Create a DaemonSet.
                                                                                                                                                                                  kubectl create –f daemonSet.yaml
                                                                                                                                                                                  
+
                                                                                                                                                                                3. Create a DaemonSet.
                                                                                                                                                                                  kubectl create –f daemonSet.yaml
                                                                                                                                                                                  
 
                                                                                                                                                                                
-
                                                                                                                                                                              2. Check whether the DaemonSet is successfully created.
                                                                                                                                                                                kubectl get daemonset DaemonSet name
                                                                                                                                                                                
-
                                                                                                                                                                                In this example, run the following command:
                                                                                                                                                                                
-
                                                                                                                                                                                kubectl get daemonset daemonset-test
                                                                                                                                                                                
-
                                                                                                                                                                                Information similar to the following is displayed:
                                                                                                                                                                                
-
                                                                                                                                                                                NAME               DESIRED    CURRENT   READY    UP-T0-DATE    AVAILABLE     NODE SELECTOR   AGE
+
                                                                                                                                                                              3. Check whether the DaemonSet is successfully created.
                                                                                                                                                                                kubectl get daemonset DaemonSet name
                                                                                                                                                                                
+
                                                                                                                                                                                In this example, run the following command:
                                                                                                                                                                                
+
                                                                                                                                                                                kubectl get daemonset daemonset-test
                                                                                                                                                                                
+
                                                                                                                                                                                Information similar to the following is displayed:
                                                                                                                                                                                
+
                                                                                                                                                                                NAME               DESIRED    CURRENT   READY    UP-T0-DATE    AVAILABLE     NODE SELECTOR   AGE
 daemonset-test     2          2         2        2             2             <node>          2h
                                                                                                                                                                                
-
                                                                                                                                                                              4. Query the container ID of DaemonSet on the node.
                                                                                                                                                                                docker ps -a|grep DaemonSet name
                                                                                                                                                                                
-
                                                                                                                                                                                In this example, run the following command:
                                                                                                                                                                                
-
                                                                                                                                                                                docker ps -a|grep daemonset-test
                                                                                                                                                                                
-
                                                                                                                                                                                Information similar to the following is displayed:
                                                                                                                                                                                
-
                                                                                                                                                                                897b99faa9ce        3e094d5696c1                           "/bin/sh  -c while..."     31 minutes ago     Up  30 minutes  ault_fa7cc313-4ac1-11e9-a716-fa163e0aalba_0
                                                                                                                                                                                
-
                                                                                                                                                                              5. Access the container.
                                                                                                                                                                                docker exec -it containerid /bin/sh
                                                                                                                                                                                
-
                                                                                                                                                                                In this example, run the following command:
                                                                                                                                                                                
-
                                                                                                                                                                                docker exec -it 897b99faa9ce /bin/sh
                                                                                                                                                                                
-
                                                                                                                                                                              6. Check whether the configured command is executed after the container is started.
                                                                                                                                                                                sysctl -a |grep net.ipv4.tcp_tw_reuse
                                                                                                                                                                                
-
                                                                                                                                                                                If the following information is displayed, the system parameters are modified successfully:
                                                                                                                                                                                
-
                                                                                                                                                                                net.ipv4.tcp_tw_reuse=1
                                                                                                                                                                                
+
                                                                                                                                                                              7. Query the container ID of DaemonSet on the node.
                                                                                                                                                                                docker ps -a|grep DaemonSet name
                                                                                                                                                                                
+
                                                                                                                                                                                In this example, run the following command:
                                                                                                                                                                                
+
                                                                                                                                                                                docker ps -a|grep daemonset-test
                                                                                                                                                                                
+
                                                                                                                                                                                Information similar to the following is displayed:
                                                                                                                                                                                
+
                                                                                                                                                                                897b99faa9ce        3e094d5696c1                           "/bin/sh  -c while..."     31 minutes ago     Up  30 minutes  ault_fa7cc313-4ac1-11e9-a716-fa163e0aalba_0
                                                                                                                                                                                
+
                                                                                                                                                                              8. Access the container.
                                                                                                                                                                                docker exec -it containerid /bin/sh
                                                                                                                                                                                
+
                                                                                                                                                                                In this example, run the following command:
                                                                                                                                                                                
+
                                                                                                                                                                                docker exec -it 897b99faa9ce /bin/sh
                                                                                                                                                                                
+
                                                                                                                                                                              9. Check whether the configured command is executed after the container is started.
                                                                                                                                                                                sysctl -a |grep net.ipv4.tcp_tw_reuse
                                                                                                                                                                                
+
                                                                                                                                                                                If the following information is displayed, the system parameters are modified successfully:
                                                                                                                                                                                
+
                                                                                                                                                                                net.ipv4.tcp_tw_reuse=1
                                                                                                                                                                                
 
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bestpractice_00228.html b/docs/cce/umn/cce_bestpractice_00228.html
index 52b147e2e..3a39d69db 100644
--- a/docs/cce/umn/cce_bestpractice_00228.html
+++ b/docs/cce/umn/cce_bestpractice_00228.html
@@ -1,16 +1,16 @@
 
 
 
                                                                                                                                                                              Using Init Containers to Initialize an Application
                                                                                                                                                                              
-
                                                                                                                                                                              Concepts
                                                                                                                                                                              An init container is a type of container that starts and exits before the application containers start. If there are multiple init containers, they will be started in the defined sequence. The data generated in the init containers can be used by the application containers because storage volumes in a pod are shared.
                                                                                                                                                                              
-
                                                                                                                                                                              Init containers can be used in multiple Kubernetes resources, such as Deployments, DaemonSets, and jobs. They perform initialization before application containers are started.
                                                                                                                                                                              
+
                                                                                                                                                                              Concepts
                                                                                                                                                                              An init container is a type of container that starts and exits before the application containers start. If there are multiple init containers, they will be started in the defined sequence. The data generated in the init containers can be used by the application containers because storage volumes in a pod are shared.
                                                                                                                                                                              
+
                                                                                                                                                                              Init containers can be used in multiple Kubernetes resources, such as Deployments, DaemonSets, and jobs. They perform initialization before application containers are started.
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                              Application Scenarios
                                                                                                                                                                              Before deploying a service, you can use an init container to make preparations before the service pod is deployed. After the preparations are complete, the init container runs to completion and exits, and the container to be deployed will be started.
                                                                                                                                                                              
-
                                                                                                                                                                              • Scenario 1: Wait for other modules to be ready. For example, an application contains two containerized services: web server and database. The web server service needs to access the database service. However, when the application is started, the database service may have not been started. Therefore, web server may fail to access database. To solve this problem, you can use an init container in the pod where web server is running to check whether database is ready. The init container runs to completion only when database is accessible. Then, web server is started and initiates a formal access request to database. 
                                                                                                                                                                              • Scenario 2: Initialize the configuration. For example, the init container can check all existing member nodes in the cluster and prepare the cluster configuration information for the application container. After the application container is started, it can be added to the cluster using the configuration information.
                                                                                                                                                                              • Other scenarios: For example, a pod is registered with a central database and application dependencies are downloaded.
                                                                                                                                                                              
-
                                                                                                                                                                              For details, see Init Containers.
                                                                                                                                                                              
+
                                                                                                                                                                              Application Scenarios
                                                                                                                                                                              Before deploying a service, you can use an init container to make preparations before the service pod is deployed. After the preparations are complete, the init container runs to completion and exits, and the container to be deployed will be started.
                                                                                                                                                                              
+
                                                                                                                                                                              • Scenario 1: Wait for other modules to be ready. For example, an application contains two containerized services: web server and database. The web server service needs to access the database service. However, when the application is started, the database service may have not been started. Therefore, web server may fail to access database. To solve this problem, you can use an init container in the pod where web server is running to check whether database is ready. The init container runs to completion only when database is accessible. Then, web server is started and initiates a formal access request to database. 
                                                                                                                                                                              • Scenario 2: Initialize the configuration. For example, the init container can check all existing member nodes in the cluster and prepare the cluster configuration information for the application container. After the application container is started, it can be added to the cluster using the configuration information.
                                                                                                                                                                              • Other scenarios: For example, a pod is registered with a central database and application dependencies are downloaded.
                                                                                                                                                                              
+
                                                                                                                                                                              For details, see Init Containers.
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                              Procedure
                                                                                                                                                                              1. Edit the YAML file of the init container workload.
                                                                                                                                                                                vi deployment.yaml
                                                                                                                                                                                
-
                                                                                                                                                                                An example YAML file is provided as follows:
                                                                                                                                                                                
-
                                                                                                                                                                                apiVersion: apps/v1
+
                                                                                                                                                                                Procedure
                                                                                                                                                                                1. Edit the YAML file of the init container workload.
                                                                                                                                                                                  vi deployment.yaml
                                                                                                                                                                                  
+
                                                                                                                                                                                  An example YAML file is provided as follows:
                                                                                                                                                                                  
+
                                                                                                                                                                                  apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: mysql
@@ -44,12 +44,12 @@ spec:
         env:
         - name: MYSQL_ROOT_PASSWORD
           value: "mysql"
                                                                                                                                                                                  
-
                                                                                                                                                                                2. Create an init container workload.
                                                                                                                                                                                  kubectl create -f deployment.yaml
                                                                                                                                                                                  
-
                                                                                                                                                                                  Information similar to the following is displayed:
                                                                                                                                                                                  
-
                                                                                                                                                                                  deployment.apps/mysql created
                                                                                                                                                                                  
-
                                                                                                                                                                                3. Query the created Docker container on the node where the workload is running.
                                                                                                                                                                                  docker ps -a|grep mysql
                                                                                                                                                                                  
-
                                                                                                                                                                                  The init container will exit after it runs to completion. The query result Exited (0) shows the exit status of the init container.
                                                                                                                                                                                  
-
                                                                                                                                                                                  
+
                                                                                                                                                                                4. Create an init container workload.
                                                                                                                                                                                  kubectl create -f deployment.yaml
                                                                                                                                                                                  
+
                                                                                                                                                                                  Information similar to the following is displayed:
                                                                                                                                                                                  
+
                                                                                                                                                                                  deployment.apps/mysql created
                                                                                                                                                                                  
+
                                                                                                                                                                                5. Query the created Docker container on the node where the workload is running.
                                                                                                                                                                                  docker ps -a|grep mysql
                                                                                                                                                                                  
+
                                                                                                                                                                                  The init container will exit after it runs to completion. The query result Exited (0) shows the exit status of the init container.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bestpractice_00231.html b/docs/cce/umn/cce_bestpractice_00231.html
index 369ba1d3a..4df5de4ba 100644
--- a/docs/cce/umn/cce_bestpractice_00231.html
+++ b/docs/cce/umn/cce_bestpractice_00231.html
@@ -198,7 +198,7 @@ spec:
   externalTrafficPolicy: Local   # Node level Service affinity
 
                                                                                                                                                                              
 
                                                                                                                                                                              You can also select APP_COOKIE.
                                                                                                                                                                              
-
                                                                                                                                                                               
                                                                                                                                                                              Only shared load balancers support application cookie-based sticky sessions.
                                                                                                                                                                              
+
                                                                                                                                                                               
                                                                                                                                                                              Only shared load balancers support application cookie-based sticky sessions. 
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              apiVersion: v1
 kind: Service
@@ -220,7 +220,7 @@ spec:
       nodePort: 32633            # Custom node port
   type: NodePort
   externalTrafficPolicy: Local   # Node level Service affinity
                                                                                                                                                                              
-
                                                                                                                                                                            2. Create an ingress and associate it with the Service. The following uses an existing load balancer as an example. For details about how to automatically create a load balancer, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                                              apiVersion: networking.k8s.io/v1
+
                                                                                                                                                                            3. Create an ingress and associate it with the Service. The following uses an existing load balancer as an example. For details about how to automatically create a load balancer, see Using kubectl to Create a LoadBalancer Ingress.
                                                                                                                                                                              apiVersion: networking.k8s.io/v1
 kind: Ingress 
 metadata: 
   name: ingress-test
@@ -271,7 +271,7 @@ spec:
       nodePort: 0
   type: ClusterIP
                                                                                                                                                                              
 
                                                                                                                                                                          
-
                                                                                                                                                                        • Create an ingress and associate it with the Service. The following uses an existing load balancer as an example. For details about how to automatically create a load balancer, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                                          apiVersion: networking.k8s.io/v1
+
                                                                                                                                                                        • Create an ingress and associate it with the Service. The following uses an existing load balancer as an example. For details about how to automatically create a load balancer, see Using kubectl to Create a LoadBalancer Ingress.
                                                                                                                                                                          apiVersion: networking.k8s.io/v1
 kind: Ingress 
 metadata: 
   name: ingress-test
diff --git a/docs/cce/umn/cce_bestpractice_0024.html b/docs/cce/umn/cce_bestpractice_0024.html
index a456badde..c3f37773f 100644
--- a/docs/cce/umn/cce_bestpractice_0024.html
+++ b/docs/cce/umn/cce_bestpractice_0024.html
@@ -1,46 +1,46 @@
 
 
 
                                                                                                                                                                          Migrating Resources in a Cluster
                                                                                                                                                                          
-
                                                                                                                                                                          Application Scenarios
                                                                                                                                                                          WordPress is used as an example to describe how to migrate an application from an on-premises Kubernetes cluster to a CCE cluster. The WordPress application consists of the WordPress and MySQL components, which are containerized. The two components are bound to two local storage volumes of the Local type respectively and provide external access through the NodePort Service.
                                                                                                                                                                          
-
                                                                                                                                                                          Before the migration, use a browser to access the WordPress site, create a site named Migrate to CCE, and publish an article to verify the integrity of PV data after the migration. The article published in WordPress will be stored in the wp_posts table of the MySQL database. If the migration is successful, all contents in the database will be migrated to the new cluster. You can verify the PV data migration based on the migration result.
                                                                                                                                                                          
+
                                                                                                                                                                          Application Scenarios
                                                                                                                                                                          WordPress is used as an example to describe how to migrate an application from an on-premises Kubernetes cluster to a CCE cluster. The WordPress application consists of the WordPress and MySQL components, which are containerized. The two components are bound to two local storage volumes of the local type, respectively, and provide external access through the NodePort Services.
                                                                                                                                                                          
+
                                                                                                                                                                          Before the migration, you can use a browser to access the WordPress site, create a site named Migrate to CCE, and publish an article for verifying the integrity of PV data after the migration. The article published in WordPress will be stored in the wp_posts table of the MySQL database. If the migration is successful, all contents in the database will be migrated to the new cluster. You can then verify the migration results of the PV data.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Prerequisites
                                                                                                                                                                          • Before the migration, clear the abnormal pod resources in the source cluster. If the pod is in the abnormal state and has a PVC mounted, the PVC is in the pending state after the cluster is migrated.
                                                                                                                                                                          • Ensure that the cluster on the CCE side does not have the same resources as the cluster to be migrated because Velero does not restore the same resources by default.
                                                                                                                                                                          • To ensure that container images can be properly pulled after cluster migration, migrate the images to SWR.
                                                                                                                                                                          • CCE does not support EVS disks of the ReadWriteMany type. If resources of this type exist in the source cluster, change the storage type to ReadWriteOnce.
                                                                                                                                                                          • Velero cannot back up or restore HostPath volumes. For details, see Limitations. To back up storage volumes of this type, replace the hostPath volumes with local volumes. If a backup task involves storage of the HostPath type, the storage volumes of this type will be automatically skipped and a warning message will be generated. This will not cause a backup failure.
                                                                                                                                                                          
+
                                                                                                                                                                          Prerequisites
                                                                                                                                                                          • Before the migration, the abnormal pod resources in the source cluster have been cleared. If a pod with PVC mounted becomes abnormal, the PVC will be in the pending state after the migration.
                                                                                                                                                                          • The CCE cluster does not have the same resources as the source cluster because Velero does not restore the same resources by default.
                                                                                                                                                                          • The container images have been migrated to SWR so that they can be properly pulled after the migration.
                                                                                                                                                                          • CCE does not support EVS disks of the ReadWriteMany type. If resources of this type exist in the source cluster, change the storage type to ReadWriteOnce.
                                                                                                                                                                          • Velero cannot back up or restore hostPath volumes. For details, see Limitations. To back up storage volumes of this type, replace the hostPath volumes with local volumes. If there is a hostPath volume in a backup task, the backup of this volume will be automatically skipped and a warning message will be generated. This will not cause a backup failure.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Backing Up Applications in the Source Cluster
                                                                                                                                                                          1. (Optional) To back up the data of a specified storage volume in the pod, add an annotation to the pod. The annotation template is as follows:
                                                                                                                                                                            kubectl -n <namespace> annotate <pod/pod_name> backup.velero.io/backup-volumes=<volume_name_1>,<volume_name_2>,...
                                                                                                                                                                            
-
                                                                                                                                                                            • <namespace>: namespace where the pod is located.
                                                                                                                                                                            • <pod_name>: pod name.
                                                                                                                                                                            • <volume_name>: name of the persistent volume mounted to the pod. You can run the describe statement to query the pod information. The Volume field indicates the names of all persistent volumes attached to the pod.
                                                                                                                                                                            
-
                                                                                                                                                                            Add annotations to the pods of WordPress and MySQL. The pod names are wordpress-758fbf6fc7-s7fsr and mysql-5ffdfbc498-c45lh. As the pods are in the default namespace default, the -n <NAMESPACE> parameter can be omitted.
                                                                                                                                                                            
+
                                                                                                                                                                            Backing Up an Application in the Source Cluster
                                                                                                                                                                            1. (Optional) To back up the data of a specified storage volume in a pod, add an annotation to the pod. The annotation template is as follows:
                                                                                                                                                                              kubectl -n <namespace> annotate <pod/pod_name> backup.velero.io/backup-volumes=<volume_name_1>,<volume_name_2>,...
                                                                                                                                                                              
+
                                                                                                                                                                              • <namespace>: namespace where the pod is located
                                                                                                                                                                              • <pod_name>: pod name
                                                                                                                                                                              • <volume_name>: name of the PV mounted to the pod. You can run the describe statement to obtain the pod information. The Volume field indicates the names of all PVs mounted to the pod.
                                                                                                                                                                              
+
                                                                                                                                                                              You can add annotations to the WordPress pod wordpress-758fbf6fc7-s7fsr and MySQL pod mysql-5ffdfbc498-c45lh. These pods are in the default namespace default, so the -n <NAMESPACE> parameter can be omitted.
                                                                                                                                                                              
 
                                                                                                                                                                              kubectl annotate pod/wordpress-758fbf6fc7-s7fsr backup.velero.io/backup-volumes=wp-storage
 kubectl annotate pod/mysql-5ffdfbc498-c45lh backup.velero.io/backup-volumes=mysql-storage
                                                                                                                                                                              
-
                                                                                                                                                                            2. Back up the application. During the backup, you can specify resources based on parameters. If no parameter is added, the entire cluster resources are backed up by default. For details about the parameters, see Resource filtering.
                                                                                                                                                                              • --default-volumes-to-fs-backup: indicates that the PV backup tool is used to back up all storage volumes attached to a pod. HostPath volumes are not supported. If this parameter is not specified, the storage volume specified by annotation in 1 is backed up by default. This parameter is available only when --use-node-agent is specified during Velero installation.
                                                                                                                                                                                velero backup create <backup-name> --default-volumes-to-fs-backup
                                                                                                                                                                                
+
                                                                                                                                                                              • Back up the application. During the backup, you can specify resources based on parameters. If no parameter is added, the entire cluster resources are backed up by default. For details about the parameters, see Resource filtering.
                                                                                                                                                                                • --default-volumes-to-fs-backup: indicates that the PV backup tool is used to back up all storage volumes attached to a pod. hostPath volumes are not supported. If this parameter is not specified, the storage volume specified by annotation in 1 is backed up by default. This parameter is available only when --use-node-agent is specified during Velero installation.
                                                                                                                                                                                  velero backup create <backup-name> --default-volumes-to-fs-backup
                                                                                                                                                                                  
 
                                                                                                                                                                                • --include-namespaces: backs up resources in a specified namespace.
                                                                                                                                                                                  velero backup create <backup-name> --include-namespaces <namespace>
                                                                                                                                                                                  
 
                                                                                                                                                                                • --include-resources: backs up the specified resources.
                                                                                                                                                                                  velero backup create <backup-name> --include-resources deployments
                                                                                                                                                                                  
 
                                                                                                                                                                                • --selector: backs up resources that match the selector.
                                                                                                                                                                                  velero backup create <backup-name> --selector <key>=<value>
                                                                                                                                                                                  
 
                                                                                                                                                                                
-
                                                                                                                                                                                In this section, resources in the namespace default are backed up. wordpress-backup is the backup name. Specify the same backup name when restoring applications. An example is as follows:
                                                                                                                                                                                
+
                                                                                                                                                                                In this section, resources in the namespace default are backed up. wordpress-backup is the backup name. Specify the same backup name when restoring applications. An example is as follows:
                                                                                                                                                                                
 
                                                                                                                                                                                velero backup create wordpress-backup --include-namespaces default --default-volumes-to-fs-backup
                                                                                                                                                                                
-
                                                                                                                                                                                If the following information is displayed, the backup task is successfully created:
                                                                                                                                                                                
+
                                                                                                                                                                                If information similar to the following is displayed, the backup task has been created:
                                                                                                                                                                                
 
                                                                                                                                                                                Backup request "wordpress-backup" submitted successfully. 
 Run `velero backup describe wordpress-backup` or `velero backup logs wordpress-backup` for more details.
                                                                                                                                                                                
 
                                                                                                                                                                              • Check the backup status.
                                                                                                                                                                                velero backup get
                                                                                                                                                                                
 
                                                                                                                                                                                Information similar to the following is displayed:
                                                                                                                                                                                NAME               STATUS      ERRORS   WARNINGS   CREATED                         EXPIRES   STORAGE LOCATION   SELECTOR
 wordpress-backup   Completed   0        0          2021-10-14 15:32:07 +0800 CST   29d       default            <none>
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                In addition, you can go to the object bucket to view the backup files. The backups path is the application resource backup path, and the other is the PV data backup path.
                                                                                                                                                                                
-
                                                                                                                                                                                
+
                                                                                                                                                                                In addition, you can go to the object bucket to view the backup files. The backups path is for the application resource backup, and the other is for the PV data backup.
                                                                                                                                                                                
+
                                                                                                                                                                                
 
                                                                                                                                                                            
 
                                                                                                                                                                            
-
                                                                                                                                                                            Restoring Applications in the Target Cluster
                                                                                                                                                                            The storage infrastructure of an on-premises cluster is different from that of a cloud cluster. After the cluster is migrated, PVs cannot be mounted to pods. Therefore, during the migration, update the storage class of the target cluster to shield the differences of underlying storage interfaces between the two clusters when creating a workload and request storage resources of the corresponding type. For details, see Updating the Storage Class. 
                                                                                                                                                                            
-
                                                                                                                                                                            1. Use kubectl to connect to the CCE cluster. Create a storage class with the same name as that of the source cluster.
                                                                                                                                                                              In this example, the storage class name of the source cluster is local and the storage type is local disk. Local disks completely depend on the node availability. The data DR performance is poor. When the node is unavailable, the existing storage data is affected. Therefore, EVS volumes are used as storage resources in CCE clusters, and SAS disks are used as backend storage media.
                                                                                                                                                                              
-
                                                                                                                                                                               
                                                                                                                                                                              • When an application containing PV data is restored in a CCE cluster, the defined storage class dynamically creates and mounts storage resources (such as EVS volumes) based on the PVC.
                                                                                                                                                                              • The storage resources of the cluster can be changed as required, not limited to EVS volumes. To mount other types of storage, such as file storage and object storage, see Updating the Storage Class.
                                                                                                                                                                              
+
                                                                                                                                                                              Restoring the Application in the Target Cluster
                                                                                                                                                                              The storage infrastructure of an on-premises cluster is different from that of a cloud cluster. After the cluster is migrated, PVs cannot be mounted to pods. Therefore, during the migration, update the storage class of the target cluster to shield the differences of underlying storage interfaces between the two clusters when creating a workload and request storage resources of the corresponding type. For details, see Updating the Storage Class. 
                                                                                                                                                                              
+
                                                                                                                                                                              1. Use kubectl to access the CCE cluster and create a storage class with the same name as that of the source cluster.
                                                                                                                                                                                In this example, the storage class name of the source cluster is local and the storage type is local disk. Local disks completely depend on the node availability. The data DR performance is poor. When the node is unavailable, the existing storage data is affected. Therefore, the storage resources in the CCE cluster should be EVS volumes, and the backend storage media should be SAS disks.
                                                                                                                                                                                
+
                                                                                                                                                                                 
                                                                                                                                                                                • When an application containing PV data is restored in a CCE cluster, the defined storage class dynamically creates storage resources (such as EVS volumes) based on the PVC and mounts the resources to the application.
                                                                                                                                                                                • You can modify the storage resources of the cluster as needed, without being restricted to EVS volumes. To mount other types of storage, such as file storage and object storage, see Updating the Storage Class.
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                YAML file of the migrated cluster:
                                                                                                                                                                                
+
                                                                                                                                                                                An example of the YAML file of the source cluster is as follows:
                                                                                                                                                                                
 
                                                                                                                                                                                apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
   name: local
 provisioner: kubernetes.io/no-provisioner
 volumeBindingMode: WaitForFirstConsumer
                                                                                                                                                                                
-
                                                                                                                                                                                The following is an example of the YAML file of the migration cluster:
                                                                                                                                                                                allowVolumeExpansion: true
+
                                                                                                                                                                                An example of the YAML file of the target cluster is as follows:
                                                                                                                                                                                allowVolumeExpansion: true
 apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
@@ -55,8 +55,8 @@ provisioner: everest-csi-provisioner
 reclaimPolicy: Delete
 volumeBindingMode: Immediate  
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                              2. Use the Velero tool to create a restore and specify a backup named wordpress-backup to restore the WordPress application to the CCE cluster.
                                                                                                                                                                                velero restore create --from-backup wordpress-backup
                                                                                                                                                                                
-
                                                                                                                                                                                You can run the velero restore get statement to view the application restoration status.
                                                                                                                                                                                
+
                                                                                                                                                                              3. Create a Restore object using Velero, specify a backup named wordpress-backup, and restore the WordPress application in the CCE cluster.
                                                                                                                                                                                velero restore create --from-backup wordpress-backup
                                                                                                                                                                                
+
                                                                                                                                                                                You can run the velero restore get statement to check the application restoration.
                                                                                                                                                                                
 
                                                                                                                                                                              4. After the restoration is complete, check whether the application is running properly. If other adaptation problems may occur, rectify the fault by following the procedure described in Updating Resources Accordingly.
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bestpractice_00253.html b/docs/cce/umn/cce_bestpractice_00253.html
index b0d09513e..64a8a6401 100644
--- a/docs/cce/umn/cce_bestpractice_00253.html
+++ b/docs/cce/umn/cce_bestpractice_00253.html
@@ -1,19 +1,19 @@
 
 
 
                                                                                                                                                                              Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
                                                                                                                                                                              
-
                                                                                                                                                                              Background
                                                                                                                                                                              The minimum capacity of an SFS Turbo file system is 500 GiB. By default, the root directory of an SFS Turbo file system is mounted to a container which, in most case, does not require such a large capacity.
                                                                                                                                                                              
-
                                                                                                                                                                              The everest add-on allows you to dynamically create subdirectories in an SFS Turbo file system and mount these subdirectories to containers. In this way, an SFS Turbo file system can be shared by multiple containers to increase storage efficiency.
                                                                                                                                                                              
+
                                                                                                                                                                              Background
                                                                                                                                                                              The minimum capacity of an SFS Turbo file system is 500 GiB. By default, the root directory of an SFS Turbo file system is mounted to a container which, in most case, does not require such a large capacity.
                                                                                                                                                                              
+
                                                                                                                                                                              The everest add-on allows you to dynamically create subdirectories in an SFS Turbo file system and mount these subdirectories to containers. In this way, an SFS Turbo file system can be shared by multiple containers to increase storage efficiency.
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                              Constraints
                                                                                                                                                                              • Only clusters of v1.15 or later are supported.
                                                                                                                                                                              • The cluster must use the everest add-on of version 1.1.13 or later.
                                                                                                                                                                              • Kata containers are not supported.
                                                                                                                                                                              • When the everest add-on earlier than 1.2.69 or 2.1.11 is used, a maximum of 10 PVCs can be created concurrently at a time by using the subdirectory function. everest of 1.2.69 or later or of 2.1.11 or later is recommended.
                                                                                                                                                                              • A subPath volume is a subdirectory of an SFS Turbo file system. Increasing the capacity of a PVC of this type only changes the resource range specified by the PVC, but does not change the total capacity of the SFS Turbo file system. If the SFS Turbo file system's total resource capacity is not enough, the available capacity of the subPath volume will be restricted. To fix this, you must increase the resource capacity of the SFS Turbo file system on the SFS Turbo console.
                                                                                                                                                                                Deleting the subPath volume does not result in the deletion of the resources of the SFS Turbo file system.
                                                                                                                                                                                
+
                                                                                                                                                                                Notes and Constraints
                                                                                                                                                                                • Only clusters of v1.15 or later are supported.
                                                                                                                                                                                • The cluster must use the everest add-on of version 1.1.13 or later.
                                                                                                                                                                                • Kata containers are not supported.
                                                                                                                                                                                • When the everest add-on earlier than 1.2.69 or 2.1.11 is used, a maximum of 10 PVCs can be created concurrently at a time by using the subdirectory function. everest of 1.2.69 or later or of 2.1.11 or later is recommended.
                                                                                                                                                                                • A subPath volume is a subdirectory of an SFS Turbo file system. Increasing the capacity of a PVC of this type only changes the resource range specified by the PVC, but does not change the total capacity of the SFS Turbo file system. If the SFS Turbo file system's total resource capacity is not enough, the available capacity of the subPath volume will be restricted. To fix this, you must increase the resource capacity of the SFS Turbo file system on the SFS Turbo console.
                                                                                                                                                                                  Deleting the subPath volume does not result in the deletion of the resources of the SFS Turbo file system.
                                                                                                                                                                                  
 
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Creating an SFS Turbo Volume of the subPath Type
                                                                                                                                                                                1. Create an SFS Turbo file system in the same VPC and subnet as the cluster.
                                                                                                                                                                                2. Create a YAML file of StorageClass, for example, sfsturbo-subpath-sc.yaml.
                                                                                                                                                                                  The following is an example:
                                                                                                                                                                                  
-
                                                                                                                                                                                  apiVersion: storage.k8s.io/v1
+
                                                                                                                                                                                  Creating an SFS Turbo Volume of the subPath Type
                                                                                                                                                                                  1. Create an SFS Turbo file system in the same VPC and subnet as the cluster.
                                                                                                                                                                                  2. Create a YAML file of StorageClass, for example, sfsturbo-subpath-sc.yaml.
                                                                                                                                                                                    The following is an example:
                                                                                                                                                                                    
+
                                                                                                                                                                                    apiVersion: storage.k8s.io/v1
 allowVolumeExpansion: true
 kind: StorageClass
 metadata:
-  name: sfsturbo-subpath-sc
-mountOptions:
+  name: sfsturbo-subpath-sc # Storage class name
+mountOptions:  #Mount options
 - lock
 parameters:
   csi.storage.k8s.io/csi-driver-name: sfsturbo.csi.everest.io
@@ -21,27 +21,27 @@ parameters:
   everest.io/archive-on-delete: "true"
   everest.io/share-access-to: 7ca2dba2-1234-1234-1234-626371a8fb3a
   everest.io/share-expand-type: bandwidth
-  everest.io/share-export-location: 192.168.1.1:/sfsturbo/
+  everest.io/share-export-location: 192.168.1.1:/sfsturbo/  # Mount directory configuration
   everest.io/share-source: sfs-turbo
   everest.io/share-volume-type: STANDARD
   everest.io/volume-as: subpath
-  everest.io/volume-id: 0d773f2e-1234-1234-1234-de6a35074696
+  everest.io/volume-id: 0d773f2e-1234-1234-1234-de6a35074696  # ID of an SFS Turbo volume
 provisioner: everest-csi-provisioner
 reclaimPolicy: Delete
 volumeBindingMode: Immediate
                                                                                                                                                                                    
-
                                                                                                                                                                                    In this example:
                                                                                                                                                                                    
-
                                                                                                                                                                                    • name: indicates the name of the StorageClass.
                                                                                                                                                                                    • mountOptions: indicates the mount options. This field is optional.
                                                                                                                                                                                      • In versions later than everest 1.1.13 and earlier than everest 1.2.8, only the nolock parameter can be configured. By default, the nolock parameter is used for the mount operation and does not need to be configured. If nolock is set to false, the lock field is used.
                                                                                                                                                                                      • Starting from everest 1.2.8, more mount options are supported. For details, see Configuring SFS Volume Mount Options. Do not set nolock to true. Otherwise, the mount operation will fail.
                                                                                                                                                                                        mountOptions:
+
                                                                                                                                                                                        In this example:
                                                                                                                                                                                        
+
                                                                                                                                                                                        • name: indicates the name of the StorageClass.
                                                                                                                                                                                        • mountOptions: indicates the mount options. This field is optional.
                                                                                                                                                                                          • In versions later than everest 1.1.13 and earlier than everest 1.2.8, only the nolock parameter can be configured. By default, the nolock parameter is used for the mount operation and does not need to be configured. If nolock is set to false, the lock field is used.
                                                                                                                                                                                          • Starting from everest 1.2.8, more mount options are supported. For details, see Configuring SFS Volume Mount Options. Do not set nolock to true. Otherwise, the mount operation will fail.
                                                                                                                                                                                            mountOptions:
 - vers=3
 - timeo=600
 - nolock
 - hard
                                                                                                                                                                                            
 
                                                                                                                                                                                          
-
                                                                                                                                                                                        • everest.io/volume-as: This parameter is set to subpath to use the subPath volume.
                                                                                                                                                                                        • everest.io/share-access-to: This parameter is optional. In a subPath volume, set this parameter to the ID of the VPC where the SFS Turbo file system is located.
                                                                                                                                                                                        • everest.io/share-expand-type: This parameter is optional. If the type of the SFS Turbo file system is SFS Turbo Standard – Enhanced or SFS Turbo Performance – Enhanced, set this parameter to bandwidth.
                                                                                                                                                                                        • everest.io/share-export-location: This parameter indicates the mount directory. It consists of the SFS Turbo shared path and sub-directory. The shared path can be obtained on the SFS Turbo console. The sub-directory is user-defined. The PVCs created using the StorageClass are located in this sub-directory.
                                                                                                                                                                                        • everest.io/share-volume-type: This parameter is optional. It specifies the SFS Turbo file system type. The value can be STANDARD or PERFORMANCE. For enhanced types, this parameter must be used together with everest.io/share-expand-type (whose value should be bandwidth).
                                                                                                                                                                                        • everest.io/zone: This parameter is optional. Set it to the AZ where the SFS Turbo file system is located.
                                                                                                                                                                                        • everest.io/volume-id: This parameter indicates the ID of the SFS Turbo volume. You can obtain the volume ID on the SFS Turbo page.
                                                                                                                                                                                        • everest.io/archive-on-delete: If this parameter is set to true and Delete is selected for Reclaim Policy, the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted. If this parameter is set to false, the SFS Turbo subdirectory of the corresponding PV will be deleted. The default value is true, indicating that the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted.
                                                                                                                                                                                        
-
                                                                                                                                                                                  1. Run kubectl create -f sfsturbo-subpath-sc.yaml.
                                                                                                                                                                                  2. Create a PVC YAML file named sfs-turbo-test.yaml.
                                                                                                                                                                                    The following is an example:
                                                                                                                                                                                    
-
                                                                                                                                                                                    apiVersion: v1
+
                                                                                                                                                                                  3. everest.io/volume-as: This parameter is set to subpath to use the subPath volume.
                                                                                                                                                                                  4. everest.io/share-access-to: This parameter is optional. In a subPath volume, set this parameter to the ID of the VPC where the SFS Turbo file system is located.
                                                                                                                                                                                  5. everest.io/share-expand-type: This parameter is optional. If the type of the SFS Turbo file system is SFS Turbo Standard – Enhanced or SFS Turbo Performance – Enhanced, set this parameter to bandwidth.
                                                                                                                                                                                  6. everest.io/share-export-location: This parameter indicates the mount directory. It consists of the SFS Turbo shared path and sub-directory. The shared path can be obtained on the SFS Turbo console. The sub-directory is user-defined. The PVCs created using the StorageClass are located in this sub-directory.
                                                                                                                                                                                  7. everest.io/share-volume-type: This parameter is optional. It specifies the SFS Turbo file system type. The value can be STANDARD or PERFORMANCE. For enhanced types, this parameter must be used together with everest.io/share-expand-type (whose value should be bandwidth).
                                                                                                                                                                                  8. everest.io/zone: This parameter is optional. Set it to the AZ where the SFS Turbo file system is located.
                                                                                                                                                                                  9. everest.io/volume-id: This parameter indicates the ID of the SFS Turbo volume. You can obtain the volume ID on the SFS Turbo page.
                                                                                                                                                                                  10. everest.io/archive-on-delete: If this parameter is set to true and Delete is selected for Reclaim Policy, the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted. If this parameter is set to false, the SFS Turbo subdirectory of the corresponding PV will be deleted. The default value is true, indicating that the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted.
                                                                                                                                                                              
+
                                                                                                                                                                            1. Run kubectl create -f sfsturbo-subpath-sc.yaml.
                                                                                                                                                                            2. Create a PVC YAML file named sfs-turbo-test.yaml.
                                                                                                                                                                              The following is an example:
                                                                                                                                                                              
+
                                                                                                                                                                              apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: sfs-turbo-test
+  name: sfs-turbo-test  # PVC name
   namespace: default
 spec:
   accessModes:
@@ -49,18 +49,18 @@ spec:
   resources:
     requests:
       storage: 50Gi
-  storageClassName: sfsturbo-subpath-sc
+  storageClassName: sfsturbo-subpath-sc  # Storage class name
   volumeMode: Filesystem
                                                                                                                                                                              
-
                                                                                                                                                                              In this example:
                                                                                                                                                                              
-
                                                                                                                                                                              • name: indicates the name of the PVC.
                                                                                                                                                                              • storageClassName: specifies the name of the StorageClass.
                                                                                                                                                                              • storage: In a subPath volume, modifying the value of this parameter does not impact the resource capacity of the SFS Turbo file system. A subPath volume is essentially a file path within an SFS Turbo file system. As a result, increasing the capacity of the subPath volume in a PVC does not lead to an increase in the resources of the SFS Turbo file system.
                                                                                                                                                                                 
                                                                                                                                                                                The capacity of a subPath volume is restricted by the overall resource capacity of the corresponding SFS Turbo file system. If the resources of the SFS Turbo file system are inadequate, you can adjust the resource capacity via the SFS Turbo console.
                                                                                                                                                                                
+
                                                                                                                                                                                In this example:
                                                                                                                                                                                
+
                                                                                                                                                                                • name: indicates the name of the PVC.
                                                                                                                                                                                • storageClassName: specifies the name of the StorageClass.
                                                                                                                                                                                • storage: In a subPath volume, modifying the value of this parameter does not impact the resource capacity of the SFS Turbo file system. A subPath volume is essentially a file path within an SFS Turbo file system. As a result, increasing the capacity of the subPath volume in a PVC does not lead to an increase in the resources of the SFS Turbo file system.
                                                                                                                                                                                   
                                                                                                                                                                                  The capacity of a subPath volume is restricted by the overall resource capacity of the corresponding SFS Turbo file system. If the resources of the SFS Turbo file system are inadequate, you can adjust the resource capacity via the SFS Turbo console.
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                
-
                                                                                                                                                                            1. Run kubectl create -f sfs-turbo-test.yaml.
                                                                                                                                                                            
+
                                                                                                                                                                          1. Run kubectl create -f sfs-turbo-test.yaml.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Creating a Deployment and Mounting an Existing Volume
                                                                                                                                                                          1. Create a YAML file for the Deployment, for example, deployment-test.yaml.
                                                                                                                                                                            The following is an example:
                                                                                                                                                                            apiVersion: apps/v1
+
                                                                                                                                                                            Creating a Deployment and Mounting an Existing Volume
                                                                                                                                                                            1. Create a YAML file for the Deployment, for example, deployment-test.yaml.
                                                                                                                                                                              The following is an example:
                                                                                                                                                                              apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: test-turbo-subpath-example
+  name: test-turbo-subpath-example   # Name of the created workload
   namespace: default
   generation: 1
   labels:
@@ -76,10 +76,10 @@ spec:
         app: test-turbo-subpath-example 
     spec: 
       containers: 
-      - image: nginx:latest 
+      - image: nginx:latest  # Image of the workload
         name: container-0 
         volumeMounts: 
-        - mountPath: /tmp
+        - mountPath: /tmp   #Mount path in a container
           name: pvc-sfs-turbo-example 
       restartPolicy: Always 
       imagePullSecrets:
@@ -87,18 +87,18 @@ spec:
       volumes: 
       - name: pvc-sfs-turbo-example 
         persistentVolumeClaim: 
-          claimName: sfs-turbo-test
                                                                                                                                                                              
+          claimName: sfs-turbo-test   # Name of an existing PVC
                                                                                                                                                                            
 
                                                                                                                                                                            
-
                                                                                                                                                                            In this example:
                                                                                                                                                                            
-
                                                                                                                                                                            • name: indicates the name of the created workload.
                                                                                                                                                                            • image: specifies the image used by the workload.
                                                                                                                                                                            • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                            • claimName: indicates the name of an existing PVC.
                                                                                                                                                                            
-
                                                                                                                                                                          1. Create the Deployment.
                                                                                                                                                                            kubectl create -f deployment-test.yaml
                                                                                                                                                                            
+
                                                                                                                                                                            In this example:
                                                                                                                                                                            
+
                                                                                                                                                                            • name: indicates the name of the created workload.
                                                                                                                                                                            • image: specifies the image used by the workload.
                                                                                                                                                                            • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                            • claimName: indicates the name of an existing PVC.
                                                                                                                                                                            
+
                                                                                                                                                                          1. Create the Deployment.
                                                                                                                                                                            kubectl create -f deployment-test.yaml
                                                                                                                                                                            
 
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Dynamically Creating a subPath Volume for a StatefulSet
                                                                                                                                                                          1. Create a YAML file for a StatefulSet, for example, statefulset-test.yaml.
                                                                                                                                                                            The following is an example:
                                                                                                                                                                            
-
                                                                                                                                                                            apiVersion: apps/v1
+
                                                                                                                                                                            Dynamically Creating a subPath Volume for a StatefulSet
                                                                                                                                                                            1. Create a YAML file for a StatefulSet, for example, statefulset-test.yaml.
                                                                                                                                                                              The following is an example:
                                                                                                                                                                              
+
                                                                                                                                                                              apiVersion: apps/v1
 kind: StatefulSet
 metadata:
-  name: test-turbo-subpath
+  name: test-turbo-subpath # Name of the created workload
   namespace: default
   generation: 1
   labels:
@@ -117,12 +117,12 @@ spec:
         pod.alpha.kubernetes.io/initialized: 'true'
     spec:
       containers:
-        - name: container-0
-          image: 'nginx:latest'
+        - name: container-0  
+          image: 'nginx:latest'  # Image of the workload
           resources: {}
           volumeMounts:
             - name: sfs-turbo-160024548582479676
-              mountPath: /tmp
+              mountPath: /tmp  # Mount path in a container
           terminationMessagePath: /dev/termination-log
           terminationMessagePolicy: File
           imagePullPolicy: IfNotPresent
@@ -136,30 +136,30 @@ spec:
       schedulerName: default-scheduler
   volumeClaimTemplates:
     - metadata:
-        name: sfs-turbo-160024548582479676
+        name: sfs-turbo-160024548582479676 
         namespace: default
         annotations: {}
       spec:
         accessModes:
-          - ReadWriteOnce
+          - ReadWriteMany
         resources:
           requests:
             storage: 10Gi
-        storageClassName: sfsturbo-subpath-sc
+        storageClassName: sfsturbo-subpath-sc # Enter the name of a self-managed storage class.
   serviceName: wwww
   podManagementPolicy: OrderedReady
   updateStrategy:
     type: RollingUpdate
   revisionHistoryLimit: 10
                                                                                                                                                                              
-
                                                                                                                                                                              In this example:
                                                                                                                                                                              
-
                                                                                                                                                                              • name: indicates the name of the created workload.
                                                                                                                                                                              • image: specifies the image used by the workload.
                                                                                                                                                                              • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                              • spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name: must be consistent because they have a mapping relationship.
                                                                                                                                                                              • storageClassName: specifies the name of an on-premises StorageClass.
                                                                                                                                                                              
-
                                                                                                                                                                            1. Create the StatefulSet.
                                                                                                                                                                              kubectl create -f statefulset-test.yaml
                                                                                                                                                                              
+
                                                                                                                                                                              In this example:
                                                                                                                                                                              
+
                                                                                                                                                                              • name: indicates the name of the created workload.
                                                                                                                                                                              • image: specifies the image used by the workload.
                                                                                                                                                                              • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                              • spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name: must be consistent because they have a mapping relationship.
                                                                                                                                                                              • storageClassName: specifies the name of an on-premises StorageClass.
                                                                                                                                                                              
+
                                                                                                                                                                            1. Create the StatefulSet.
                                                                                                                                                                              kubectl create -f statefulset-test.yaml
                                                                                                                                                                              
 
                                                                                                                                                                            
 
                                                                                                                                                                            
 
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Parent topic: Storage
                                                                                                                                                                          
+
                                                                                                                                                                          Parent topic: SFS Turbo
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          
 
diff --git a/docs/cce/umn/cce_bestpractice_00253_0.html b/docs/cce/umn/cce_bestpractice_00253_0.html
index 58192ce19..74682c31a 100644
--- a/docs/cce/umn/cce_bestpractice_00253_0.html
+++ b/docs/cce/umn/cce_bestpractice_00253_0.html
@@ -1,19 +1,19 @@
 
 
 
                                                                                                                                                                          Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
                                                                                                                                                                          
-
                                                                                                                                                                          Background
                                                                                                                                                                          The minimum capacity of an SFS Turbo file system is 500 GiB. By default, the root directory of an SFS Turbo file system is mounted to a container which, in most case, does not require such a large capacity.
                                                                                                                                                                          
-
                                                                                                                                                                          The everest add-on allows you to dynamically create subdirectories in an SFS Turbo file system and mount these subdirectories to containers. In this way, an SFS Turbo file system can be shared by multiple containers to increase storage efficiency.
                                                                                                                                                                          
+
                                                                                                                                                                          Background
                                                                                                                                                                          The minimum capacity of an SFS Turbo file system is 500 GiB. By default, the root directory of an SFS Turbo file system is mounted to a container which, in most case, does not require such a large capacity.
                                                                                                                                                                          
+
                                                                                                                                                                          The everest add-on allows you to dynamically create subdirectories in an SFS Turbo file system and mount these subdirectories to containers. In this way, an SFS Turbo file system can be shared by multiple containers to increase storage efficiency.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Constraints
                                                                                                                                                                          • Only clusters of v1.15 or later are supported.
                                                                                                                                                                          • The cluster must use the everest add-on of version 1.1.13 or later.
                                                                                                                                                                          • Kata containers are not supported.
                                                                                                                                                                          • When the everest add-on earlier than 1.2.69 or 2.1.11 is used, a maximum of 10 PVCs can be created concurrently at a time by using the subdirectory function. everest of 1.2.69 or later or of 2.1.11 or later is recommended.
                                                                                                                                                                          • A subPath volume is a subdirectory of an SFS Turbo file system. Increasing the capacity of a PVC of this type only changes the resource range specified by the PVC, but does not change the total capacity of the SFS Turbo file system. If the SFS Turbo file system's total resource capacity is not enough, the available capacity of the subPath volume will be restricted. To fix this, you must increase the resource capacity of the SFS Turbo file system on the SFS Turbo console.
                                                                                                                                                                            Deleting the subPath volume does not result in the deletion of the resources of the SFS Turbo file system.
                                                                                                                                                                            
+
                                                                                                                                                                            Notes and Constraints
                                                                                                                                                                            • Only clusters of v1.15 or later are supported.
                                                                                                                                                                            • The cluster must use the everest add-on of version 1.1.13 or later.
                                                                                                                                                                            • Kata containers are not supported.
                                                                                                                                                                            • When the everest add-on earlier than 1.2.69 or 2.1.11 is used, a maximum of 10 PVCs can be created concurrently at a time by using the subdirectory function. everest of 1.2.69 or later or of 2.1.11 or later is recommended.
                                                                                                                                                                            • A subPath volume is a subdirectory of an SFS Turbo file system. Increasing the capacity of a PVC of this type only changes the resource range specified by the PVC, but does not change the total capacity of the SFS Turbo file system. If the SFS Turbo file system's total resource capacity is not enough, the available capacity of the subPath volume will be restricted. To fix this, you must increase the resource capacity of the SFS Turbo file system on the SFS Turbo console.
                                                                                                                                                                              Deleting the subPath volume does not result in the deletion of the resources of the SFS Turbo file system.
                                                                                                                                                                              
 
                                                                                                                                                                            
 
                                                                                                                                                                            
-
                                                                                                                                                                            Creating an SFS Turbo Volume of the subPath Type
                                                                                                                                                                            1. Create an SFS Turbo file system in the same VPC and subnet as the cluster.
                                                                                                                                                                            2. Create a YAML file of StorageClass, for example, sfsturbo-subpath-sc.yaml.
                                                                                                                                                                              The following is an example:
                                                                                                                                                                              
-
                                                                                                                                                                              apiVersion: storage.k8s.io/v1
+
                                                                                                                                                                              Creating an SFS Turbo Volume of the subPath Type
                                                                                                                                                                              1. Create an SFS Turbo file system in the same VPC and subnet as the cluster.
                                                                                                                                                                              2. Create a YAML file of StorageClass, for example, sfsturbo-subpath-sc.yaml.
                                                                                                                                                                                The following is an example:
                                                                                                                                                                                
+
                                                                                                                                                                                apiVersion: storage.k8s.io/v1
 allowVolumeExpansion: true
 kind: StorageClass
 metadata:
-  name: sfsturbo-subpath-sc
-mountOptions:
+  name: sfsturbo-subpath-sc # Storage class name
+mountOptions:  #Mount options
 - lock
 parameters:
   csi.storage.k8s.io/csi-driver-name: sfsturbo.csi.everest.io
@@ -21,27 +21,27 @@ parameters:
   everest.io/archive-on-delete: "true"
   everest.io/share-access-to: 7ca2dba2-1234-1234-1234-626371a8fb3a
   everest.io/share-expand-type: bandwidth
-  everest.io/share-export-location: 192.168.1.1:/sfsturbo/
+  everest.io/share-export-location: 192.168.1.1:/sfsturbo/  # Mount directory configuration
   everest.io/share-source: sfs-turbo
   everest.io/share-volume-type: STANDARD
   everest.io/volume-as: subpath
-  everest.io/volume-id: 0d773f2e-1234-1234-1234-de6a35074696
+  everest.io/volume-id: 0d773f2e-1234-1234-1234-de6a35074696  # ID of an SFS Turbo volume
 provisioner: everest-csi-provisioner
 reclaimPolicy: Delete
 volumeBindingMode: Immediate
                                                                                                                                                                                
-
                                                                                                                                                                                In this example:
                                                                                                                                                                                
-
                                                                                                                                                                                • name: indicates the name of the StorageClass.
                                                                                                                                                                                • mountOptions: indicates the mount options. This field is optional.
                                                                                                                                                                                  • In versions later than everest 1.1.13 and earlier than everest 1.2.8, only the nolock parameter can be configured. By default, the nolock parameter is used for the mount operation and does not need to be configured. If nolock is set to false, the lock field is used.
                                                                                                                                                                                  • Starting from everest 1.2.8, more mount options are supported. For details, see Configuring SFS Volume Mount Options. Do not set nolock to true. Otherwise, the mount operation will fail.
                                                                                                                                                                                    mountOptions:
+
                                                                                                                                                                                    In this example:
                                                                                                                                                                                    
+
                                                                                                                                                                                    • name: indicates the name of the StorageClass.
                                                                                                                                                                                    • mountOptions: indicates the mount options. This field is optional.
                                                                                                                                                                                      • In versions later than everest 1.1.13 and earlier than everest 1.2.8, only the nolock parameter can be configured. By default, the nolock parameter is used for the mount operation and does not need to be configured. If nolock is set to false, the lock field is used.
                                                                                                                                                                                      • Starting from everest 1.2.8, more mount options are supported. For details, see Configuring SFS Volume Mount Options. Do not set nolock to true. Otherwise, the mount operation will fail.
                                                                                                                                                                                        mountOptions:
 - vers=3
 - timeo=600
 - nolock
 - hard
                                                                                                                                                                                        
 
                                                                                                                                                                                      
-
                                                                                                                                                                                    • everest.io/volume-as: This parameter is set to subpath to use the subPath volume.
                                                                                                                                                                                    • everest.io/share-access-to: This parameter is optional. In a subPath volume, set this parameter to the ID of the VPC where the SFS Turbo file system is located.
                                                                                                                                                                                    • everest.io/share-expand-type: This parameter is optional. If the type of the SFS Turbo file system is SFS Turbo Standard – Enhanced or SFS Turbo Performance – Enhanced, set this parameter to bandwidth.
                                                                                                                                                                                    • everest.io/share-export-location: This parameter indicates the mount directory. It consists of the SFS Turbo shared path and sub-directory. The shared path can be obtained on the SFS Turbo console. The sub-directory is user-defined. The PVCs created using the StorageClass are located in this sub-directory.
                                                                                                                                                                                    • everest.io/share-volume-type: This parameter is optional. It specifies the SFS Turbo file system type. The value can be STANDARD or PERFORMANCE. For enhanced types, this parameter must be used together with everest.io/share-expand-type (whose value should be bandwidth).
                                                                                                                                                                                    • everest.io/zone: This parameter is optional. Set it to the AZ where the SFS Turbo file system is located.
                                                                                                                                                                                    • everest.io/volume-id: This parameter indicates the ID of the SFS Turbo volume. You can obtain the volume ID on the SFS Turbo page.
                                                                                                                                                                                    • everest.io/archive-on-delete: If this parameter is set to true and Delete is selected for Reclaim Policy, the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted. If this parameter is set to false, the SFS Turbo subdirectory of the corresponding PV will be deleted. The default value is true, indicating that the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted.
                                                                                                                                                                                    
-
                                                                                                                                                                              1. Run kubectl create -f sfsturbo-subpath-sc.yaml.
                                                                                                                                                                              2. Create a PVC YAML file named sfs-turbo-test.yaml.
                                                                                                                                                                                The following is an example:
                                                                                                                                                                                
-
                                                                                                                                                                                apiVersion: v1
+
                                                                                                                                                                              3. everest.io/volume-as: This parameter is set to subpath to use the subPath volume.
                                                                                                                                                                              4. everest.io/share-access-to: This parameter is optional. In a subPath volume, set this parameter to the ID of the VPC where the SFS Turbo file system is located.
                                                                                                                                                                              5. everest.io/share-expand-type: This parameter is optional. If the type of the SFS Turbo file system is SFS Turbo Standard – Enhanced or SFS Turbo Performance – Enhanced, set this parameter to bandwidth.
                                                                                                                                                                              6. everest.io/share-export-location: This parameter indicates the mount directory. It consists of the SFS Turbo shared path and sub-directory. The shared path can be obtained on the SFS Turbo console. The sub-directory is user-defined. The PVCs created using the StorageClass are located in this sub-directory.
                                                                                                                                                                              7. everest.io/share-volume-type: This parameter is optional. It specifies the SFS Turbo file system type. The value can be STANDARD or PERFORMANCE. For enhanced types, this parameter must be used together with everest.io/share-expand-type (whose value should be bandwidth).
                                                                                                                                                                              8. everest.io/zone: This parameter is optional. Set it to the AZ where the SFS Turbo file system is located.
                                                                                                                                                                              9. everest.io/volume-id: This parameter indicates the ID of the SFS Turbo volume. You can obtain the volume ID on the SFS Turbo page.
                                                                                                                                                                              10. everest.io/archive-on-delete: If this parameter is set to true and Delete is selected for Reclaim Policy, the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted. If this parameter is set to false, the SFS Turbo subdirectory of the corresponding PV will be deleted. The default value is true, indicating that the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted.
                                                                                                                                                                          
+
                                                                                                                                                                          1. Run kubectl create -f sfsturbo-subpath-sc.yaml.
                                                                                                                                                                          2. Create a PVC YAML file named sfs-turbo-test.yaml.
                                                                                                                                                                            The following is an example:
                                                                                                                                                                            
+
                                                                                                                                                                            apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: sfs-turbo-test
+  name: sfs-turbo-test  # PVC name
   namespace: default
 spec:
   accessModes:
@@ -49,18 +49,18 @@ spec:
   resources:
     requests:
       storage: 50Gi
-  storageClassName: sfsturbo-subpath-sc
+  storageClassName: sfsturbo-subpath-sc  # Storage class name
   volumeMode: Filesystem
                                                                                                                                                                            
-
                                                                                                                                                                            In this example:
                                                                                                                                                                            
-
                                                                                                                                                                            • name: indicates the name of the PVC.
                                                                                                                                                                            • storageClassName: specifies the name of the StorageClass.
                                                                                                                                                                            • storage: In a subPath volume, modifying the value of this parameter does not impact the resource capacity of the SFS Turbo file system. A subPath volume is essentially a file path within an SFS Turbo file system. As a result, increasing the capacity of the subPath volume in a PVC does not lead to an increase in the resources of the SFS Turbo file system.
                                                                                                                                                                               
                                                                                                                                                                              The capacity of a subPath volume is restricted by the overall resource capacity of the corresponding SFS Turbo file system. If the resources of the SFS Turbo file system are inadequate, you can adjust the resource capacity via the SFS Turbo console.
                                                                                                                                                                              
+
                                                                                                                                                                              In this example:
                                                                                                                                                                              
+
                                                                                                                                                                              • name: indicates the name of the PVC.
                                                                                                                                                                              • storageClassName: specifies the name of the StorageClass.
                                                                                                                                                                              • storage: In a subPath volume, modifying the value of this parameter does not impact the resource capacity of the SFS Turbo file system. A subPath volume is essentially a file path within an SFS Turbo file system. As a result, increasing the capacity of the subPath volume in a PVC does not lead to an increase in the resources of the SFS Turbo file system.
                                                                                                                                                                                 
                                                                                                                                                                                The capacity of a subPath volume is restricted by the overall resource capacity of the corresponding SFS Turbo file system. If the resources of the SFS Turbo file system are inadequate, you can adjust the resource capacity via the SFS Turbo console.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                              
-
                                                                                                                                                                          1. Run kubectl create -f sfs-turbo-test.yaml.
                                                                                                                                                                          
+
                                                                                                                                                                          1. Run kubectl create -f sfs-turbo-test.yaml.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Creating a Deployment and Mounting an Existing Volume
                                                                                                                                                                          1. Create a YAML file for the Deployment, for example, deployment-test.yaml.
                                                                                                                                                                            The following is an example:
                                                                                                                                                                            apiVersion: apps/v1
+
                                                                                                                                                                            Creating a Deployment and Mounting an Existing Volume
                                                                                                                                                                            1. Create a YAML file for the Deployment, for example, deployment-test.yaml.
                                                                                                                                                                              The following is an example:
                                                                                                                                                                              apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: test-turbo-subpath-example
+  name: test-turbo-subpath-example   # Name of the created workload
   namespace: default
   generation: 1
   labels:
@@ -76,10 +76,10 @@ spec:
         app: test-turbo-subpath-example 
     spec: 
       containers: 
-      - image: nginx:latest 
+      - image: nginx:latest  # Image of the workload
         name: container-0 
         volumeMounts: 
-        - mountPath: /tmp
+        - mountPath: /tmp   #Mount path in a container
           name: pvc-sfs-turbo-example 
       restartPolicy: Always 
       imagePullSecrets:
@@ -87,18 +87,18 @@ spec:
       volumes: 
       - name: pvc-sfs-turbo-example 
         persistentVolumeClaim: 
-          claimName: sfs-turbo-test
                                                                                                                                                                              
+          claimName: sfs-turbo-test   # Name of an existing PVC
                                                                                                                                                                            
 
                                                                                                                                                                            
-
                                                                                                                                                                            In this example:
                                                                                                                                                                            
-
                                                                                                                                                                            • name: indicates the name of the created workload.
                                                                                                                                                                            • image: specifies the image used by the workload.
                                                                                                                                                                            • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                            • claimName: indicates the name of an existing PVC.
                                                                                                                                                                            
-
                                                                                                                                                                          1. Create the Deployment.
                                                                                                                                                                            kubectl create -f deployment-test.yaml
                                                                                                                                                                            
+
                                                                                                                                                                            In this example:
                                                                                                                                                                            
+
                                                                                                                                                                            • name: indicates the name of the created workload.
                                                                                                                                                                            • image: specifies the image used by the workload.
                                                                                                                                                                            • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                            • claimName: indicates the name of an existing PVC.
                                                                                                                                                                            
+
                                                                                                                                                                          1. Create the Deployment.
                                                                                                                                                                            kubectl create -f deployment-test.yaml
                                                                                                                                                                            
 
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Dynamically Creating a subPath Volume for a StatefulSet
                                                                                                                                                                          1. Create a YAML file for a StatefulSet, for example, statefulset-test.yaml.
                                                                                                                                                                            The following is an example:
                                                                                                                                                                            
-
                                                                                                                                                                            apiVersion: apps/v1
+
                                                                                                                                                                            Dynamically Creating a subPath Volume for a StatefulSet
                                                                                                                                                                            1. Create a YAML file for a StatefulSet, for example, statefulset-test.yaml.
                                                                                                                                                                              The following is an example:
                                                                                                                                                                              
+
                                                                                                                                                                              apiVersion: apps/v1
 kind: StatefulSet
 metadata:
-  name: test-turbo-subpath
+  name: test-turbo-subpath # Name of the created workload
   namespace: default
   generation: 1
   labels:
@@ -117,12 +117,12 @@ spec:
         pod.alpha.kubernetes.io/initialized: 'true'
     spec:
       containers:
-        - name: container-0
-          image: 'nginx:latest'
+        - name: container-0  
+          image: 'nginx:latest'  # Image of the workload
           resources: {}
           volumeMounts:
             - name: sfs-turbo-160024548582479676
-              mountPath: /tmp
+              mountPath: /tmp  # Mount path in a container
           terminationMessagePath: /dev/termination-log
           terminationMessagePolicy: File
           imagePullPolicy: IfNotPresent
@@ -136,30 +136,30 @@ spec:
       schedulerName: default-scheduler
   volumeClaimTemplates:
     - metadata:
-        name: sfs-turbo-160024548582479676
+        name: sfs-turbo-160024548582479676 
         namespace: default
         annotations: {}
       spec:
         accessModes:
-          - ReadWriteOnce
+          - ReadWriteMany
         resources:
           requests:
             storage: 10Gi
-        storageClassName: sfsturbo-subpath-sc
+        storageClassName: sfsturbo-subpath-sc # Enter the name of a self-managed storage class.
   serviceName: wwww
   podManagementPolicy: OrderedReady
   updateStrategy:
     type: RollingUpdate
   revisionHistoryLimit: 10
                                                                                                                                                                              
-
                                                                                                                                                                              In this example:
                                                                                                                                                                              
-
                                                                                                                                                                              • name: indicates the name of the created workload.
                                                                                                                                                                              • image: specifies the image used by the workload.
                                                                                                                                                                              • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                              • spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name: must be consistent because they have a mapping relationship.
                                                                                                                                                                              • storageClassName: specifies the name of an on-premises StorageClass.
                                                                                                                                                                              
-
                                                                                                                                                                            1. Create the StatefulSet.
                                                                                                                                                                              kubectl create -f statefulset-test.yaml
                                                                                                                                                                              
+
                                                                                                                                                                              In this example:
                                                                                                                                                                              
+
                                                                                                                                                                              • name: indicates the name of the created workload.
                                                                                                                                                                              • image: specifies the image used by the workload.
                                                                                                                                                                              • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                              • spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name: must be consistent because they have a mapping relationship.
                                                                                                                                                                              • storageClassName: specifies the name of an on-premises StorageClass.
                                                                                                                                                                              
+
                                                                                                                                                                            1. Create the StatefulSet.
                                                                                                                                                                              kubectl create -f statefulset-test.yaml
                                                                                                                                                                              
 
                                                                                                                                                                            
 
                                                                                                                                                                            
 
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Parent topic: SFS Turbo
                                                                                                                                                                          
+
                                                                                                                                                                          Parent topic: Storage
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          
 
diff --git a/docs/cce/umn/cce_bestpractice_00254.html b/docs/cce/umn/cce_bestpractice_00254.html
index 4edf227e8..89caadc2c 100644
--- a/docs/cce/umn/cce_bestpractice_00254.html
+++ b/docs/cce/umn/cce_bestpractice_00254.html
@@ -9,13 +9,13 @@
 
                                                                                                                                                                          Solution
                                                                                                                                                                          When performing O&M on Kubernetes clusters, it is often necessary to switch between multiple clusters. The following shows some typical solutions for cluster switchover:
                                                                                                                                                                          
 
                                                                                                                                                                          • Solution 1: Specify --kubeconfig of kubectl to select the kubeconfig file used by each cluster and use aliases to simplify commands.
                                                                                                                                                                          • Solution 2: Combine clusters, users, and credentials in multiple kubeconfig files into one configuration file and run kubectl config use-context to switch clusters.
                                                                                                                                                                            Compared with solution 1, this solution requires manual configuration of the kubeconfig file, which is relatively complex.
                                                                                                                                                                            
 
                                                                                                                                                                          
-
                                                                                                                                                                          Figure 1 Using kubectl to connect to multiple clusters
                                                                                                                                                                          
+
                                                                                                                                                                          Figure 1 Using kubectl to connect to multiple clusters
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Prerequisites
                                                                                                                                                                          • You have a Linux VM with the kubectl command line tool installed. The kubectl version must match the cluster version. For details, see Install Tools.
                                                                                                                                                                          • The VM where kubectl is installed must be able to access the network of each cluster.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          kubeconfig File Structure
                                                                                                                                                                          kubeconfig is the configuration file of kubectl. You can download it on the cluster details page.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          
+
                                                                                                                                                                          
 
                                                                                                                                                                          The content of the kubeconfig file is as follows:
                                                                                                                                                                          
 
                                                                                                                                                                          {
     "kind": "Config",
diff --git a/docs/cce/umn/cce_bestpractice_00281.html b/docs/cce/umn/cce_bestpractice_00281.html
index fc4a36ce5..5c5673a14 100644
--- a/docs/cce/umn/cce_bestpractice_00281.html
+++ b/docs/cce/umn/cce_bestpractice_00281.html
@@ -21,7 +21,7 @@ spec:
 
                                                                                                                                                                          • Set storageClassName only, which is simpler than specifying the EVS disk type by using everest.io/disk-volume-type.
                                                                                                                                                                          • Avoid modifying YAML files or Helm charts. Some users switch from self-built or other Kubernetes services to CCE and have written YAML files of many applications. In these YAML files, different types of storage resources are specified by different StorageClassNames. When using CCE, they need to modify a large number of YAML files or Helm charts to use storage resources, which is labor-consuming and error-prone.
                                                                                                                                                                          • Set the default storageClassName for all applications to use the default storage class. In this way, you can create storage resources of the default type without needing to specify storageClassName in the YAML file.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Solution
                                                                                                                                                                          This section describes how to set a custom storage class in CCE and how to set the default storage class. You can specify different types of storage resources by setting storageClassName.
                                                                                                                                                                          
-
                                                                                                                                                                          • For the first scenario, you can define custom storageClassNames for SAS and SSD EVS disks. For example, define a storage class named csi-disk-sas for creating SAS disks. The following figure shows the differences before and after you use a custom storage class.
                                                                                                                                                                            
+
                                                                                                                                                                            • For the first scenario, you can define custom storageClassNames for SAS and SSD EVS disks. For example, define a storage class named csi-disk-sas for creating SAS disks. The following figure shows the differences before and after you use a custom storage class.
                                                                                                                                                                              
 
                                                                                                                                                                            • For the second scenario, you can define a storage class with the same name as that in the existing YAML file without needing to modify storageClassName in the YAML file.
                                                                                                                                                                            • For the third scenario, you can set the default storage class as described below to create storage resources without specifying storageClassName in YAML files.
                                                                                                                                                                              apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -43,7 +43,8 @@ csi-disk            everest-csi-provisioner         17d          # EVS disk
 csi-disk-topology   everest-csi-provisioner         17d          # EVS disks created with delay
 csi-nas             everest-csi-provisioner         17d          # SFS 1.0
 csi-obs             everest-csi-provisioner         17d          # OBS
-csi-sfsturbo        everest-csi-provisioner         17d          # SFS Turbo
                                                                                                                                                                              
+csi-sfsturbo        everest-csi-provisioner         17d          # SFS Turbo
+
 
                                                                                                                                                                              Each StorageClass contains the default parameters used for dynamically creating a PV. The following is an example of StorageClass for EVS disks:
                                                                                                                                                                              kind: StorageClass
 apiVersion: storage.k8s.io/v1
 metadata:
@@ -87,7 +88,7 @@ metadata:
 
                                                                                                                                                                          
 
                                                                                                                                                                          volumeBindingMode
                                                                                                                                                                          
 
                                                                                                                                                                          Specifies the volume binding mode, that is, the time when a PV is dynamically created. The value can be Immediate or WaitForFirstConsumer.
                                                                                                                                                                          
+
                                                                                                                                                                          Specifies the volume binding mode, which is the time when a PV is dynamically created. The value can be Immediate or WaitForFirstConsumer.
                                                                                                                                                                          
 
                                                                                                                                                                          • Immediate: After a PVC is created, the storage resources and PV will be created and associated with the PVC without delay.
                                                                                                                                                                          • WaitForFirstConsumer: After a PVC is created, it will not be immediately bound to a PV. Instead, the storage resources and PV will be generated and bound to the PVC only after the pod that requires the PVC is scheduled.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
 
 
                                                                                                                                                                          EVS
                                                                                                                                                                          
-
                                                                                                                                                                          
-
                                                                                                                                                                          
-
                                                                                                                                                                          
+
                                                                                                                                                                          EVS
                                                                                                                                                                          
 
                                                                                                                                                                          csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                          
+
                                                                                                                                                                          csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                          
 
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          Yes
                                                                                                                                                                          
 
                                                                                                                                                                          Driver type. If an EVS disk is used, the parameter value is fixed at disk.csi.everest.io.
                                                                                                                                                                          
+
                                                                                                                                                                          Driver type. If an EVS disk is used, the parameter value is fixed at disk.csi.everest.io.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          csi.storage.k8s.io/fstype
                                                                                                                                                                          
+
                                                                                                                                                                          EVS
                                                                                                                                                                          
 
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          csi.storage.k8s.io/fstype
                                                                                                                                                                          
 
                                                                                                                                                                          If an EVS disk is used, the parameter value can be ext4 or xfs.
                                                                                                                                                                          
-
                                                                                                                                                                          The restrictions on using xfs are as follows:
                                                                                                                                                                          • The nodes must run CentOS 7, HCE OS 2.0, or Ubuntu 22.04, and the Everest version in the cluster must be 2.3.2 or later.
                                                                                                                                                                          • Only common containers are supported.
                                                                                                                                                                          
+
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          If an EVS disk is used, the parameter value can be ext4 or xfs.
                                                                                                                                                                          
+
                                                                                                                                                                          The restrictions on using xfs are as follows:
                                                                                                                                                                          • The nodes must run CentOS 7, HCE OS 2.0, or Ubuntu 22.04, and the Everest version in the cluster must be 2.3.2 or later.
                                                                                                                                                                          • Only common containers are supported.
                                                                                                                                                                          
 
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          everest.io/disk-volume-type
                                                                                                                                                                          
+
                                                                                                                                                                          EVS
                                                                                                                                                                          
 
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          everest.io/disk-volume-type
                                                                                                                                                                          
 
                                                                                                                                                                          EVS disk type. All letters are in uppercase.
                                                                                                                                                                          • SATA: common I/O
                                                                                                                                                                          • SAS: high I/O
                                                                                                                                                                          • SSD: ultra-high I/O
                                                                                                                                                                          • GPSSD: general-purpose SSD
                                                                                                                                                                          • ESSD: extreme SSD
                                                                                                                                                                          
+
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          EVS disk type. All letters are in uppercase.
                                                                                                                                                                          • SATA: common I/O
                                                                                                                                                                          • SAS: high I/O
                                                                                                                                                                          • SSD: ultra-high I/O
                                                                                                                                                                          • GPSSD: general-purpose SSD
                                                                                                                                                                          • ESSD: extreme SSD
                                                                                                                                                                          
 
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          everest.io/passthrough
                                                                                                                                                                          
+
                                                                                                                                                                          EVS
                                                                                                                                                                          
 
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          everest.io/passthrough
                                                                                                                                                                          
 
                                                                                                                                                                          The parameter value is fixed at true, which indicates that the EVS device type is SCSI. Other parameter values are not allowed.
                                                                                                                                                                          
+
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          The parameter value is fixed at true, which indicates that the EVS device type is SCSI. No other parameter values are allowed.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          SFS
                                                                                                                                                                          
+
                                                                                                                                                                          SFS
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                          
 
                                                                                                                                                                          Driver type. If SFS is used, the parameter value is fixed at nas.csi.everest.io.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          csi.storage.k8s.io/fstype
                                                                                                                                                                          
+
                                                                                                                                                                          SFS
                                                                                                                                                                          
 
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          csi.storage.k8s.io/fstype
                                                                                                                                                                          
 
                                                                                                                                                                          If SFS is used, the value can be nfs.
                                                                                                                                                                          
+
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          If SFS is used, the value can be nfs.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          everest.io/share-access-level
                                                                                                                                                                          
+
                                                                                                                                                                          SFS
                                                                                                                                                                          
 
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          everest.io/share-access-level
                                                                                                                                                                          
 
                                                                                                                                                                          The parameter value is fixed at rw, indicating that the SFS data is readable and writable.
                                                                                                                                                                          
+
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          The parameter value is fixed at rw, indicating that the SFS data is readable and writable.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          everest.io/share-access-to
                                                                                                                                                                          
+
                                                                                                                                                                          SFS
                                                                                                                                                                          
 
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          everest.io/share-access-to
                                                                                                                                                                          
 
                                                                                                                                                                          VPC ID of the cluster.
                                                                                                                                                                          
+
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          VPC ID of the cluster.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          everest.io/share-is-public
                                                                                                                                                                          
+
                                                                                                                                                                          SFS
                                                                                                                                                                          
 
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          everest.io/share-is-public
                                                                                                                                                                          
 
                                                                                                                                                                          The parameter value is fixed at false, indicating that the file is shared to private.
                                                                                                                                                                          
+
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          The parameter value is fixed at false, indicating that the file is shared to private.
                                                                                                                                                                          
 
                                                                                                                                                                          When you use SFS 3.0, there is no need to configure this parameter.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          everest.io/sfs-version
                                                                                                                                                                          
+
                                                                                                                                                                          SFS
                                                                                                                                                                          
 
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          everest.io/sfs-version
                                                                                                                                                                          
 
                                                                                                                                                                          This parameter is only required for SFS 3.0 and its value is fixed at sfs3.0.
                                                                                                                                                                          
+
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          This parameter is only required for SFS 3.0 and its value is fixed at sfs3.0.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          SFS Turbo
                                                                                                                                                                          
+
                                                                                                                                                                          SFS Turbo
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                          
 
                                                                                                                                                                          Driver type. If SFS Turbo is used, the parameter value is fixed at sfsturbo.csi.everest.io.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          csi.storage.k8s.io/fstype
                                                                                                                                                                          
+
                                                                                                                                                                          SFS Turbo
                                                                                                                                                                          
 
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          csi.storage.k8s.io/fstype
                                                                                                                                                                          
 
                                                                                                                                                                          If SFS Turbo is used, the value can be nfs.
                                                                                                                                                                          
+
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          If SFS Turbo is used, the value can be nfs.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          everest.io/share-access-to
                                                                                                                                                                          
+
                                                                                                                                                                          SFS Turbo
                                                                                                                                                                          
 
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          everest.io/share-access-to
                                                                                                                                                                          
 
                                                                                                                                                                          VPC ID of the cluster.
                                                                                                                                                                          
+
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          VPC ID of the cluster.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          everest.io/share-expand-type
                                                                                                                                                                          
+
                                                                                                                                                                          SFS Turbo
                                                                                                                                                                          
 
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          everest.io/share-expand-type
                                                                                                                                                                          
 
                                                                                                                                                                          Extension type. The default value is bandwidth, indicating an enhanced file system. This parameter does not take effect.
                                                                                                                                                                          
+
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          Extension type. The default value is bandwidth, indicating an enhanced file system. This parameter does not take effect.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          everest.io/share-source
                                                                                                                                                                          
+
                                                                                                                                                                          SFS Turbo
                                                                                                                                                                          
 
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          everest.io/share-source
                                                                                                                                                                          
 
                                                                                                                                                                          The parameter value is fixed at sfs-turbo.
                                                                                                                                                                          
+
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          The parameter value is fixed at sfs-turbo.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          everest.io/share-volume-type
                                                                                                                                                                          
+
                                                                                                                                                                          SFS Turbo
                                                                                                                                                                          
 
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          everest.io/share-volume-type
                                                                                                                                                                          
 
                                                                                                                                                                          SFS Turbo StorageClass. The default value is STANDARD, indicating standard and standard enhanced editions. This parameter does not take effect.
                                                                                                                                                                          
+
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          SFS Turbo StorageClass. The default value is STANDARD, indicating standard and standard enhanced editions. This parameter does not take effect.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          OBS
                                                                                                                                                                          
+
                                                                                                                                                                          SFS Turbo
                                                                                                                                                                          
+
                                                                                                                                                                          everest.io/reclaim-policy
                                                                                                                                                                          
+
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          Whether to retain subdirectories when deleting a PVC. This parameter must be used with reclaim policies. This parameter is available only when the PV reclaim policy is Delete. Options:
                                                                                                                                                                          
+
                                                                                                                                                                          • retain-volume-only: If a PVC is deleted, the PV will be deleted, but its associated subdirectories will be retained.
                                                                                                                                                                          • delete: When a PVC is deleted, the associated PV and its subdirectories will also be deleted.
                                                                                                                                                                             NOTE: 
                                                                                                                                                                            When a subdirectory is deleted, only the absolute path of the subdirectory configured in the PVC will be deleted. The upper-layer directory will not be deleted.
                                                                                                                                                                            
+
                                                                                                                                                                            
+
                                                                                                                                                                          
+
                                                                                                                                                                          OBS
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                          
 
                                                                                                                                                                          Driver type. If OBS is used, the parameter value is fixed at obs.csi.everest.io.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          csi.storage.k8s.io/fstype
                                                                                                                                                                          
+
                                                                                                                                                                          OBS
                                                                                                                                                                          
 
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          csi.storage.k8s.io/fstype
                                                                                                                                                                          
 
                                                                                                                                                                          Instance type, which can be obsfs or s3fs.
                                                                                                                                                                          
+
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          Instance type, which can be obsfs or s3fs.
                                                                                                                                                                          
 
                                                                                                                                                                          • obsfs: a parallel file system
                                                                                                                                                                          • s3fs: object bucket
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          everest.io/obs-volume-type
                                                                                                                                                                          
+
                                                                                                                                                                          OBS
                                                                                                                                                                          
 
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          everest.io/obs-volume-type
                                                                                                                                                                          
 
                                                                                                                                                                          OBS StorageClass.
                                                                                                                                                                          
-
                                                                                                                                                                          • If fsType is set to s3fs, STANDARD (standard bucket) and WARM (infrequent access bucket) are supported.
                                                                                                                                                                          • This parameter is invalid when fsType is set to obsfs.
                                                                                                                                                                          
+
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          OBS StorageClass.
                                                                                                                                                                          
+
                                                                                                                                                                          • If fsType is set to s3fs, standard buckets (STANDARD) and infrequent access buckets (WARM) are supported.
                                                                                                                                                                          • This parameter is invalid when fsType is set to obsfs.
                                                                                                                                                                          
+
                                                                                                                                                                          Local PV
                                                                                                                                                                          
+
                                                                                                                                                                          csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                          
+
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          Driver type. If a local PV is used, the parameter value is fixed at local.csi.everest.io.
                                                                                                                                                                          
+
                                                                                                                                                                          Local PV
                                                                                                                                                                          
+
                                                                                                                                                                          csi.storage.k8s.io/fstype
                                                                                                                                                                          
+
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          File system type. The value can only be ext4.
                                                                                                                                                                          
+
                                                                                                                                                                          Local PV
                                                                                                                                                                          
+
                                                                                                                                                                          volume-type
                                                                                                                                                                          
+
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          Volume type. The value can only be persistent.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
                                                                                                                                                                           
 
 
 
 
 
                                                                                                                                                                          PersistentVolumes (PVs) mounted to containers
                                                                                                                                                                          
 
                                                                                                                                                                          Due to restrictions of the Restic tool, migration is not supported for the hostPath storage volume. For details about how to solve the problem, see Storage Volumes of the HostPath Type Cannot Be Backed Up.
                                                                                                                                                                          
+
                                                                                                                                                                          Due to restrictions of the restic tool, migration is not supported for the hostPath storage volume. For details about how to solve the problem, see Storage Volumes of the HostPath Type Cannot Be Backed Up.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
 
                                                                                                                                                                          Resources outside a cluster
                                                                                                                                                                          
@@ -53,16 +53,16 @@
 
 
 
                                                                                                                                                                          Figure 1 shows the migration process. You can migrate resources outside a cluster as required.
                                                                                                                                                                          
-
                                                                                                                                                                          Figure 1 Migration solution diagram
                                                                                                                                                                          
+
                                                                                                                                                                          Figure 1 Migration solution diagram
                                                                                                                                                                          
 
-
                                                                                                                                                                          Migration Process
                                                                                                                                                                          
+
                                                                                                                                                                          Migration Process
                                                                                                                                                                          
 
                                                                                                                                                                          The cluster migration process is as follows:
                                                                                                                                                                          
-
                                                                                                                                                                          1. Plan resources for the target cluster.
                                                                                                                                                                            For details about the differences between CCE clusters and on-premises clusters, see Key Performance Parameter in Planning Resources for the Target Cluster. Plan resources as required and ensure that the performance configuration of the target cluster is the same as that of the source cluster.
                                                                                                                                                                            
+
                                                                                                                                                                            1. Plan resources for the target cluster.
                                                                                                                                                                              For details about the differences between CCE clusters and on-premises clusters, see Key Performance Parameter in Resource Planning for the Target Cluster. Plan resources as required and ensure that the performance configuration of the target cluster is the same as that of the source cluster.
                                                                                                                                                                              
 
                                                                                                                                                                            2. Migrate resources outside a cluster.
                                                                                                                                                                              To migrate resources outside the cluster, see Migrating Resources Outside a Cluster.
                                                                                                                                                                              
 
                                                                                                                                                                            3. Install the migration tool.
                                                                                                                                                                              After resources outside a cluster are migrated, you can use a migration tool to back up and restore application configurations in the source and target clusters. For details about how to install the tool, see Installing the Migration Tool.
                                                                                                                                                                              
 
                                                                                                                                                                            4. Migrate resources in the cluster.
                                                                                                                                                                              Use Velero to back up resources in the source cluster to OBS and restore the resources in the target cluster. For details, see Migrating Resources in a Cluster.
                                                                                                                                                                              
-
                                                                                                                                                                              • Backing Up Applications in the Source Cluster
                                                                                                                                                                                To back up resources, use the Velero tool to create a backup object in the original cluster, query and back up cluster data and resources, package the data, and upload the package to the object storage that is compatible with the S3 protocol. Cluster resources are stored in the JSON format.
                                                                                                                                                                                
-
                                                                                                                                                                              • Restoring Applications in the Target Cluster
                                                                                                                                                                                During restoration in the target cluster, Velero specifies the temporary object bucket that stores the backup data, downloads the backup data to the new cluster, and redeploys resources based on the JSON file.
                                                                                                                                                                                
+
                                                                                                                                                                                • Backing Up an Application in the Source Cluster
                                                                                                                                                                                  To back up resources, use the Velero tool to create a backup object in the original cluster, query and back up cluster data and resources, package the data, and upload the package to the object storage that is compatible with the S3 protocol. Cluster resources are stored in the JSON format.
                                                                                                                                                                                  
+
                                                                                                                                                                                • Restoring the Application in the Target Cluster
                                                                                                                                                                                  During restoration in the target cluster, Velero specifies the temporary object bucket that stores the backup data, downloads the backup data to the new cluster, and redeploys resources based on the JSON file.
                                                                                                                                                                                  
 
                                                                                                                                                                                
 
                                                                                                                                                                              • Update resources accordingly.
                                                                                                                                                                                After the migration, cluster resources may fail to be deployed. Update the faulty resources. The possible adaptation problems are as follows:
                                                                                                                                                                                
 
diff --git a/docs/cce/umn/cce_bestpractice_0310.html b/docs/cce/umn/cce_bestpractice_0310.html
index 6583352f5..7c478ccdc 100644
--- a/docs/cce/umn/cce_bestpractice_0310.html
+++ b/docs/cce/umn/cce_bestpractice_0310.html
@@ -1,43 +1,43 @@
 
 
 
                                                                                                                                                                                Installing the Migration Tool
                                                                                                                                                                                
-
                                                                                                                                                                                Velero is an open-source backup and migration tool for Kubernetes clusters. With Restic's PV data backup capability integrated into it, Velero can back up Kubernetes resource objects (such as Deployments, jobs, Services, and ConfigMaps) in source clusters and data in PVs mounted to pods and uploaded them to object storage. When a disaster occurs or migration is required, a target cluster can obtain the corresponding backup data from the object storage using Velero and restore cluster resources as required.
                                                                                                                                                                                
-
                                                                                                                                                                                According to Migration Solution, prepare temporary object storage to store backup files before the migration. Velero supports OBS or MinIO as the object storage. The object storage requires sufficient storage space for storing backup files. You can estimate the storage space based on your cluster scale and data volume. OBS buckets are recommended for data backup. For details about how to deploy Velero, see Installing Velero.
                                                                                                                                                                                
-
                                                                                                                                                                                Prerequisites
                                                                                                                                                                                • The Kubernetes version of the source on-premises cluster must be 1.10 or later, and the cluster can use DNS and Internet services properly.
                                                                                                                                                                                • If you use OBS to store backup files, obtain the AK/SK of a user who has the right to operate OBS. For details, see Access Keys.
                                                                                                                                                                                • If you use MinIO to store backup files, bind an EIP to the server where MinIO is installed and enable the API and console port of MinIO in the security group.
                                                                                                                                                                                • The target CCE cluster has been created.
                                                                                                                                                                                • The source cluster and target cluster must each have at least one idle node. It is recommended that the node specifications be 4 vCPUs and 8 GiB memory or higher.
                                                                                                                                                                                
+
                                                                                                                                                                                Velero is an open source backup and migration tool for Kubernetes clusters. With restic's PV data backup capabilities, Velero can back up Kubernetes resource objects (such as Deployments, jobs, Services, and ConfigMaps) in the source cluster and data in PVs mounted to pods and uploaded them to object storage. If a disaster occurs or migration is required, the target cluster can obtain the corresponding backup data from the object storage using Velero and restore cluster resources as required.
                                                                                                                                                                                
+
                                                                                                                                                                                According to Migration Solution, prepare temporary object storage to store backup files before the migration. Velero supports OBS and MinIO as the object storage. The object storage requires sufficient storage space for storing backup files. You can estimate the storage space based on your cluster scale and data volume. OBS buckets are recommended for data backup. For details about how to deploy Velero, see Installing Velero.
                                                                                                                                                                                
+
                                                                                                                                                                                Prerequisites
                                                                                                                                                                                • The Kubernetes version of the source on-premises cluster must be 1.10 or later, and the cluster can use DNS and Internet services properly.
                                                                                                                                                                                • If you are using OBS to store backup files, you must obtain the AK/SK of a user who has the right to operate OBS. For details, see Access Keys.
                                                                                                                                                                                • If you are using MinIO to store backup files, you must bind an EIP to the server where MinIO is installed and enable the API and console port of MinIO in the security group.
                                                                                                                                                                                • The target CCE cluster has been created.
                                                                                                                                                                                • The source cluster and target cluster must each have at least one idle node. It is recommended that the node specifications be 4 vCPUs and 8 GiB memory or higher.
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                (Optional) Installing MinIO
                                                                                                                                                                                MinIO is an open-source, high-performance object storage tool compatible with the S3 API protocol. If MinIO is used to store backup files for cluster migration, you need a temporary server to deploy MinIO and provide services for external systems. If you use OBS to store backup files, skip this section and go to Installing Velero.
                                                                                                                                                                                
+
                                                                                                                                                                                (Optional) Installing MinIO
                                                                                                                                                                                MinIO is an open source, high-performance object storage tool compatible with the S3 API protocol. If MinIO is used to store backup files for cluster migration, you need a temporary server to deploy MinIO and provide services for external systems. If you are using OBS to store backup files, you can skip this section and go to Installing Velero.
                                                                                                                                                                                
 
                                                                                                                                                                                MinIO can be installed in any of the following locations:
                                                                                                                                                                                
-
                                                                                                                                                                                • Temporary ECS outside the cluster
                                                                                                                                                                                  If the MinIO server is installed outside the cluster, backup files will not be affected when a catastrophic fault occurs in the cluster.
                                                                                                                                                                                  
-
                                                                                                                                                                                • Idle nodes in the cluster
                                                                                                                                                                                  You can remotely log in to a node to install MinIO or install the containerized MinIO. For details, see Velero official document.
                                                                                                                                                                                   
                                                                                                                                                                                  For example, to install MinIO in a container, run the following command:
                                                                                                                                                                                  
-
                                                                                                                                                                                  • The storage type in the YAML file provided by Velero is emptyDir. You are advised to change the storage type to HostPath or Local. Otherwise, backup files will be permanently lost after the container is restarted.
                                                                                                                                                                                  • Ensure that the MinIO service is accessible externally. Otherwise, backup files cannot be downloaded outside the cluster. You can change the Service type to NodePort or use other types of public network access Services.
                                                                                                                                                                                  
+
                                                                                                                                                                                  • A temporary ECS outside a cluster
                                                                                                                                                                                    If the MinIO server is installed outside the cluster, backup files will not be affected when a catastrophic fault occurs in the cluster.
                                                                                                                                                                                    
+
                                                                                                                                                                                  • An idle node in a cluster
                                                                                                                                                                                    You can remotely log in to a node and install MinIO or the containerized MinIO. For details, see Velero official document.
                                                                                                                                                                                     
                                                                                                                                                                                    To containerize MinIO, do as follows:
                                                                                                                                                                                    
+
                                                                                                                                                                                    • Change the storage type (emptyDir) in the YAML file provided by Velero to hostPath or local. Otherwise, backup files will be permanently lost after the containerized MinIO is restarted.
                                                                                                                                                                                    • Change the Service type to NodePort or use other types of Services that support public network access to ensure that MinIO can be accessed by external networks. Otherwise, backup files cannot be downloaded outside the cluster.
                                                                                                                                                                                    
 
                                                                                                                                                                                    
 
                                                                                                                                                                                    
 
                                                                                                                                                                                  
-
                                                                                                                                                                                  Regardless of which deployment method is used, the server where MinIO is installed must have sufficient storage space, an EIP must be bound to the server, and the MinIO service port must be enabled in the security group. Otherwise, backup files cannot be uploaded or downloaded.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Regardless of which deployment method is used, the server where MinIO is installed must have sufficient storage space, an EIP must be bound to the server, and the MinIO service port must be enabled in the security group. Otherwise, backup files cannot be uploaded or downloaded.
                                                                                                                                                                                  
 
                                                                                                                                                                                  In this example, MinIO is installed on a temporary ECS outside the cluster.
                                                                                                                                                                                  
 
                                                                                                                                                                                  1. Download MinIO.
                                                                                                                                                                                    mkdir /opt/minio
 mkdir /opt/miniodata
 cd /opt/minio
 wget https://dl.minio.io/server/minio/release/linux-amd64/minio
 chmod +x minio
                                                                                                                                                                                    
-
                                                                                                                                                                                  2. Set the username and password of MinIO.
                                                                                                                                                                                    The username and password set using this method are temporary environment variables and must be reset after the service is restarted. Otherwise, the default root credential minioadmin:minioadmin will be used to create the service.
                                                                                                                                                                                    export MINIO_ROOT_USER=minio
+
                                                                                                                                                                                  3. Configure the username and password of MinIO.
                                                                                                                                                                                    The username and password configured using this method are temporary environment variables and must be reset after the service is restarted. Otherwise, the default root credential minioadmin:minioadmin will be used to create the service.
                                                                                                                                                                                    export MINIO_ROOT_USER=minio
 export MINIO_ROOT_PASSWORD=minio123
                                                                                                                                                                                    
 
                                                                                                                                                                                    
 
                                                                                                                                                                                  4. Create a service. In the command, /opt/miniodata/ indicates the local disk path for MinIO to store data.
                                                                                                                                                                                    The default API port of MinIO is 9000, and the console port is randomly generated. You can use the --console-address parameter to specify a console port.
                                                                                                                                                                                    ./minio server /opt/miniodata/ --console-address ":30840" &
                                                                                                                                                                                    
-
                                                                                                                                                                                     
                                                                                                                                                                                    Enable the API and console ports in the firewall and security group on the server where MinIO is to be installed. Otherwise, access to the object bucket will fail.
                                                                                                                                                                                    
+
                                                                                                                                                                                     
                                                                                                                                                                                    To access the object storage buckets, make sure to enable the API and console ports in the firewall and security group on the server with MinIO installed.
                                                                                                                                                                                    
 
                                                                                                                                                                                    
 
                                                                                                                                                                                    
-
                                                                                                                                                                                  5. Use a browser to access http://{EIP of the node where MinIO resides}:30840. The MinIO console page is displayed.
                                                                                                                                                                                  
+
                                                                                                                                                                                • Use a browser to access http://{EIP of the node where MinIO resides}:30840. The MinIO console is displayed.
                                                                                                                                                                            
 
                                                                                                                                                                          
-
                                                                                                                                                                          Installing Velero
                                                                                                                                                                          Go to the OBS console or MinIO console and create a bucket named velero to store backup files. You can custom the bucket name, which must be used when installing Velero. Otherwise, the bucket cannot be accessed and the backup fails. For details, see 5.
                                                                                                                                                                          
-
                                                                                                                                                                           
                                                                                                                                                                          • Velero instances need to be installed and deployed in both the source and target clusters. The installation procedures are the same, which are used for backup and restoration, respectively.
                                                                                                                                                                          • The master node of a CCE cluster does not provide a port for remote login. You can install Velero using kubectl.
                                                                                                                                                                          • If there are a large number of resources to back up, you are advised to adjust the CPU and memory resources of Velero and node-agent to 1 vCPU and 1 GiB memory or higher. For details, see Backup Tool Resources Are Insufficient.
                                                                                                                                                                          • The object storage bucket for storing backup files must be empty.
                                                                                                                                                                          
+
                                                                                                                                                                          Installing Velero
                                                                                                                                                                          You need to first go to the OBS console or MinIO console and create a bucket named velero for storing backup files. The bucket name can be a custom one, which must be specified when installing Velero. Otherwise, the bucket cannot be accessed and the backup will fail. For details, see 5.
                                                                                                                                                                          
+
                                                                                                                                                                           
                                                                                                                                                                          • Velero instances need to be installed and deployed in both the source and target clusters and are used for backup and restoration, respectively. The installation procedures are the same.
                                                                                                                                                                          • The master node of a CCE cluster does not support remote login ports. You can use kubectl to install Velero.
                                                                                                                                                                          • If there are a large number of resources to back up, you are advised to adjust the CPU and memory resources of Velero and node-agent to 1 vCPU and 1 GiB of memory or higher. For details, see Backup Tool Resources Are Insufficient.
                                                                                                                                                                          • The object storage bucket for storing backup files must be empty.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Download the latest, stable binary file from https://github.com/vmware-tanzu/velero/releases. This section uses Velero 1.13.1 as an example. The installation process in the source cluster is the same as that in the target cluster.
                                                                                                                                                                          
+
                                                                                                                                                                          Then, you can download the latest, stable binary file from https://github.com/vmware-tanzu/velero/releases. The following uses Velero 1.13.1 as an example. The process of installing Velero in the source cluster is identical to the target cluster.
                                                                                                                                                                          
 
                                                                                                                                                                          1. Log in to a VM that can access the public network and use kubectl to access the cluster where Velero is to be installed.
                                                                                                                                                                          2. Download the binary file of Velero 1.13.1.
                                                                                                                                                                            wget https://github.com/vmware-tanzu/velero/releases/download/v1.13.1/velero-v1.13.1-linux-amd64.tar.gz
                                                                                                                                                                            
 
                                                                                                                                                                          3. Install the Velero client.
                                                                                                                                                                            tar -xvf velero-v1.13.1-linux-amd64.tar.gz
 cp ./velero-v1.13.1-linux-amd64/velero /usr/local/bin
                                                                                                                                                                            
 
                                                                                                                                                                          4. Create the access key file credentials-velero for the backup object storage.
                                                                                                                                                                            vim credentials-velero
                                                                                                                                                                            
-
                                                                                                                                                                            Replace the AK/SK in the file based on the site requirements. If MinIO is used, the AK/SK are the username and password created in 2.
                                                                                                                                                                            [default]
+
                                                                                                                                                                            Replace the AK/SK in the file as required. If MinIO is used, the AK/SK are the username and password created in 2.
                                                                                                                                                                            [default]
 aws_access_key_id = {AK}
 aws_secret_access_key = {SK}
                                                                                                                                                                            
 
                                                                                                                                                                            
@@ -73,7 +73,7 @@ aws_secret_access_key = {SK}
                                                                                                                                                                            
 
                                                                                                                                                                          
 
                                                                                                                                                                          --secret-file
                                                                                                                                                                          
 
                                                                                                                                                                          Secret file for accessing the object storage, that is, the credentials-velero file created in 4.
                                                                                                                                                                          
+
                                                                                                                                                                          Secret file for accessing the object storage, which is, the credentials-velero file created in 4.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
 
                                                                                                                                                                          --use-node-agent
                                                                                                                                                                          
@@ -83,7 +83,7 @@ aws_secret_access_key = {SK}
 
                                                                                                                                                                          
 
                                                                                                                                                                          --use-volume-snapshots
                                                                                                                                                                          
 
                                                                                                                                                                          Whether to create the VolumeSnapshotLocation object for PV snapshot, which requires support from the snapshot program. Set this parameter to false.
                                                                                                                                                                          
+
                                                                                                                                                                          Whether to create a VolumeSnapshotLocation object for PV snapshot, which requires support from the snapshot program. Set this parameter to false.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
 
                                                                                                                                                                          --backup-location-config
                                                                                                                                                                          
@@ -94,18 +94,18 @@ aws_secret_access_key = {SK}
 
                                                                                                                                                                          region
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          Region to which object storage bucket belongs.
                                                                                                                                                                          
-
                                                                                                                                                                          • If OBS is used, set this parameter according to your region, for example, eu-de.
                                                                                                                                                                          • If MinIO is used, set this parameter to minio.
                                                                                                                                                                          
+
                                                                                                                                                                          • If OBS is used, configure this parameter based on the actual situation, for example, eu-de.
                                                                                                                                                                          • If MinIO is used, set this parameter to minio.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
 
                                                                                                                                                                          s3ForcePathStyle
                                                                                                                                                                          
 
                                                                                                                                                                          The value true indicates that the S3 file path format is used.
                                                                                                                                                                          
+
                                                                                                                                                                          The value true indicates that the S3 file path format is used.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
 
                                                                                                                                                                          s3Url
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          API access address of the object storage bucket.
                                                                                                                                                                          
-
                                                                                                                                                                          • If OBS is used, set this parameter to http://obs.{region}.otc.t-systems.com (region indicates the region where the object storage bucket is located). For example, if the region is eu-de, the parameter value is http://obs.eu-de.otc.t-systems.com.
                                                                                                                                                                          • If MinIO is used, set this parameter to http://{EIP of the node where minio is located}:9000. The value of this parameter is determined based on the IP address and port of the node where MinIO is installed.
                                                                                                                                                                             NOTE: 
                                                                                                                                                                            • The access port in s3Url must be set to the API port of MinIO instead of the console port. The default API port of MinIO is 9000.
                                                                                                                                                                            • To access MinIO installed outside the cluster, enter the public IP address of MinIO.
                                                                                                                                                                            
+
                                                                                                                                                                            • If OBS is used, set this parameter to http://obs.{region}.otc.t-systems.com. The value of this parameter is determined based on the region where the object storage bucket is located. For example, if the region is eu-de, the parameter value is http://obs.eu-de.otc.t-systems.com.
                                                                                                                                                                            • If MinIO is used, set this parameter to http://{EIP of the node where minio is located}:9000. The value of this parameter is determined based on the IP address and port of the node where MinIO is installed.
                                                                                                                                                                               NOTE: 
                                                                                                                                                                              • The access port in s3Url must be set to the API port of MinIO instead of the console port. The default API port of MinIO is 9000.
                                                                                                                                                                              • To access MinIO installed outside the cluster, enter the public IP address of MinIO.
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                            
 
                                                                                                                                                                          		
 
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                        • By default, a namespace named velero is created for the Velero instance. Run the following command to view the pod status:
                                                                                                                                                                          $ kubectl get pod -n velero
+
                                                                                                                                                                        • View the pod status: (By default, a namespace named velero is created for the Velero instance.)
                                                                                                                                                                          $ kubectl get pod -n velero
 NAME                   READY   STATUS    RESTARTS   AGE
 node-agent-rn29c       1/1     Running   0          16s
 velero-c9ddd56-tkzpk   1/1     Running   0          16s
                                                                                                                                                                          
 
                                                                                                                                                                           
                                                                                                                                                                          To prevent memory insufficiency during backup in the actual production environment, you are advised to change the CPU and memory allocated to node-agent and Velero by referring to Backup Tool Resources Are Insufficient.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                        • Check the interconnection between Velero and the object storage and ensure that the status is Available.
                                                                                                                                                                          $ velero backup-location get
+
                                                                                                                                                                        • Check the interconnection between Velero and the object storage and ensure that the status is Available.
                                                                                                                                                                          $ velero backup-location get
 NAME      PROVIDER   BUCKET/PREFIX   PHASE       LAST VALIDATED                  ACCESS MODE   DEFAULT
 default   aws        velero          Available   2021-10-22 15:21:12 +0800 CST   ReadWrite     true
                                                                                                                                                                          
 
                                                                                                                                                                          • 
diff --git a/docs/cce/umn/cce_bestpractice_0312.html b/docs/cce/umn/cce_bestpractice_0312.html
index 2c76f6408..5e65387fe 100644
--- a/docs/cce/umn/cce_bestpractice_0312.html
+++ b/docs/cce/umn/cce_bestpractice_0312.html
@@ -101,7 +101,7 @@ volumeBindingMode: Immediate
 
                                                                                                                                                                        
 
                                                                                                                                                                         
                                                                                                                                                                        • SFS Turbo file systems cannot be directly created using StorageClass. Go to the SFS Turbo console to create SFS Turbo file systems that belong to the same VPC subnet and have inbound ports (111, 445, 2049, 2051, 2052, and 20048) enabled in the security group.
                                                                                                                                                                        • CCE does not support EVS disks of the ReadWriteMany type. If resources of this type exist in the source cluster, change the storage type to ReadWriteOnce.
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                      • Restore the cluster application by referring to Restoring Applications in the Target Cluster and check whether the PVC is successfully created.
                                                                                                                                                                        kubectl get pvc
                                                                                                                                                                        
+
                                                                                                                                                                      • Restore the cluster application by referring to Restoring the Application in the Target Cluster and check whether the PVC is successfully created.
                                                                                                                                                                        kubectl get pvc
                                                                                                                                                                        
 
                                                                                                                                                                        In the command output, the VOLUME column indicates the name of the PV automatically created using the storage class.
                                                                                                                                                                        NAME   STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
 pvc    Bound    pvc-4c8e655a-1dbc-4897-ae6c-446b502f5e77   5Gi        RWX            local          13s
                                                                                                                                                                        
 
                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_bestpractice_0313.html b/docs/cce/umn/cce_bestpractice_0313.html
index 90f7c4a53..862f82063 100644
--- a/docs/cce/umn/cce_bestpractice_0313.html
+++ b/docs/cce/umn/cce_bestpractice_0313.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                        Performing Additional Tasks
                                                                                                                                                                        
 
                                                                                                                                                                        Verifying Application Functions
                                                                                                                                                                        Cluster migration involves full migration of application data, which may cause intra-application adaptation problems. In this example, after the cluster is migrated, the redirection link of the article published in WordPress is still the original domain name. If you click the article title, you will be redirected to the application in the source cluster. Therefore, search for the original domain name in WordPress and replace it with the new domain name, change the values of site_url and primary URL in the database. For details, see Changing The Site URL.
                                                                                                                                                                        
 
                                                                                                                                                                        Access the new address of the WordPress application. If the article published before the migration is displayed, the data of the persistent volume is successfully restored.
                                                                                                                                                                        
-
                                                                                                                                                                        
+
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        Switching Live Traffic to the Target Cluster
                                                                                                                                                                        O&M personnel switch DNS to direct live traffic to the target cluster.
                                                                                                                                                                        
 
                                                                                                                                                                        • DNS traffic switching: Adjust the DNS configuration to switch traffic.
                                                                                                                                                                        • Client traffic switching: Upgrade the client code or update the configuration to switch traffic.
                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_bestpractice_0314.html b/docs/cce/umn/cce_bestpractice_0314.html
index 1f9f9203e..6f83b4783 100644
--- a/docs/cce/umn/cce_bestpractice_0314.html
+++ b/docs/cce/umn/cce_bestpractice_0314.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                        Troubleshooting
                                                                                                                                                                        
-
                                                                                                                                                                        Storage Volumes of the HostPath Type Cannot Be Backed Up
                                                                                                                                                                        Both HostPath and Local volumes are local storage volumes. However, the Restic tool integrated in Velero cannot back up the PVs of the HostPath type and supports only the Local type. Therefore, you need to replace the storage volumes of the HostPath type with the Local type in the source cluster.
                                                                                                                                                                        
+
                                                                                                                                                                        Storage Volumes of the HostPath Type Cannot Be Backed Up
                                                                                                                                                                        Both hostPath and local volumes are local storage volumes. However, restic, which is integrated into Velero, cannot back up hostPath PVs. It only supports the local type. So, you need to replace the storage volumes of the hostPath type with the local type in the source cluster.
                                                                                                                                                                        
 
                                                                                                                                                                         
                                                                                                                                                                        It is recommended that Local volumes be used in Kubernetes v1.10 or later and can only be statically created. For details, see local.
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        1. Create a storage class for the Local volume.
                                                                                                                                                                          Example YAML:
                                                                                                                                                                          apiVersion: storage.k8s.io/v1
@@ -39,9 +39,9 @@ spec:
 mysql-pv   5Gi        RWO            Delete           Available                       local                   3s
                                                                                                                                                                          
 
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        Backup Tool Resources Are Insufficient
                                                                                                                                                                        In the production environment, if there are many backup resources, for example, the default resource size of the backup tool is used, the resources may be insufficient. In this case, perform the following steps to adjust the CPU and memory size allocated to the Velero and Restic:
                                                                                                                                                                        
+
                                                                                                                                                                        Backup Tool Resources Are Insufficient
                                                                                                                                                                        In a production environment with numerous resources to be backed up, using the backup tool with the default resource size may lead to insufficient resources. In such case, take the following steps to adjust the CPU and memory resources of Velero and restic:
                                                                                                                                                                        
 
                                                                                                                                                                        Before installing Velero:
                                                                                                                                                                        
-
                                                                                                                                                                        You can specify the size of resources used by Velero and Restic when installing Velero.
                                                                                                                                                                        
+
                                                                                                                                                                        You can specify the size of resources used by Velero and restic when installing Velero.
                                                                                                                                                                        
 
                                                                                                                                                                        The following is an example of installation parameters:
                                                                                                                                                                        
 
                                                                                                                                                                        velero install \
    --velero-pod-cpu-request 500m \
@@ -56,7 +56,7 @@ mysql-pv   5Gi        RWO            Delete           Available
 
                                                                                                                                                                        After Velero is installed:
                                                                                                                                                                        
 
                                                                                                                                                                        1. Edit the YAML files of the Velero and node-agent workloads in the velero namespace.
                                                                                                                                                                          kubectl edit deploy velero -n velero
 kubectl edit ds node-agent -n velero
                                                                                                                                                                          
-
                                                                                                                                                                        2. Modify the resource size under the resources field. The modification is the same for the Velero and Restic workloads, as shown in the following:
                                                                                                                                                                          resources:
+
                                                                                                                                                                        3. Modify the resource size under the resources field. The modification is the same for the Velero and restic workloads, as shown in the following:
                                                                                                                                                                          resources:
   limits:
     cpu: "1"
     memory: 1Gi
diff --git a/docs/cce/umn/cce_bestpractice_0324.html b/docs/cce/umn/cce_bestpractice_0324.html
index d66fab20b..e3cef0970 100644
--- a/docs/cce/umn/cce_bestpractice_0324.html
+++ b/docs/cce/umn/cce_bestpractice_0324.html
@@ -2,16 +2,16 @@
 
 
                                                                                                                                                                          Interconnecting GitLab with SWR and CCE for CI/CD
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Background
                                                                                                                                                                          GitLab is an open-source version management system developed with Ruby on Rails for Git project repository management. It supports web-based access to public and private projects. Similar to GitHub, GitLab allows you to browse source code, manage bugs and comments, and control team member access to repositories. You will find it very easy to view committed versions and file history database. Team members can communicate with each other using the built-in chat program (Wall).
                                                                                                                                                                          
+
                                                                                                                                                                          Background
                                                                                                                                                                          GitLab is an open source version management system developed with Ruby on Rails for Git project repository management. It supports web-based access to public and private projects. Similar to GitHub, GitLab allows you to browse source code, manage bugs and comments, and control team member access to repositories. You will find it very easy to view committed versions and file history database. Team members can communicate with each other using the built-in chat program (Wall).
                                                                                                                                                                          
 
                                                                                                                                                                          GitLab provides powerful CI/CD functions and is widely used in software development.
                                                                                                                                                                          
-
                                                                                                                                                                          Figure 1 GitLab CI/CD process
                                                                                                                                                                          
+
                                                                                                                                                                          Figure 1 GitLab CI/CD process
                                                                                                                                                                          
 
                                                                                                                                                                          This section describes how to interconnect GitLab with SWR and CCE for CI/CD.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Preparations
                                                                                                                                                                          1. Create a CCE cluster and a node and bind an EIP to the node for downloading an image during GitLab Runner installation.
                                                                                                                                                                          2. Download and configure kubectl to connect to the cluster.
                                                                                                                                                                            
 
                                                                                                                                                                          3. Install Helm 3.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Installing GitLab Runner
                                                                                                                                                                          Log in to GitLab, choose Settings > CI/CD in the project view, click Expand next to Runners, and search for the GitLab Runner registration URL and token.
                                                                                                                                                                          
-
                                                                                                                                                                          
+
                                                                                                                                                                          
 
                                                                                                                                                                          Create the values.yaml file and fill in the following information:
                                                                                                                                                                          
 
                                                                                                                                                                          # Registration URL
 gitlabUrl: https://gitlab.com/
@@ -27,35 +27,35 @@ runners:
 
                                                                                                                                                                          helm repo add gitlab https://charts.gitlab.io 
 helm install --namespace gitlab gitlab-runner -f values.yaml gitlab/gitlab-runner --version=0.43.1
                                                                                                                                                                          
 
                                                                                                                                                                          After the installation, you can obtain the gitlab-runner workload on the CCE console and view the connection information in GitLab later.
                                                                                                                                                                          
-
                                                                                                                                                                          
+
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Creating an Application
                                                                                                                                                                          Place the application to be created in the GitLab project repository. This section takes Nginx modification as an example. For details, visit https://gitlab.com/c8147/cidemo/-/tree/main.
                                                                                                                                                                          
 
                                                                                                                                                                          The following files are included:
                                                                                                                                                                          
-
                                                                                                                                                                          • .gitlab-ci.yml: Gitlab CI file, which will be described in detail in Creating a Pipeline.
                                                                                                                                                                          • Dockerfile: used to build Docker images.
                                                                                                                                                                          • index.html: used to replace the index page of Nginx.
                                                                                                                                                                          • k8s.yaml: used to deploy the Nginx app. A Deployment named nginx-test and a Service named nginx-test will be created.
                                                                                                                                                                          
+
                                                                                                                                                                          • .gitlab-ci.yml: GitLab CI file, which will be described in detail in Creating a Pipeline.
                                                                                                                                                                          • Dockerfile: used to build Docker images.
                                                                                                                                                                          • index.html: used to replace the index page of Nginx.
                                                                                                                                                                          • k8s.yaml: used to deploy the Nginx app. A Deployment named nginx-test and a Service named nginx-test will be created.
                                                                                                                                                                          
 
                                                                                                                                                                          The preceding files are only examples. You can replace or modify them accordingly.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Configuring Global Variables
                                                                                                                                                                          When using pipelines, build an image, upload it to SWR, and run kubectl commands to deploy the image in the cluster. Before performing these operations, you must log in to SWR and obtain the credential for connecting to the cluster. You can define the information as variables in GitLab.
                                                                                                                                                                          
 
                                                                                                                                                                          Log in to GitLab, choose Settings > CI/CD in the project view, and click Expand next to Variables to add variables.
                                                                                                                                                                          
-
                                                                                                                                                                          
+
                                                                                                                                                                          
 
                                                                                                                                                                          • kube_config
                                                                                                                                                                            kubeconfig.json file used for kubectl command authentication. Run the following command on the host where kubectl is configured to convert the file to the Base64 format:
                                                                                                                                                                            
 
                                                                                                                                                                            echo $(cat ~/.kube/config | base64) | tr -d " "
                                                                                                                                                                            
 
                                                                                                                                                                            The command output is the content of kubeconfig.json.
                                                                                                                                                                            
-
                                                                                                                                                                          • project: project name.
                                                                                                                                                                            Log in to the management console, hover the cursor on your username in the upper right corner, and choose My Credentials. In the Projects area on the API Credentials page, check the name of the project in your current region.
                                                                                                                                                                            
-
                                                                                                                                                                          • swr_ak: access key.
                                                                                                                                                                            Log in to the management console, hover the cursor on your username in the upper right corner, and choose My Credentials. In the navigation pane, choose Access Keys. Click Create Access Key, enter the description, and click OK. In the displayed Information dialog box, click Download. After the certificate is downloaded, obtain the AK and SK information from the credentials file.
                                                                                                                                                                            
+
                                                                                                                                                                          • project: project name.
                                                                                                                                                                            Log in to the management console, hover the cursor on your username in the upper right corner, and choose My Credentials. In the Projects area on the API Credentials page, check the name of the project in your current region.
                                                                                                                                                                            
+
                                                                                                                                                                          • swr_ak: access key.
                                                                                                                                                                            Log in to the management console, hover the cursor on your username in the upper right corner, and choose My Credentials. In the navigation pane, choose Access Keys. Click Create Access Key, enter the description, and click OK. In the displayed Information dialog box, click Download. After the certificate is downloaded, obtain the AK and SK information from the credentials file.
                                                                                                                                                                            
 
                                                                                                                                                                          • swr_sk: secret key for logging in to SWR.
                                                                                                                                                                            Run the following command to obtain the key pair. Replace $AK and $SK with the AK and SK obtained in the preceding steps.
                                                                                                                                                                            
 
                                                                                                                                                                            printf "$AK" | openssl dgst -binary -sha256 -hmac "$SK" | od -An -vtx1 | sed 's/[ \n]//g' | sed 'N;s/\n//'
                                                                                                                                                                            
 
                                                                                                                                                                            The command output displays the login key pair.
                                                                                                                                                                            
 
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Creating a Pipeline
                                                                                                                                                                          Log in to Gitlab and add the .gitlab-ci.yml file to Repository.
                                                                                                                                                                          
-
                                                                                                                                                                          
+
                                                                                                                                                                          Creating a Pipeline
                                                                                                                                                                          Log in to GitLab and add the .gitlab-ci.yml file to Repository.
                                                                                                                                                                          
+
                                                                                                                                                                          
 
                                                                                                                                                                          The content is as follows:
                                                                                                                                                                          
 
                                                                                                                                                                          # Define pipeline stages, including package, build, and deploy.
 stages:
   - package  
   - build
   - deploy
-# If no image is specified in each stage, the default image docker:latest is used.
+# If no image is specified in each stage, the default image docker:latest is used.
 image: docker:latest
 # In the package stage, only printing is performed.
 package:
@@ -96,16 +96,16 @@ deploy:
     # Deploy an application.
     - kubectl apply -f k8s.yaml
                                                                                                                                                                          
 
                                                                                                                                                                          After the .gitlab-ci.yml file is saved, the pipeline is started immediately. You can view the pipeline execution status in GitLab.
                                                                                                                                                                          
-
                                                                                                                                                                          
+
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Verifying Deployment
                                                                                                                                                                          After the pipeline is deployed, locate the nginx-test Service on the CCE console, query its access address, and run the curl command to access the Service.
                                                                                                                                                                          
 
                                                                                                                                                                          # curl xxx.xxx.xxx.xxx:31111
 Hello Gitlab!
                                                                                                                                                                          
 
                                                                                                                                                                          If the preceding information is displayed, the deployment is correct.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Common Issues
                                                                                                                                                                          • If the following problem occurs during the deployment:
                                                                                                                                                                            
+
                                                                                                                                                                            Common Issues
                                                                                                                                                                            • If the following problem occurs during the deployment:
                                                                                                                                                                              
 
                                                                                                                                                                              Or
                                                                                                                                                                              
-
                                                                                                                                                                              
+
                                                                                                                                                                              
 
                                                                                                                                                                              Check whether the following commands are missing in the .gitlab-ci.yml file. If yes, add them to the .gitlab-ci.yml file.
                                                                                                                                                                              
 
                                                                                                                                                                              ...
   script:
@@ -115,8 +115,8 @@ Hello Gitlab!
                                                                                                                                                                              
     - echo $kube_config |base64 -d > $KUBECONFIG
     # Replace the image in the k8s.yaml file.
 ...
                                                                                                                                                                          
-
                                                                                                                                                                        4. If Docker cannot be executed, information similar to the following will display.
                                                                                                                                                                          
-
                                                                                                                                                                          The privileged: true parameter fails to be transferred during GitLab Runner installation. As a result, you do not have the permission to run the docker command. To resolve this issue, find GitLab Runner in the workload list on the CCE console, add the environment variable KUBERNETES_PRIVILEGED, and set its value to true.
                                                                                                                                                                          
+
                                                                                                                                                                        5. If Docker cannot be executed, information similar to the following will display.
                                                                                                                                                                          
+
                                                                                                                                                                          The privileged: true parameter fails to be transferred during GitLab Runner installation. As a result, you do not have the permissions to run the Docker command. To resolve this issue, find GitLab Runner in the workload list on the CCE console, add the environment variable KUBERNETES_PRIVILEGED, and set its value to true.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_0325.html b/docs/cce/umn/cce_bestpractice_0325.html
index ca38792b7..278fb1cb9 100644
--- a/docs/cce/umn/cce_bestpractice_0325.html
+++ b/docs/cce/umn/cce_bestpractice_0325.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                                      Locating Container Faults Using the Core Dump File
                                                                                                                                                                      
-
                                                                                                                                                                      Application Scenarios
                                                                                                                                                                      Linux allows you to create a core dump file if an application crashes, which contains the data the application had in memory at the time of the crash. You can analyze the file to locate the fault.
                                                                                                                                                                      
+
                                                                                                                                                                      Application Scenarios
                                                                                                                                                                      A core dump is when the Linux OS saves the memory status to a file after a program crashes or stops unexpectedly. You can analyze the file to locate the fault.
                                                                                                                                                                      
 
                                                                                                                                                                      Generally, when a service application crashes, its container exits and is reclaimed and destroyed. Therefore, container core files need to be permanently stored on the host or cloud storage. This topic describes how to configure container core dumps.
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                      Constraints
                                                                                                                                                                      When a container core dump is persistently stored to OBS (parallel file system or object bucket), the default mount option umask=0 is used. As a result, although the core dump file is generated, the core dump information cannot be written to the core file. 
                                                                                                                                                                      
+
                                                                                                                                                                      Notes and Constraints
                                                                                                                                                                      When a container core dump is persistently stored to OBS (parallel file system or object bucket), the default mount option umask=0 is used. As a result, although the core dump file is generated, the core dump information cannot be written to the core file. 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Enabling Core Dump on a Node
                                                                                                                                                                      Log in to the node, run the following command to enable core dump, and set the path and format for storing core files:
                                                                                                                                                                      
 
                                                                                                                                                                      echo "/tmp/cores/core.%h.%e.%p.%t" > /proc/sys/kernel/core_pattern
                                                                                                                                                                      
@@ -30,19 +30,22 @@ spec:
     - mountPath: /tmp/cores
       name: coredump-path
 
                                                                                                                                                                      
-
                                                                                                                                                                      Create a pod using kubectl.
                                                                                                                                                                      
-
                                                                                                                                                                      kubectl create -f  pod.yaml
                                                                                                                                                                      
+
                                                                                                                                                                      Create the pod:
                                                                                                                                                                      
+
                                                                                                                                                                      kubectl create -f  pod.yaml
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                      Verification
                                                                                                                                                                      After the pod is created, access the container and trigger a segmentation fault of the current shell terminal.
                                                                                                                                                                      
-
                                                                                                                                                                      $ kubectl get pod
-NAME                          READY   STATUS    RESTARTS   AGE
-coredump                      1/1     Running   0          56s
-$ kubectl exec -it coredump -- /bin/bash
-root@coredump:/# kill -s SIGSEGV $$
-command terminated with exit code 139
                                                                                                                                                                      
-
                                                                                                                                                                      Log in to the node and check whether a core file is generated in the /home/coredump directory. The following example indicates that a core file is generated.
                                                                                                                                                                      
-
                                                                                                                                                                      # ls /home/coredump
-core.coredump.bash.18.1650438992
                                                                                                                                                                      
+
                                                                                                                                                                      Verification
                                                                                                                                                                      1. Obtain the pod name:
                                                                                                                                                                        kubectl get pod
                                                                                                                                                                        
+
                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                        
+
                                                                                                                                                                        NAME        READY   STATUS    RESTARTS   AGE
+coredump    1/1     Running   0          56s
                                                                                                                                                                        
+
                                                                                                                                                                      2. Access the container:
                                                                                                                                                                        kubectl exec -it coredump -- /bin/sh
                                                                                                                                                                        
+
                                                                                                                                                                        After accessing the container, run the following command to trigger a segmentation fault of the current shell terminal:
                                                                                                                                                                        
+
                                                                                                                                                                        kill -s SIGSEGV $$
                                                                                                                                                                        
+
                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                        
+
                                                                                                                                                                        command terminated with exit code 139
                                                                                                                                                                        
+
                                                                                                                                                                      3. Log in to the node and check whether the core file has been generated in /home/coredump.
                                                                                                                                                                        ls /home/coredump
                                                                                                                                                                        
+
                                                                                                                                                                        If information similar to the following is displayed, the core file has been generated.
                                                                                                                                                                        
+
                                                                                                                                                                        core.coredump.bash.18.1650438992
                                                                                                                                                                        
+
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_0333.html b/docs/cce/umn/cce_bestpractice_0333.html
index f56c6deb3..70e831ea0 100644
--- a/docs/cce/umn/cce_bestpractice_0333.html
+++ b/docs/cce/umn/cce_bestpractice_0333.html
@@ -3,26 +3,29 @@
 
                                                                                                                                                                      Configuration Suggestions on CCE Workload Identity Security
                                                                                                                                                                      
 
                                                                                                                                                                      A workload identity enables workloads within a cluster to act as IAM users, granting them access to cloud services without the need for an IAM account's AK and SK. This helps to minimize security risks.
                                                                                                                                                                      
 
                                                                                                                                                                      This section describes how to use workload identities in CCE.
                                                                                                                                                                      
-
                                                                                                                                                                      Notes and Constraints
                                                                                                                                                                      The cluster version must be 1.19.16 or later.
                                                                                                                                                                      
+
                                                                                                                                                                      Notes and Constraints
                                                                                                                                                                      The cluster version must be v1.19.16 or later.
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                      Procedure
                                                                                                                                                                      1. Obtain the public key of the cluster serviceAccountToken from CCE. For details, see Step 1: Obtain the Public Key for Signature of the CCE Cluster.
                                                                                                                                                                      2. Create an identity provider on IAM. For details, see Step 2: Configure an Identity Provider.
                                                                                                                                                                      3. Obtain an IAM token from the workload to simulate an IAM user to access a cloud service. For details, see Step 3: Use a Workload Identity.
                                                                                                                                                                        The procedure is as follows:
                                                                                                                                                                        1. Deploy the application pod and obtain the OpenID Connect ID token file by mounting the identity provider.
                                                                                                                                                                        2. Use the mounted OpenID Connect ID token file in programs in the pod to access IAM and obtain a temporary IAM token.
                                                                                                                                                                        3. Access the cloud service using the IAM token in programs in the pod.
                                                                                                                                                                        
+
                                                                                                                                                                        Procedure
                                                                                                                                                                        1. Obtain the public key of the cluster serviceAccountToken from CCE. For details, see Step 1: Obtain the Public Key for Signature of the CCE Cluster.
                                                                                                                                                                        2. Create an identity provider on IAM. For details, see Step 2: Configure an Identity Provider.
                                                                                                                                                                        3. Obtain an IAM token from the workload and simulate an IAM user to access a cloud service. For details, see Step 3: Use a Workload Identity.
                                                                                                                                                                          The procedure is as follows:
                                                                                                                                                                          1. Deploy the application pod and obtain the OpenID Connect ID token file by mounting the identity provider.
                                                                                                                                                                          2. Use the mounted OpenID Connect ID token file in programs in the pod to access IAM and obtain a temporary IAM token.
                                                                                                                                                                          3. Access the cloud service using the IAM token in programs in the pod.
                                                                                                                                                                          
 
                                                                                                                                                                          Figure 1 Workflow
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        Step 1: Obtain the Public Key for Signature of the CCE Cluster
                                                                                                                                                                        1. Use kubectl to access the target cluster.
                                                                                                                                                                        2. Obtain the public key:
                                                                                                                                                                          kubectl get --raw /openid/v1/jwks
                                                                                                                                                                          
+
                                                                                                                                                                          Step 1: Obtain the Public Key for Signature of the CCE Cluster
                                                                                                                                                                          1. Use kubectl to access the target cluster.
                                                                                                                                                                          2. Obtain the public key:
                                                                                                                                                                            kubectl get --raw /openid/v1/jwks
                                                                                                                                                                            
+
                                                                                                                                                                            The returned result is the public key of the cluster. The following is an example of the command output:
                                                                                                                                                                            
 
                                                                                                                                                                            # kubectl get --raw /openid/v1/jwks
 {"keys":[{"use":"sig","kty":"RSA","kid":"*****","alg":"RS256","n":"*****","e":"AQAB"}]}
                                                                                                                                                                            
-
                                                                                                                                                                            The returned field is the public key of the cluster.
                                                                                                                                                                            
 
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Step 2: Configure an Identity Provider
                                                                                                                                                                          1. Log in to the IAM console, choose Identity Providers in the navigation pane, and click Create Identity Provider in the upper right corner. On the displayed page, set Protocol to OpenID Connect and SSO Type to Virtual user and click OK.
                                                                                                                                                                          2. In the identity provider list, locate the row containing the new identity provider and click Modify in the Operation column to modify the identity provider information.
                                                                                                                                                                            Access Type: Select Programmatic access.
                                                                                                                                                                            
 
                                                                                                                                                                            Configuration Information
                                                                                                                                                                            
-
+
                                                                                                                                                                            • Identity Provider URL: Enter https://kubernetes.default.svc.cluster.local.
                                                                                                                                                                            • Client ID: Enter an ID, which will be used when you create a container.
                                                                                                                                                                               
                                                                                                                                                                              You are not advised to use a client ID consisting solely of digits. If the client ID consists only of digits, enclose it in double quotation marks ("") when editing the YAML file for the workload. If the client ID is 123456789, it should be entered as "123456789" in the YAML file.
                                                                                                                                                                              
+
                                                                                                                                                                              
+
                                                                                                                                                                            • Signing Key: Enter the JWKS of the CCE cluster obtained in Step 1: Obtain the Public Key for Signature of the CCE Cluster.
                                                                                                                                                                            
 
                                                                                                                                                                            Identity Conversion Rules
                                                                                                                                                                            
-
                                                                                                                                                                            An identity conversion rule maps the ServiceAccount of a workload to IAM user.
                                                                                                                                                                            
-
                                                                                                                                                                            For example, create a ServiceAccount named oidc-token in namespace default of the cluster and map it to user group demo. If you use the identity provider ID to access cloud services, you have the permissions of the demo user group. The attribute must be sub. The value format is system:serviceaccount:Namespace:ServiceAccountName.
                                                                                                                                                                            
-
                                                                                                                                                                            
+
                                                                                                                                                                            An identity conversion rule maps the ServiceAccount of a workload to an IAM user.
                                                                                                                                                                            
+
                                                                                                                                                                            For example, create a ServiceAccount named oidc-token in namespace default of the cluster and map it to user group demo. If you use the identity provider ID to access cloud services, you have the permissions of the demo user group. The attribute must be sub. The value is in the format of system:serviceaccount:Namespace:ServiceAccountName.
                                                                                                                                                                            
+
                                                                                                                                                                            
+
 
                                                                                                                                                                            Rules are in the JSON format as follows:
                                                                                                                                                                            
 
                                                                                                                                                                            [
     {
@@ -91,13 +94,13 @@ spec:
 
                                                                                                                                                                          
 
                                                                                                                                                                        3. After the creation is complete, log in to the container. The content of the /var/run/secrets/tokens/oidc-token file is the serviceAccountToken generated by Kubernetes.
                                                                                                                                                                           
                                                                                                                                                                          If the serviceAccountToken is used for more than 24 hours or 80% of its expiry period, kubelet will automatically rotate the serviceAccountToken.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                        4. Use the OpenID Connect ID token to call the API for Obtaining a Token with an OpenID Connect ID Token. The X-Subject-Token field in the response header is the IAM token. Then, you can use this token to access cloud services.
                                                                                                                                                                          The following shows an example:
                                                                                                                                                                          
+
                                                                                                                                                                        5. Use the OpenID Connect ID token to call the API for Obtaining a Token with an OpenID Connect ID Token. The X-Subject-Token field in the response header is the IAM token. Then, you can use this token to access cloud services.
                                                                                                                                                                          The following shows an example:
                                                                                                                                                                          
 
                                                                                                                                                                          curl -i --location --request POST 'https://{{iam endpoint}}/v3.0/OS-AUTH/id-token/tokens' \
  --header 'X-Idp-Id: workload_identity' \
  --header 'Content-Type: application/json' \
  --data @token_body.json
                                                                                                                                                                          
 
                                                                                                                                                                          Specifically:
                                                                                                                                                                          
-
                                                                                                                                                                          • {{iam endpoint}} indicates the endpoint of IAM. For details, see Regions and Endpoints.
                                                                                                                                                                          • workload_identity is the identity provider name, which is the same as that configured in Step 2: Configure an Identity Provider.
                                                                                                                                                                          • token_body.json is a local file and its content is as follows:
                                                                                                                                                                             { 
+
                                                                                                                                                                            • {{iam endpoint}} indicates the endpoint of IAM. For details, see Regions and Endpoints.
                                                                                                                                                                            • workload_identity is the identity provider name, which is the same as that configured in Step 2: Configure an Identity Provider.
                                                                                                                                                                            • token_body.json is a local file and its content is as follows:
                                                                                                                                                                               { 
    "auth" : { 
      "id_token" : { 
        "id" : "eyJhbGciOiJSU..."
@@ -110,7 +113,7 @@ spec:
      } 
    } 
  }
                                                                                                                                                                              
-
                                                                                                                                                                              • $.auth.id_token.id: The value is the content of the /var/run/secrets/tokens/oidc-token file in the container.
                                                                                                                                                                              • $.auth.scope.project.id: indicates the project ID. For details about how to obtain the project ID, see Obtaining a Project ID.
                                                                                                                                                                              • $.auth.scope.project.name: indicates the project name.
                                                                                                                                                                              
+
                                                                                                                                                                              • $.auth.id_token.id: The value is the content of the /var/run/secrets/tokens/oidc-token file in the container.
                                                                                                                                                                              • $.auth.scope.project.id: indicates the project ID. To obtain the value, see Obtaining a Project ID.
                                                                                                                                                                              • $.auth.scope.project.name: indicates the project name.
                                                                                                                                                                              
 
                                                                                                                                                                            
 
                                                                                                                                                                        
 
                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_bestpractice_0348.html b/docs/cce/umn/cce_bestpractice_0348.html
index 817898596..4e7d6d5a4 100644
--- a/docs/cce/umn/cce_bestpractice_0348.html
+++ b/docs/cce/umn/cce_bestpractice_0348.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                        DNS resolution is frequently used in Kubernetes clusters. Based on the characteristics of DNS resolution in Kubernetes, you can optimize domain name resolution requests in the following ways.
                                                                                                                                                                        
 
                                                                                                                                                                        Using a Connection Pool
                                                                                                                                                                        When a containerized application needs to frequently request another service, you are advised to use a connection pool. The connection pool can cache the link information of the upstream service to avoid the overhead of DNS resolution and TCP link reestablishment for each access.
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        Optimizing the resolve.conf File in the Container
                                                                                                                                                                        The ndots and search parameters in the resolve.conf file determine the domain name resolution efficiency. For details about the two parameters, see DNS Configuration.
                                                                                                                                                                        
+
                                                                                                                                                                        Optimizing the resolve.conf File in the Container
                                                                                                                                                                        The ndots and search parameters in the resolve.conf file determine the domain name resolution efficiency. For details about the two parameters, see DNS Configuration.
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        Optimizing the Domain Name Configuration
                                                                                                                                                                        When a container needs to access a domain name, configure the domain name based on the following rules to improve the domain name resolution efficiency.
                                                                                                                                                                        1. When a pod accesses a Service in the same namespace, use <service-name>, which indicates the Service name.
                                                                                                                                                                        2. When a pod accesses a Service across namespaces, use <service-name>.<namespace-name>. namespace-name indicates the namespace where the Service is located.
                                                                                                                                                                        3. When a pod accesses an external domain name of a cluster, it uses the FQDN domain name. This type of domain name is specified by adding a period (.) at the end of a common domain name to avoid multiple invalid search attempts caused by search domain combination.
                                                                                                                                                                        
 
                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_bestpractice_0357.html b/docs/cce/umn/cce_bestpractice_0357.html
index 69688558e..183647aaa 100644
--- a/docs/cce/umn/cce_bestpractice_0357.html
+++ b/docs/cce/umn/cce_bestpractice_0357.html
@@ -75,7 +75,7 @@
   "name": "template",
   "parameters": "ANY AAAA"
 }
-
                                                                                                                                                                      4. Click OK.
                                                                                                                                                                      5. In the navigation pane, choose ConfigMaps and Secrets. In the kube-system namespace, view the coredns configuration data to check whether the update is successful.
                                                                                                                                                                        Corresponding Corefile content:
                                                                                                                                                                        
+
                                                                                                                                                                      6. Click OK.
                                                                                                                                                                      7. In the navigation pane, choose ConfigMaps and Secrets. In the kube-system namespace, view the coredns configuration data to check whether the update is successful.
                                                                                                                                                                        Corresponding Corefile content:
                                                                                                                                                                        
 
                                                                                                                                                                        .:5353 {
     bind {$POD_IP}
     cache 30
@@ -104,8 +104,8 @@
     "name": "cache",
     "parameters": 30
 }
                                                                                                                                                                        
-
                                                                                                                                                                        
-
                                                                                                                                                                      8. Click OK.
                                                                                                                                                                      9. In the navigation pane, choose ConfigMaps and Secrets. Select the kube-system namespace, view the data of the ConfigMap named coredns to check whether the update is successful.
                                                                                                                                                                        Corresponding Corefile content:
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      10. Click OK.
                                                                                                                                                                      11. In the navigation pane, choose ConfigMaps and Secrets. Select the kube-system namespace, view the data of the ConfigMap named coredns to check whether the update is successful.
                                                                                                                                                                        Corresponding Corefile content:
                                                                                                                                                                        
 
                                                                                                                                                                        .:5353 {
     bind {$POD_IP}
     cache 30 {
diff --git a/docs/cce/umn/cce_bestpractice_10001.html b/docs/cce/umn/cce_bestpractice_10001.html
index c7650555f..2943557a3 100644
--- a/docs/cce/umn/cce_bestpractice_10001.html
+++ b/docs/cce/umn/cce_bestpractice_10001.html
@@ -6,10 +6,18 @@
 
                                                                                                                                                                        Solution
                                                                                                                                                                        Several release policies are developed for service upgrade: grayscale release, blue-green deployment, A/B testing, rolling upgrade, and batch suspension of release. Traffic loss or service unavailability caused by releases can be avoided as much as possible.
                                                                                                                                                                        
 
                                                                                                                                                                        This document describes the principles and practices of grayscale release and blue-green deployment.
                                                                                                                                                                        
 
                                                                                                                                                                        • Grayscale release, also called canary release, is a smooth iteration mode for version upgrade. During the upgrade, some users use the new version, while other users continue to use the old version. After the new version is stable and ready, it gradually takes over all the live traffic. In this way, service risks brought by the release of the new version can be minimized, the impact of faults can be reduced, and quick rollback is supported.
                                                                                                                                                                          The following figure shows the general process of grayscale release. First, divide 20% of all service traffic to the new version. If the service version runs normally, gradually increase the traffic proportion and continue to test the performance of the new version. If the new version is stable, switch all traffic to it and bring the old version offline.
                                                                                                                                                                          
-
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
 
                                                                                                                                                                          If an exception occurs in the new version when 20% of the traffic goes to the new version, you can quickly switch back to the old version.
                                                                                                                                                                          
-
                                                                                                                                                                          
-
                                                                                                                                                                        • Blue-green deployment provides a zero-downtime, predictable manner for releasing applications to reduce service interruption during the release. A new version is deployed while the old version is retained. The two versions are online at the same time. The new and old versions work in hot backup mode. The route weight is switched (0 or 100) to enable different versions to go online or offline. If a problem occurs, the version can be quickly rolled back.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                        • Blue-green deployment provides a zero-downtime, predictable manner for releasing applications to reduce service interruption during the release. A new version is deployed while the old version is retained. The two versions are online at the same time. The new and old versions work in hot backup mode. The route weight is switched (0 or 100) to enable different versions to go online or offline. If a problem occurs, the version can be quickly rolled back.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_10002.html b/docs/cce/umn/cce_bestpractice_10002.html
index b3ab01f6b..03ff92c86 100644
--- a/docs/cce/umn/cce_bestpractice_10002.html
+++ b/docs/cce/umn/cce_bestpractice_10002.html
@@ -1,14 +1,14 @@
 
 
 
                                                                                                                                                                      Using Services to Implement Simple Grayscale Release and Blue-Green Deployment
                                                                                                                                                                      
-
                                                                                                                                                                      To implement grayscale release for a CCE cluster, deploy other open-source tools, such as Nginx Ingress, to the cluster or deploy services to a service mesh. These solutions are difficult to implement. If your grayscale release requirements are simple and you do not want to introduce too many plug-ins or complex configurations, you can refer to this section to implement simple grayscale release and blue-green deployment based on native Kubernetes features.
                                                                                                                                                                      
+
                                                                                                                                                                      To implement grayscale release for a CCE cluster, deploy other open source tools, such as Nginx Ingress, to the cluster or deploy services to a service mesh. These solutions are difficult to implement. If your grayscale release requirements are simple and you do not want to introduce too many plug-ins or complex configurations, you can refer to this section to implement simple grayscale release and blue-green deployment based on native Kubernetes features.
                                                                                                                                                                      
 
                                                                                                                                                                      Principles
                                                                                                                                                                      Users usually use Kubernetes objects such as Deployments and StatefulSets to deploy services. Each workload manages a group of pods. The following figure uses Deployment as an example.
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      
 
                                                                                                                                                                      Generally, a Service is created for each workload. The Service uses the selector to match the backend pod. Other Services or objects outside the cluster can access the pods backing the Service. If a pod needs to be exposed, set the Service type to LoadBalancer. The ELB load balancer functions as the traffic entrance.
                                                                                                                                                                      
 
                                                                                                                                                                      • Grayscale release principles
                                                                                                                                                                        Take a Deployment as an example. A Service, in most cases, will be created for each Deployment. However, Kubernetes does not require that Services and Deployments correspond to each other. A Service uses a selector to match backend pods. If pods of different Deployments are selected by the same selector, a Service corresponds to multiple versions of Deployments. You can adjust the number of replicas of Deployments of different versions to adjust the weights of services of different versions to achieve grayscale release. The following figure shows the process:
                                                                                                                                                                        
-
                                                                                                                                                                        
+
                                                                                                                                                                        
 
                                                                                                                                                                      • Blue-green deployment principles
                                                                                                                                                                        Take a Deployment as an example. Two Deployments of different versions have been deployed in the cluster, and their pods are labeled with the same key but different values to distinguish versions. A Service uses the selector to select the pod of a Deployment of a version. In this case, you can change the value of the label that determines the version in the Service selector to change the pod backing the Service. In this way, you can directly switch the service traffic from one version to another. The following figure shows the process:
                                                                                                                                                                        
-
                                                                                                                                                                        
+
                                                                                                                                                                        
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Prerequisites
                                                                                                                                                                      The Nginx image has been uploaded to SWR. The Nginx images have two versions: v1 and v2. The welcome pages are Nginx-v1 and Nginx-v2.
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_10008.html b/docs/cce/umn/cce_bestpractice_10008.html
index 6d46ca708..e062b6bd1 100644
--- a/docs/cce/umn/cce_bestpractice_10008.html
+++ b/docs/cce/umn/cce_bestpractice_10008.html
@@ -7,6 +7,8 @@
 
 
 
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_10009.html b/docs/cce/umn/cce_bestpractice_10009.html
index 24cd05fc6..4e6eef561 100644
--- a/docs/cce/umn/cce_bestpractice_10009.html
+++ b/docs/cce/umn/cce_bestpractice_10009.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                      Application Scenarios
                                                                                                                                                                      Generally, a user has different clusters for different purposes, such as production, testing, and development. To monitor, collect, and view metrics of these clusters, you can deploy a set of Prometheus.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Solution Architecture
                                                                                                                                                                      Multiple clusters are connected to the same Prometheus monitoring system, as shown in the following figure. This reduces maintenance and resource costs and facilitates monitoring information aggregation.
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Prerequisites
                                                                                                                                                                      • The target cluster has been created.
                                                                                                                                                                      • Prometheus has been properly connected to the target cluster.
                                                                                                                                                                      • Prometheus has been installed on a Linux host using a binary file. For details, see Installation.
                                                                                                                                                                      
 
                                                                                                                                                                      
@@ -72,13 +72,13 @@ subjects:
 
                                                                                                                                                                      
 
                                                                                                                                                                      Obtain the serviceaccount information.
                                                                                                                                                                      
 
                                                                                                                                                                      kubectl describe sa prometheus-test -n kube-system
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      
 
                                                                                                                                                                      kubectl describe secret prometheus-test-token-hdhkg -n kube-system
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      
 
                                                                                                                                                                      Record the token value, which is the bearer_token information to be collected.
                                                                                                                                                                      
 
 
                                                                                                                                                                    5. Configure bearer_token information.
                                                                                                                                                                      Log in to the host where Prometheus is located, go to the Prometheus installation directory, and save the token information of the target cluster in a file.
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      
 
                                                                                                                                                                    6. Configure a Prometheus monitoring job.
                                                                                                                                                                      The example job monitors container metrics. To monitor other metrics, you can add jobs and compile capture rules.
                                                                                                                                                                      
 
                                                                                                                                                                        - job_name: k8s_cAdvisor
     scheme: https
@@ -130,8 +130,8 @@ subjects:
       replacement: xxxx    ## (Optional) Enter the cluster information.
                                                                                                                                                                      
 
                                                                                                                                                                    7. Enable Prometheus.
                                                                                                                                                                      After the configuration, enable Prometheus.
                                                                                                                                                                      
 
                                                                                                                                                                      ./prometheus --config.file=prometheus.yml
                                                                                                                                                                      
-
                                                                                                                                                                    8. Log in to Prometheus and view the monitoring information.
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                    9. Log in to Prometheus and view the monitoring information.
                                                                                                                                                                      
+
                                                                                                                                                                      
 
                                                                                                                                                                      10. 
 
                                                                                                                                                                      
 
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_10010.html b/docs/cce/umn/cce_bestpractice_10010.html
index db977f724..dbdbddaab 100644
--- a/docs/cce/umn/cce_bestpractice_10010.html
+++ b/docs/cce/umn/cce_bestpractice_10010.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                      Pre-Binding Container ENI for CCE Turbo Clusters
                                                                                                                                                                      
 
                                                                                                                                                                      In the Cloud Native 2.0 network model, each pod is allocated an ENI or a sub-ENI (called container ENI). The speed of ENI creation and binding is slower than that of pod scaling, severely affecting the container startup speed in large-scale batch creation. Therefore, the Cloud Native Network 2.0 model provides the dynamic pre-binding of container ENIs to accelerate pod startup while improving IP resource utilization.
                                                                                                                                                                      
-
                                                                                                                                                                      Constraints
                                                                                                                                                                      • CCE Turbo clusters of 1.19.16-r4, 1.21.7-r0, 1.23.5-r0, 1.25.1-r0, or later support ENI pre-binding, global configuration at the cluster level, and custom settings at the node pool level. Custom settings of nodes out of a node pool is not supported.
                                                                                                                                                                      • CCE Turbo clusters of 1.19.16-r2, 1.21.5-r0, 1.23.3-r0 to 1.19.16-r4, 1.21.7-r0, 1.23.5-r0 only support two parameters, nic-minimum-target and nic-warm-target, and do not support custom settings at the node pool level.
                                                                                                                                                                      • Modify the dynamic pre-binding parameters using the console or API instead of the node annotations in the background. Otherwise, the modified annotations will be overwritten by the original values after the cluster is upgraded.
                                                                                                                                                                      
+
                                                                                                                                                                      Notes and Constraints
                                                                                                                                                                      • CCE Turbo clusters of 1.19.16-r4, 1.21.7-r0, 1.23.5-r0, 1.25.1-r0 or later support ENI pre-binding, global configuration at the cluster level, and custom settings at the node pool level. Custom settings of nodes out of a node pool is not supported.
                                                                                                                                                                      • CCE Turbo clusters of 1.19.16-r2, 1.21.5-r0, 1.23.3-r0 to 1.19.16-r4, 1.21.7-r0, 1.23.5-r0 only support two parameters, nic-minimum-target and nic-warm-target, and do not support custom settings at the node pool level.
                                                                                                                                                                      • Modify the dynamic pre-binding parameters using the console or API instead of the node annotations in the background. Otherwise, the modified annotations will be overwritten by the original values after the cluster is upgraded.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      How It Works
                                                                                                                                                                      CCE Turbo provides four dynamic pre-binding parameters for container ENIs. You can properly configure the parameters based on your service requirements. (The node pool-level dynamic ENI pre-binding parameters take priority over the cluster-level dynamic ENI pre-binding parameters.)
                                                                                                                                                                      
 
@@ -100,7 +100,7 @@
 
                                                                                                                                                                       
                                                                                                                                                                      Pods using HostNetwork are excluded.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                      Cluster-level Global Configuration
                                                                                                                                                                      1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                                                                                      2. Click  next to the target cluster and choose Manage.
                                                                                                                                                                      3. In the window that slides out from the right, click Networking Components. For details about the parameter configurations, see Configuration Example.
                                                                                                                                                                      4. After the configuration is complete, click OK. Wait for about 10 seconds for the configuration to take effect.
                                                                                                                                                                      
+
                                                                                                                                                                      Cluster-level Global Configuration
                                                                                                                                                                      1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                                                                                      2. Click  next to the target cluster and choose Manage.
                                                                                                                                                                      3. In the window that slides out from the right, click Networking Components. For details about the parameter configurations, see Configuration Example.
                                                                                                                                                                      4. After the configuration is complete, click OK. Wait for about 10 seconds for the configuration to take effect.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Custom Settings at the Node Pool Level
                                                                                                                                                                      1. Log in to the CCE console.
                                                                                                                                                                      2. Click the cluster name to access the cluster console, choose Nodes in the navigation pane, and click the Node Pools tab.
                                                                                                                                                                      3. Locate the row containing the target node pool and click Manage.
                                                                                                                                                                      4. In the window that slides out from the right, click Networking Components and enable node pool container ENI pre-binding. For details about the parameter configurations, see Configuration Example.
                                                                                                                                                                        
 
                                                                                                                                                                      5. After the configuration is complete, click OK. Wait for about 10 seconds for the configuration to take effect.
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_10012.html b/docs/cce/umn/cce_bestpractice_10012.html
index 92d1623df..6b8c7d7f9 100644
--- a/docs/cce/umn/cce_bestpractice_10012.html
+++ b/docs/cce/umn/cce_bestpractice_10012.html
@@ -6,7 +6,7 @@
 
                                                                                                                                                                      • If the disk capacity is too small, the image pull may fail. If different images need to be frequently pulled on the node, you are not advised to reduce the data disk capacity.
                                                                                                                                                                      • Before a cluster upgrade, the system checks whether the data disk usage exceeds 95%. If the usage is high, the cluster upgrade may be affected.
                                                                                                                                                                      • If Device Mapper is used, the disk capacity may be insufficient. You are advised to use the OverlayFS or select a large-capacity data disk.
                                                                                                                                                                      • For dumping logs, application logs must be stored in a separate disk to prevent insufficient storage capacity of the dockersys volume from affecting service running.
                                                                                                                                                                      
 
                                                                                                                                                                      • After reducing the data disk capacity, you are advised to install the npd add-on in the cluster to detect disk usage. If the disk usage of a node is high, resolve this problem by referring to What If the Data Disk Capacity Is Insufficient?
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                      Constraints
                                                                                                                                                                      • Only clusters of v1.19 or later allow reducing the capacity of the data disk used by container runtimes and kubelet.
                                                                                                                                                                      • Only the EVS disk capacity can be adjusted. (Local disks are available only when the node specification is disk-intensive or Ultra-high I/O.)
                                                                                                                                                                      
+
                                                                                                                                                                      Notes and Constraints
                                                                                                                                                                      • Only clusters of v1.19 or later allow reducing the capacity of the data disk used by container runtimes and kubelet.
                                                                                                                                                                      • Only the EVS disk capacity can be adjusted. (Local disks are available only when the node specification is disk-intensive or Ultra-high I/O.)
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Selecting a Data Disk
                                                                                                                                                                      When selecting a data disk, consider the following factors:
                                                                                                                                                                      
 
                                                                                                                                                                      • During image pull, the system downloads the image package (the .tar package) from the image repository, and decompresses the package. Then it deletes the package but retain the image file. During the decompression of the .tar package, the package and the decompressed image file coexist. Reserve the capacity for the decompressed files.
                                                                                                                                                                      • Mandatory add-ons (such as everest and coredns) may be deployed on nodes during cluster creation. When calculating the data disk size, reserve about 2 GiB storage capacity for them.
                                                                                                                                                                      • Logs are generated during application running. To ensure stable application running, reserve about 1 GiB storage capacity for each pod.
                                                                                                                                                                      
@@ -18,7 +18,7 @@
 
                                                                                                                                                                      On a node using the OverlayFS, when an image is pulled, the .tar package is decompressed after being downloaded. During this process, the .tar package and the decompressed image file are stored in the dockersys volume, occupying about twice the actual image storage capacity. After the decompression is complete, the .tar package is deleted. Therefore, during image pull, after deducting the storage capacity occupied by the system add-on images, ensure that the remaining capacity of the dockersys volume is greater than twice the actual image storage capacity. To ensure that the containers can run stably, reserve certain capacity in the dockersys volume for container logs and other related files.
                                                                                                                                                                      
 
                                                                                                                                                                      When selecting a data disk, consider the following formula:
                                                                                                                                                                      
 
                                                                                                                                                                      Capacity of dockersys volume > Actual total image storage capacity x 2 + Total system add-on image storage capacity (about 2 GiB) + Number of containers x Available storage capacity for a single container (about 1 GiB log storage capacity for each container)
                                                                                                                                                                      
-
                                                                                                                                                                       
                                                                                                                                                                      If container logs are output in the json.log format, they will occupy some capacity in the dockersys volume. If container logs are stored on persistent storage, they will not occupy capacity in the dockersys volume. Estimate the capacity of every container as required.
                                                                                                                                                                      
+
                                                                                                                                                                       
                                                                                                                                                                      If container logs are output in the json.log format, they will occupy some capacity in the dockersys volume. If container logs are stored on persistent storage, they will not occupy capacity in the dockersys volume. Estimate the capacity of every container as required.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Example:
                                                                                                                                                                      
 
                                                                                                                                                                      Assume that the node uses the OverlayFS and the data disk attached to this node is 20 GiB. According to the preceding methods, the capacity for storing container engines and images occupies 90% of the data disk capacity, and the capacity for the dockersys volume is 18 GiB (20 GiB x 90%). Additionally, mandatory add-ons may occupy about 2 GiB storage capacity during cluster creation. If you deploy a .tar package of 10 GiB, the package decompression takes 20 GiB of the dockersys volume's storage capacity. This, coupled with the storage capacity occupied by mandatory add-ons, exceeds the remaining capacity of the dockersys volume. As a result, the image pull may fail.
                                                                                                                                                                      
@@ -29,123 +29,24 @@
 
                                                                                                                                                                      On a node using the Device Mapper storage driver, when an image is pulled, the .tar package is temporarily stored in the dockersys volume. After the .tar package is decompressed, the image file is stored in the thinpool volume, and the package in the dockersys volume will be deleted. Therefore, during image pull, ensure that the dockersys partition space and thinpool space are sufficient, and note that the former is smaller than the latter. To ensure that the containers can run stably, reserve certain capacity in the dockersys volume for container logs and other related files.
                                                                                                                                                                      
 
                                                                                                                                                                      When selecting a data disk, consider the following formulas:
                                                                                                                                                                      • Capacity for dockersys volume > Temporary storage capacity of the .tar package (approximately equal to the actual total image storage capacity) + Number of containers x Storage capacity of a single container (about 1 GiB log storage capacity must be reserved for each container)
                                                                                                                                                                      • Capacity for thinpool volume > Actual total image storage capacity + Total add-on image storage capacity (about 2 GiB)
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                       
                                                                                                                                                                      If container logs are output in the json.log format, they will occupy some capacity in the dockersys volume. If container logs are stored on persistent storage, they will not occupy capacity in the dockersys volume. Estimate the capacity of every container as required.
                                                                                                                                                                      
+
                                                                                                                                                                       
                                                                                                                                                                      If container logs are output in the json.log format, they will occupy some capacity in the dockersys volume. If container logs are stored on persistent storage, they will not occupy capacity in the dockersys volume. Estimate the capacity of every container as required.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Example:
                                                                                                                                                                      
 
                                                                                                                                                                      Assume that the node uses the Device Mapper and the data disk attached to this node is 20 GiB. According to the preceding methods, the container engine and image storage capacity occupies 90% of the data disk capacity, and the disk usage of the dockersys volume is 3.6 GiB. Additionally, the storage capacity of the mandatory add-ons may occupy about 2 GiB of the dockersys volume during cluster creation. The remaining storage capacity is about 1.6 GiB. If you deploy a .tar image package larger than 1.6 GiB, the storage capacity of the dockersys volume is insufficient for the package to be decompressed. As a result, the image pull may fail.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      What If the Data Disk Capacity Is Insufficient?
                                                                                                                                                                      Solution 1: Clearing images
                                                                                                                                                                      
 
                                                                                                                                                                      Perform the following operations to clear unused images:
                                                                                                                                                                      • Nodes that use containerd
                                                                                                                                                                        1. Obtain local images on the node.
                                                                                                                                                                          crictl images -v
                                                                                                                                                                          
-
                                                                                                                                                                        2. Delete the images that are not required by image ID.
                                                                                                                                                                          crictl rmi Image ID
                                                                                                                                                                          
+
                                                                                                                                                                        3. Delete the unnecessary images by image ID.
                                                                                                                                                                          crictl rmi {Image ID}
                                                                                                                                                                          
 
                                                                                                                                                                        
 
                                                                                                                                                                      • Nodes that use Docker
                                                                                                                                                                        1. Obtain local images on the node.
                                                                                                                                                                          docker images
                                                                                                                                                                          
-
                                                                                                                                                                        2. Delete the images that are not required by image ID.
                                                                                                                                                                          docker rmi Image ID
                                                                                                                                                                          
+
                                                                                                                                                                        3. Delete the unnecessary images by image ID.
                                                                                                                                                                          docker rmi {}Image ID}
                                                                                                                                                                          
 
                                                                                                                                                                        
 
                                                                                                                                                                      
-
                                                                                                                                                                       
                                                                                                                                                                      Do not delete system images such as the cce-pause image. Otherwise, pods may fail to be created.
                                                                                                                                                                      
+
                                                                                                                                                                       
                                                                                                                                                                      Do not delete system images such as the cce-pause image. Otherwise, the pod creation may fail.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Solution 2: Expanding the disk capacity
                                                                                                                                                                      
-
                                                                                                                                                                      1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                        Only the storage capacity of the EVS disk is expanded. You also need to perform the following steps to expand the capacity of the logical volume and file system.
                                                                                                                                                                        
-
                                                                                                                                                                      2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                      3. Log in to the target node.
                                                                                                                                                                      4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                        A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                        
-
                                                                                                                                                                        Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys.
                                                                                                                                                                        
-
                                                                                                                                                                        1. Check the disk and partition sizes of the device.
                                                                                                                                                                          # lsblk
-NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
-sda                   8:0    0   50G  0 disk 
-└─sda1                8:1    0   50G  0 part /
-sdb                   8:16   0  150G  0 disk      # The data disk has been expanded to 150 GiB, but 50 GiB space is not allocated.
-├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd
-└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                          
-
                                                                                                                                                                        2. Expand the disk capacity.
                                                                                                                                                                          Add the new disk capacity to the dockersys logical volume used by the container engine.
                                                                                                                                                                          
-
                                                                                                                                                                          1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/sdb specifies the physical volume where dockersys is located.
                                                                                                                                                                            pvresize /dev/sdb
                                                                                                                                                                            
-
                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                            
-
                                                                                                                                                                            Physical volume "/dev/sdb" changed
-1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                            
-
                                                                                                                                                                          2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                            lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                            
-
                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                            
-
                                                                                                                                                                            Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to 140.00 GiB (35840 extents).
-Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                            
-
                                                                                                                                                                          3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                            resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                            
-
                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                            
-
                                                                                                                                                                            Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/containerd; on-line resizing required
-old_desc_blocks = 12, new_desc_blocks = 18
-The filesystem on /dev/vgpaas/dockersys is now 36700160 blocks long.
                                                                                                                                                                            
-
                                                                                                                                                                          
-
                                                                                                                                                                        3. Check whether the capacity is expanded.
                                                                                                                                                                          # lsblk
-NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
-sda                   8:0    0   50G  0 disk 
-└─sda1                8:1    0   50G  0 part /
-sdb                   8:16   0  150G  0 disk
-├─vgpaas-dockersys  253:0    0   140G  0 lvm  /var/lib/containerd
-└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                          
-
                                                                                                                                                                        
-
                                                                                                                                                                        Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                        
-
                                                                                                                                                                        1. Check the disk and partition sizes of the device.
                                                                                                                                                                          # lsblk
-NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
-vda                                   8:0    0   50G  0 disk 
-└─vda1                                8:1    0   50G  0 part /
-vdb                                   8:16   0  200G  0 disk 
-├─vgpaas-dockersys                  253:0    0   18G  0 lvm  /var/lib/docker    
-├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
-│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm                   # Space used by thinpool
-│   ...
-├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
-│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
-│   ...
-└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                          
-
                                                                                                                                                                        2. Expand the disk capacity.
                                                                                                                                                                          Option 1: Add the new disk capacity to the thin pool disk.
                                                                                                                                                                          
-
                                                                                                                                                                          1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where thinpool is located.
                                                                                                                                                                            pvresize /dev/vdb
                                                                                                                                                                            
-
                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                            
-
                                                                                                                                                                            Physical volume "/dev/vdb" changed
-1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                            
-
                                                                                                                                                                          2. Expand 100% of the free capacity to the logical volume. vgpaas/thinpool specifies the logical volume used by the container engine.
                                                                                                                                                                            lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                            
-
                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                            
-
                                                                                                                                                                            Size of logical volume vgpaas/thinpool changed from <67.00 GiB (23039 extents) to <167.00 GiB (48639 extents).
-Logical volume vgpaas/thinpool successfully resized.
                                                                                                                                                                            
-
                                                                                                                                                                          3. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                          4. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the thin pool, the capacity is expanded.
                                                                                                                                                                            # lsblk
-NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
-vda                                   8:0    0   50G  0 disk 
-└─vda1                                8:1    0   50G  0 part /
-vdb                                   8:16   0  200G  0 disk 
-├─vgpaas-dockersys                  253:0    0   18G  0 lvm  /var/lib/docker    
-├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
-│ └─vgpaas-thinpool                 253:3    0   167G  0 lvm             # Thin pool space after capacity expansion
-│   ...
-├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
-│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
-│   ...
-└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                            
-
                                                                                                                                                                          
-
                                                                                                                                                                          Option 2: Add the new disk capacity to the dockersys disk.
                                                                                                                                                                          
-
                                                                                                                                                                          1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                            pvresize /dev/vdb
                                                                                                                                                                            
-
                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                            
-
                                                                                                                                                                            Physical volume "/dev/vdb" changed
-1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                            
-
                                                                                                                                                                          2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                            lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                            
-
                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                            
-
                                                                                                                                                                            Size of logical volume vgpaas/dockersys changed from <18.00 GiB (4607 extents) to <118.00 GiB (30208 extents).
-Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                            
-
                                                                                                                                                                          3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                            resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                            
-
                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                            
-
                                                                                                                                                                            Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/docker; on-line resizing required
-old_desc_blocks = 3, new_desc_blocks = 15
-The filesystem on /dev/vgpaas/dockersys is now 30932992 blocks long.
                                                                                                                                                                            
-
                                                                                                                                                                          4. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the dockersys, the capacity is expanded.
                                                                                                                                                                            # lsblk
-NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
-vda                                   8:0    0   50G  0 disk 
-└─vda1                                8:1    0   50G  0 part /
-vdb                                   8:16   0  200G  0 disk 
-├─vgpaas-dockersys                  253:0    0   118G  0 lvm  /var/lib/docker     # dockersys after capacity expansion
-├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
-│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm             
-│   ...
-├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
-│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
-│   ...
-└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                            
-
                                                                                                                                                                          
-
                                                                                                                                                                        
-
                                                                                                                                                                      
+
                                                                                                                                                                      Expand the data disk capacity as required. For details, see Expanding the Storage Space.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_10016.html b/docs/cce/umn/cce_bestpractice_10016.html
index b4e61acc8..0f9b32e97 100644
--- a/docs/cce/umn/cce_bestpractice_10016.html
+++ b/docs/cce/umn/cce_bestpractice_10016.html
@@ -4,64 +4,64 @@
 
                                                                                                                                                                      When you use CCE to create a Kubernetes cluster, there are multiple configuration options and terms. This section compares the key configurations for CCE clusters and provides recommendations to help you create a cluster that better suits your needs.
                                                                                                                                                                      
 
                                                                                                                                                                      Cluster Types
                                                                                                                                                                      CCE supports CCE Turbo clusters and CCE standard clusters to meet your requirements. This section describes the differences between these two types of clusters.
                                                                                                                                                                      
 
-
                                                                                                                                                                      Table 1 Cluster types
                                                                                                                                                                      Category
                                                                                                                                                                      
+
                                                                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -71,7 +71,7 @@
 
                                                                                                                                                                      Cluster Versions
                                                                                                                                                                      Due to the fast iteration, many bugs are fixed and new features are added in the new Kubernetes versions. The old versions will be gradually eliminated. When creating a cluster, select the latest commercial version supported by CCE.
                                                                                                                                                                      
 
                                                                                                                                                                      Network Models
                                                                                                                                                                      This section describes the network models supported by CCE clusters. You can select one model based on your requirements.
                                                                                                                                                                      
-
                                                                                                                                                                       
                                                                                                                                                                      After clusters are created, the network models cannot be changed. Exercise caution when selecting the network models.
                                                                                                                                                                      
+
                                                                                                                                                                       
                                                                                                                                                                      After a cluster is created, the network model cannot be changed.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
 
                                                                                                                                                                      Table 1 Cluster types
                                                                                                                                                                      Category
                                                                                                                                                                      
 
                                                                                                                                                                      Subcategory
                                                                                                                                                                      
+
                                                                                                                                                                      Subcategory
                                                                                                                                                                      
 
                                                                                                                                                                      CCE Turbo Cluster
                                                                                                                                                                      
+
                                                                                                                                                                      CCE Turbo Cluster
                                                                                                                                                                      
 
                                                                                                                                                                      CCE Standard Cluster
                                                                                                                                                                      
+
                                                                                                                                                                      CCE Standard Cluster
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      
 
                                                                                                                                                                      Cluster
                                                                                                                                                                      
+
                                                                                                                                                                      Cluster
                                                                                                                                                                      
 
                                                                                                                                                                      Positioning
                                                                                                                                                                      
+
                                                                                                                                                                      Positioning
                                                                                                                                                                      
 
                                                                                                                                                                      Next-gen container cluster designed for Cloud Native 2.0, with accelerated computing, networking, and scheduling
                                                                                                                                                                      
+
                                                                                                                                                                      Next-gen container cluster designed for Cloud Native 2.0, with accelerated computing, networking, and scheduling
                                                                                                                                                                      
 
                                                                                                                                                                      Standard cluster for common commercial use
                                                                                                                                                                      
+
                                                                                                                                                                      Standard cluster for common commercial use
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      Node type
                                                                                                                                                                      
+
                                                                                                                                                                      Node type
                                                                                                                                                                      
 
                                                                                                                                                                      Deployment of VMs
                                                                                                                                                                      
+
                                                                                                                                                                      Deployment of VMs
                                                                                                                                                                      
 
                                                                                                                                                                      Deployment of VMs and bare-metal servers
                                                                                                                                                                      
+
                                                                                                                                                                      Deployment of VMs
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      Networking
                                                                                                                                                                      
+
                                                                                                                                                                      Networking
                                                                                                                                                                      
 
                                                                                                                                                                      Model
                                                                                                                                                                      
+
                                                                                                                                                                      Model
                                                                                                                                                                      
 
                                                                                                                                                                      Cloud Native Network 2.0: applies to large-scale and high-performance scenarios.
                                                                                                                                                                      
-
                                                                                                                                                                      Max networking scale: 2,000 nodes
                                                                                                                                                                      
+
                                                                                                                                                                      Cloud Native 2.0 networks: for scenarios where requirements on performance are high and there are many containers
                                                                                                                                                                      
+
                                                                                                                                                                      Max networking scale: 2,000 nodes
                                                                                                                                                                      
 
                                                                                                                                                                      Cloud Native Network 1.0: applies to common, smaller-scale scenarios.
                                                                                                                                                                      
-
                                                                                                                                                                      • Tunnel network model
                                                                                                                                                                      • VPC network model
                                                                                                                                                                      
+
                                                                                                                                                                      Cloud native 1.0 networks: for scenarios where requirements on performance are not high and there are not so many containers
                                                                                                                                                                      
+
                                                                                                                                                                      • Tunnel network model
                                                                                                                                                                      • VPC network model
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      Performance
                                                                                                                                                                      
+
                                                                                                                                                                      Performance
                                                                                                                                                                      
 
                                                                                                                                                                      Flattens the VPC network and container network into one, achieving zero performance loss.
                                                                                                                                                                      
+
                                                                                                                                                                      Flattens the VPC network and container network into one, achieving zero performance loss.
                                                                                                                                                                      
 
                                                                                                                                                                      Overlays the VPC network with the container network, causing certain performance loss.
                                                                                                                                                                      
+
                                                                                                                                                                      Overlays the VPC network with the container network, causing certain performance loss.
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      Container network isolation
                                                                                                                                                                      
+
                                                                                                                                                                      Container network isolation
                                                                                                                                                                      
 
                                                                                                                                                                      Associates pods with security groups. Unifies security isolation in and out the cluster via security groups' network policies.
                                                                                                                                                                      
+
                                                                                                                                                                      Associates pods with security groups. Unifies security isolation in and out the cluster via security groups' network policies.
                                                                                                                                                                      
 
                                                                                                                                                                      • Tunnel network model: supports network policies for intra-cluster communications.
                                                                                                                                                                      • VPC network model: supports no isolation.
                                                                                                                                                                      
+
                                                                                                                                                                      • Tunnel network model: supports network policies for intra-cluster communications.
                                                                                                                                                                      • VPC network model: supports no isolation.
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      Security
                                                                                                                                                                      
+
                                                                                                                                                                      Security
                                                                                                                                                                      
 
                                                                                                                                                                      Isolation
                                                                                                                                                                      
+
                                                                                                                                                                      Isolation
                                                                                                                                                                      
 
                                                                                                                                                                      • VM: runs common containers, isolated by cgroups.
                                                                                                                                                                      
+
                                                                                                                                                                      • VM: runs common containers, isolated by cgroups.
                                                                                                                                                                      
 
                                                                                                                                                                      Runs common containers, isolated by cgroups.
                                                                                                                                                                      
+
                                                                                                                                                                      Runs common containers, isolated by cgroups.
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      
                                                                                                                                                                       
 
                                                                                                                                                                      
-
-
-
                                                                                                                                                                      Table 2 Network model comparison
                                                                                                                                                                      Dimension
                                                                                                                                                                      
@@ -88,9 +88,9 @@
 
 
                                                                                                                                                                      • Low requirements on performance: As the container tunnel network requires additional VXLAN tunnel encapsulation, it has about 5% to 15% of performance loss when compared with the other two container network models. Therefore, the container tunnel network applies to the scenarios that do not have high performance requirements, such as web applications, and middle-end and back-end services with a small number of access requests.
                                                                                                                                                                      • Large-scale networking: Different from the VPC network that is limited by the VPC route quota, the container tunnel network does not have any restriction on the infrastructure. In addition, the container tunnel network controls the broadcast domain to the node level. The container tunnel network supports a maximum of 2000 nodes.
                                                                                                                                                                      
 
                                                                                                                                                                      • High performance requirements: As no tunnel encapsulation is required, the VPC network model delivers the performance close to that of a VPC network when compared with the container tunnel network model. Therefore, the VPC network model applies to scenarios that have high requirements on performance, such as AI computing and big data computing.
                                                                                                                                                                      • Small- and medium-scale networks: Due to the limitation on VPC routing tables, it is recommended that the number of nodes in a cluster be less than or equal to 1000.
                                                                                                                                                                      
+
                                                                                                                                                                      • High performance requirements: As no tunnel encapsulation is required, the VPC network model delivers the performance close to that of a VPC network when compared with the container tunnel network model. Therefore, the VPC network model applies to scenarios that have high requirements on performance, such as AI computing and big data computing.
                                                                                                                                                                      • Small- and medium-scale networks: Due to the limitation on VPC route tables, it is recommended that the number of nodes in a cluster be less than or equal to 1000.
                                                                                                                                                                      
 
                                                                                                                                                                      • High performance requirements: Cloud Native 2.0 networks use VPC networks to construct container networks, eliminating the need for tunnel encapsulation or NAT when containers communicate. This makes Cloud Native 2.0 networks ideal for scenarios that demand high bandwidth and low latency.
                                                                                                                                                                      • Large-scale networking: Cloud Native 2.0 networks support a maximum of 2,000 ECS nodes and 100,000 pods.
                                                                                                                                                                      
+
                                                                                                                                                                      • High performance requirements: Cloud Native Network 2.0 uses VPC networks to construct container networks, eliminating the need for tunnel encapsulation or NAT when containers communicate. This makes Cloud Native Network 2.0 ideal for scenarios that demand high bandwidth and low latency.
                                                                                                                                                                      • Large-scale networking: Cloud Native Network 2.0 supports up to 2,000 ECS nodes and 100,000 pods.
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      
 
                                                                                                                                                                      Core technology
                                                                                                                                                                      
@@ -152,8 +152,8 @@
                                                                                                                                                                       		
 
                                                                                                                                                                      A maximum of 2000 nodes are supported.
                                                                                                                                                                      
 
                                                                                                                                                                      Suitable for small- and medium-scale networks due to the limitation on VPC routing tables. It is recommended that the number of nodes be less than or equal to 1000.
                                                                                                                                                                      
-
                                                                                                                                                                      Each time a node is added to the cluster, a route is added to the VPC routing tables. Evaluate the cluster scale that is limited by the VPC routing tables before creating the cluster. 
                                                                                                                                                                      
+
                                                                                                                                                                      Suitable for small- and medium-scale networks due to the limitation on VPC route tables. It is recommended that the number of nodes be less than or equal to 1000.
                                                                                                                                                                      
+
                                                                                                                                                                      Each time a node is added to the cluster, a route is added to the VPC route tables. Evaluate the cluster scale that is limited by the VPC route tables before creating the cluster. 
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      A maximum of 2000 nodes are supported.
                                                                                                                                                                      
 
                                                                                                                                                                      In a cloud-native network 2.0 cluster, containers' IP addresses are assigned from VPC CIDR blocks, and the number of containers supported is restricted by these blocks. Evaluate the cluster's scale limitations before creating it.
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_10017.html b/docs/cce/umn/cce_bestpractice_10017.html
index 6e0ea15ce..619598f29 100644
--- a/docs/cce/umn/cce_bestpractice_10017.html
+++ b/docs/cce/umn/cce_bestpractice_10017.html
@@ -41,7 +41,7 @@
 
 
 
-
                                                                                                                                                                      Selecting a Network Model
                                                                                                                                                                      • Network model: CCE supports VPC network, Cloud Native 2.0 network, and container tunnel network models for your clusters. Different models have different performance and functions. For details, see Network Models.
                                                                                                                                                                      • VPC network: To enable your applications to access other cloud services like RDS, create related services in the same VPC network as your cluster which runs these applications. This is because services using different VPC networks are isolated from each other. If you have created instances, use VPC peering connections to enable communications between VPCs.
                                                                                                                                                                      • Container CIDR block: Do not configure a small container CIDR block. Otherwise, the number of supported nodes will be limited.
                                                                                                                                                                        • For a cluster using a VPC network, if the subnet mask of the container CIDR block is /16, there are 256 x 256 IP addresses available. If the maximum number of pods reserved on each node is 128, the maximum number of nodes supported is 512.
                                                                                                                                                                        • For a cluster using a container tunnel network, if the subnet mask of the container CIDR block is /16, there are 256 x 256 IP addresses assigned to your cluster. The container CIDR block allocates 16 IP addresses to the nodes at a time by default. The maximum number of nodes supported by your cluster is 4096 (65536/16=4096).
                                                                                                                                                                        • For a cluster using a Cloud Native 2.0 network, the container CIDR block is the VPC subnet, and the number of containers can be created depends on the size of the selected subnet.
                                                                                                                                                                        
+
                                                                                                                                                                        Selecting a Network Model
                                                                                                                                                                        • Network model: CCE supports VPC, Cloud Native 2.0, and container tunnel network models for your clusters. Different models have different performance and functions. For details, see Network Models.
                                                                                                                                                                        • VPC network: To enable your applications to access other cloud services like RDS, create related services in the same VPC network as your cluster which runs these applications. This is because services using different VPC networks are isolated from each other. If you have created instances, use VPC peering connections to enable communications between VPCs.
                                                                                                                                                                        • Container CIDR block: Do not configure a small container CIDR block. Otherwise, the number of supported nodes will be limited.
                                                                                                                                                                          • For a cluster using a VPC network, if the subnet mask of the container CIDR block is /16, there are 256 x 256 IP addresses available. If the maximum number of pods reserved on each node is 128, the maximum number of nodes supported is 512.
                                                                                                                                                                          • For a cluster using a container tunnel network, if the subnet mask of the container CIDR block is /16, there are 256 x 256 IP addresses assigned to your cluster. The container CIDR block allocates 16 IP addresses to the nodes at a time by default. The maximum number of nodes supported by your cluster is 4096 (65536/16=4096).
                                                                                                                                                                          • For a cluster using a Cloud Native 2.0 network, the container CIDR block is the VPC subnet, and the number of containers can be created depends on the size of the selected subnet.
                                                                                                                                                                          
 
                                                                                                                                                                        • Service CIDR block: The service CIDR block determines the upper limit of Service resources in your cluster. Evaluate your actual needs and then configure the CIDR block. A created CIDR block cannot be modified. Do not configure an excessively small one.
                                                                                                                                                                        
 
                                                                                                                                                                        For details, see Planning CIDR Blocks for a Cluster.
                                                                                                                                                                        
 
                                                                                                                                                                        
@@ -52,7 +52,7 @@
 
                                                                                                                                                                        Configuring Quotas and Limits for the Cloud Service Resources and Resources in a Cluster
                                                                                                                                                                        CCE allows you to configure resource quotas and limits for your cloud service resources and resources in your clusters. This prevents excessive use of resources. When creating your applications for CCE clusters, consider these limits and periodically review them. This will avoid scaling failures caused by insufficient quotas during application running.
                                                                                                                                                                        
 
                                                                                                                                                                        • Configuring resource quotas for cloud services: Cloud services like ECS, EVS, VPC, ELB, and SWR are also used to run the CCE clusters. If the existing resource quotas cannot meet your requirements, submit a service ticket to increase the quotas.
                                                                                                                                                                        • Configuring resource quotas for a cluster: You are allowed to configure the namespace-level resource quotas to limit the number of objects of a certain type created in a namespace and the total computing resources like CPU and memory consumed by the objects. For details, see Configuring Resource Quotas.
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        Partitioning Data Disks Attached to a Node
                                                                                                                                                                        By default, the first data disk of a worker node is for storing the container runtime and kubelet components. The remaining capacity of this data disk affects image download and container startup and running. For details, see Data Disk Space Allocation.
                                                                                                                                                                        
+
                                                                                                                                                                        Partitioning Data Disks Attached to a Node
                                                                                                                                                                        By default, the first data disk of a worker node is for storing the container runtime and kubelet components. The remaining capacity of this data disk affects image download and container startup and running. For details, see Space Allocation of a Data Disk.
                                                                                                                                                                        
 
                                                                                                                                                                        The default space of this date disk is 100 GiB. You can adjust the space as required. Images, system logs, and application logs are stored on data disks. Therefore, you need to evaluate the number of pods to be deployed on each node, the size of logs, images, and temporary data of each pod, as well as some reserved space for the system. For details, see Selecting a Data Disk for the Node.
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        Running npd
                                                                                                                                                                        A failure in a worker node may affect the availability of the applications. CCE Node Problem Detector is used to monitor node exceptions. It helps you detect and handle latent exceptions in a timely manner. You can also customize the check items, including target node, check period, and triggering threshold. For details, see Configuring Node Fault Detection Policies.
                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_bestpractice_10020.html b/docs/cce/umn/cce_bestpractice_10020.html
index 84c9fdd9a..e5d6a8814 100644
--- a/docs/cce/umn/cce_bestpractice_10020.html
+++ b/docs/cce/umn/cce_bestpractice_10020.html
@@ -1,25 +1,25 @@
 
 
 
                                                                                                                                                                        Executing the Pre- or Post-installation Commands During Node Creation
                                                                                                                                                                        
-
                                                                                                                                                                        Background
                                                                                                                                                                        When creating a node, use the pre- or -installation commands to install tools or perform security hardening on the node. This section provides guidance for you to correctly use the pre- or post-installation scripts. 
                                                                                                                                                                        
+
                                                                                                                                                                        Background
                                                                                                                                                                        When creating a node, use the pre- or -installation commands to install tools or perform security hardening on the node. This section provides guidance for you to correctly use the pre- or post-installation scripts. 
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        Precautions
                                                                                                                                                                        • Do not use pre- or post-installation scripts that take a long time to execute.
                                                                                                                                                                          The pre-installation script has a 15-minute time limit, while the post-installation script has a 30-minute time limit. If the node is not available within the designated time, the node reclaim process will be initiated. Therefore, do not use pre- or post-installation scripts that take a long time to execute.
                                                                                                                                                                          
-
                                                                                                                                                                        • Do not directly use reboot in the script.
                                                                                                                                                                          CCE executes the post-installation command after installing mandatory components on a node. The node will be available only after the post-installation command is executed. If you run reboot directly, the node may be restarted before its status is reported. As a result, it cannot reach the running state within 30 minutes, and a rollback due to timeout will be triggered. Therefore, do not use reboot.
                                                                                                                                                                          
-
                                                                                                                                                                          If you need to restart a node, perform the following operations:
                                                                                                                                                                          
-
                                                                                                                                                                          • Run shutdown -r <time > in the script to delay the restart. For example, you can run shutdown -r 1 to delay the restart for 1 minute.
                                                                                                                                                                          • After the node is available, manually restart it.
                                                                                                                                                                          
+
                                                                                                                                                                          Precautions
                                                                                                                                                                          • Do not use pre- or post-installation scripts that take a long time to execute.
                                                                                                                                                                            The pre-installation script has a 15-minute time limit, while the post-installation script has a 30-minute time limit. If the node is not available within the designated time, the node reclaim process will be initiated. Therefore, do not use pre- or post-installation scripts that take a long time to execute.
                                                                                                                                                                            
+
                                                                                                                                                                          • Do not directly use reboot in the script.
                                                                                                                                                                            CCE executes the post-installation command after installing mandatory components on a node. The node will be available only after the post-installation command is executed. If you run reboot directly, the node may be restarted before its status is reported. As a result, it cannot reach the running state within 30 minutes, and a rollback due to timeout will be triggered. Therefore, do not use reboot.
                                                                                                                                                                            
+
                                                                                                                                                                            If you need to restart a node, perform the following operations:
                                                                                                                                                                            
+
                                                                                                                                                                            • Run shutdown -r <time > in the script to delay the restart. For example, you can run shutdown -r 1 to delay the restart for 1 minute.
                                                                                                                                                                            • After the node is available, manually restart it.
                                                                                                                                                                            
 
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Procedure
                                                                                                                                                                          1. Log in to the CCE console. In the navigation pane, choose Clusters. Click the target cluster name to access the cluster console.
                                                                                                                                                                          2. Choose Nodes in the navigation pane, click the Nodes tab, click Create Node in the right corner, and configure the parameters.
                                                                                                                                                                          3. In the Advanced Settings area, enter pre- or post-installation commands.
                                                                                                                                                                            
-
                                                                                                                                                                            For example, you can create iptables rules by running a post-installation command to allow a maximum of 25 TCP data packets to be addressed to port 80 per minute and allow a maximum of 100 data packets to be addressed to the port when the limit is exceeded to prevent DDoS attacks.
                                                                                                                                                                            
-
                                                                                                                                                                            iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
                                                                                                                                                                            
-
                                                                                                                                                                             
                                                                                                                                                                            The command example here is for reference only.
                                                                                                                                                                            
+
                                                                                                                                                                            Procedure
                                                                                                                                                                            1. Log in to the CCE console. In the navigation pane, choose Clusters. Click the target cluster name to access the cluster console.
                                                                                                                                                                            2. Choose Nodes in the navigation pane, click the Nodes tab, click Create Node in the right corner, and configure the parameters.
                                                                                                                                                                            3. In the Advanced Settings area, enter pre- or post-installation commands.
                                                                                                                                                                              
+
                                                                                                                                                                              For example, you can create iptables rules by running a post-installation command to allow a maximum of 25 TCP data packets to be addressed to port 80 per minute and allow a maximum of 100 data packets to be addressed to the port when the limit is exceeded to prevent DDoS attacks.
                                                                                                                                                                              
+
                                                                                                                                                                              iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
                                                                                                                                                                              
+
                                                                                                                                                                               
                                                                                                                                                                              The command example here is for reference only.
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                            4. After the configuration, enter the number of nodes to be created and click Next: Confirm.
                                                                                                                                                                            5. Click Submit.
                                                                                                                                                                            
+
                                                                                                                                                                          4. After the configuration, enter the number of nodes to be created and click Next: Confirm.
                                                                                                                                                                          5. Click Submit.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        Parent topic: Cluster
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: Node O&M
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
diff --git a/docs/cce/umn/cce_bestpractice_10020_0.html b/docs/cce/umn/cce_bestpractice_10020_0.html
index 922f473ca..0af683c6a 100644
--- a/docs/cce/umn/cce_bestpractice_10020_0.html
+++ b/docs/cce/umn/cce_bestpractice_10020_0.html
@@ -1,25 +1,25 @@
 
 
 
                                                                                                                                                                        Executing the Pre- or Post-installation Commands During Node Creation
                                                                                                                                                                        
-
                                                                                                                                                                        Background
                                                                                                                                                                        When creating a node, use the pre- or -installation commands to install tools or perform security hardening on the node. This section provides guidance for you to correctly use the pre- or post-installation scripts. 
                                                                                                                                                                        
+
                                                                                                                                                                        Background
                                                                                                                                                                        When creating a node, use the pre- or -installation commands to install tools or perform security hardening on the node. This section provides guidance for you to correctly use the pre- or post-installation scripts. 
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        Precautions
                                                                                                                                                                        • Do not use pre- or post-installation scripts that take a long time to execute.
                                                                                                                                                                          The pre-installation script has a 15-minute time limit, while the post-installation script has a 30-minute time limit. If the node is not available within the designated time, the node reclaim process will be initiated. Therefore, do not use pre- or post-installation scripts that take a long time to execute.
                                                                                                                                                                          
-
                                                                                                                                                                        • Do not directly use reboot in the script.
                                                                                                                                                                          CCE executes the post-installation command after installing mandatory components on a node. The node will be available only after the post-installation command is executed. If you run reboot directly, the node may be restarted before its status is reported. As a result, it cannot reach the running state within 30 minutes, and a rollback due to timeout will be triggered. Therefore, do not use reboot.
                                                                                                                                                                          
-
                                                                                                                                                                          If you need to restart a node, perform the following operations:
                                                                                                                                                                          
-
                                                                                                                                                                          • Run shutdown -r <time > in the script to delay the restart. For example, you can run shutdown -r 1 to delay the restart for 1 minute.
                                                                                                                                                                          • After the node is available, manually restart it.
                                                                                                                                                                          
+
                                                                                                                                                                          Precautions
                                                                                                                                                                          • Do not use pre- or post-installation scripts that take a long time to execute.
                                                                                                                                                                            The pre-installation script has a 15-minute time limit, while the post-installation script has a 30-minute time limit. If the node is not available within the designated time, the node reclaim process will be initiated. Therefore, do not use pre- or post-installation scripts that take a long time to execute.
                                                                                                                                                                            
+
                                                                                                                                                                          • Do not directly use reboot in the script.
                                                                                                                                                                            CCE executes the post-installation command after installing mandatory components on a node. The node will be available only after the post-installation command is executed. If you run reboot directly, the node may be restarted before its status is reported. As a result, it cannot reach the running state within 30 minutes, and a rollback due to timeout will be triggered. Therefore, do not use reboot.
                                                                                                                                                                            
+
                                                                                                                                                                            If you need to restart a node, perform the following operations:
                                                                                                                                                                            
+
                                                                                                                                                                            • Run shutdown -r <time > in the script to delay the restart. For example, you can run shutdown -r 1 to delay the restart for 1 minute.
                                                                                                                                                                            • After the node is available, manually restart it.
                                                                                                                                                                            
 
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Procedure
                                                                                                                                                                          1. Log in to the CCE console. In the navigation pane, choose Clusters. Click the target cluster name to access the cluster console.
                                                                                                                                                                          2. Choose Nodes in the navigation pane, click the Nodes tab, click Create Node in the right corner, and configure the parameters.
                                                                                                                                                                          3. In the Advanced Settings area, enter pre- or post-installation commands.
                                                                                                                                                                            
-
                                                                                                                                                                            For example, you can create iptables rules by running a post-installation command to allow a maximum of 25 TCP data packets to be addressed to port 80 per minute and allow a maximum of 100 data packets to be addressed to the port when the limit is exceeded to prevent DDoS attacks.
                                                                                                                                                                            
-
                                                                                                                                                                            iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
                                                                                                                                                                            
-
                                                                                                                                                                             
                                                                                                                                                                            The command example here is for reference only.
                                                                                                                                                                            
+
                                                                                                                                                                            Procedure
                                                                                                                                                                            1. Log in to the CCE console. In the navigation pane, choose Clusters. Click the target cluster name to access the cluster console.
                                                                                                                                                                            2. Choose Nodes in the navigation pane, click the Nodes tab, click Create Node in the right corner, and configure the parameters.
                                                                                                                                                                            3. In the Advanced Settings area, enter pre- or post-installation commands.
                                                                                                                                                                              
+
                                                                                                                                                                              For example, you can create iptables rules by running a post-installation command to allow a maximum of 25 TCP data packets to be addressed to port 80 per minute and allow a maximum of 100 data packets to be addressed to the port when the limit is exceeded to prevent DDoS attacks.
                                                                                                                                                                              
+
                                                                                                                                                                              iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
                                                                                                                                                                              
+
                                                                                                                                                                               
                                                                                                                                                                              The command example here is for reference only.
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                            4. After the configuration, enter the number of nodes to be created and click Next: Confirm.
                                                                                                                                                                            5. Click Submit.
                                                                                                                                                                            
+
                                                                                                                                                                          4. After the configuration, enter the number of nodes to be created and click Next: Confirm.
                                                                                                                                                                          5. Click Submit.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        Parent topic: Node O&M
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: Cluster
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
diff --git a/docs/cce/umn/cce_bestpractice_10021.html b/docs/cce/umn/cce_bestpractice_10021.html
new file mode 100644
index 000000000..5b2d3e155
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_10021.html
@@ -0,0 +1,34 @@
+
+
+
                                                                                                                                                                        Reporting Prometheus Monitoring Data to a Third-Party Monitoring Platform
                                                                                                                                                                        
+
                                                                                                                                                                        Application Scenarios
                                                                                                                                                                        The Cloud Native Cluster Monitoring add-on can report Prometheus metrics collected from clusters to a specified platform, for example, AOM or a third-party platform that supports Prometheus metrics. This section explains how to configure settings for Cloud Native Cluster Monitoring to send collected metrics to a third-party's Prometheus instance.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Step 1: Obtain the Data Reporting Address
                                                                                                                                                                        Prometheus provides standard Remote Write APIs. You can enter the source address (Remote Write URL) in the Cloud Native Cluster Monitoring add-on for storing the locally collected monitoring data in a Prometheus instance remotely.
                                                                                                                                                                        
+
                                                                                                                                                                        • If the Prometheus instance for receiving data is provided by a third-party vendor, view the Remote Write URL on the vendor's console.
                                                                                                                                                                        • If the Prometheus instance for receiving data is an on-premises one, the Remote Write URL is https:// {prometheus_addr} /api/v1/write, where {prometheus_addr} indicates the IP address and port number for external access.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Step 2: Obtain the Authentication Mode
                                                                                                                                                                        • For the third-party Prometheus instance, go to the vendor's console to view the token or account password used for authorized access.
                                                                                                                                                                        • For the on-premises Prometheus instance, perform the following steps to obtain a token:
                                                                                                                                                                          1. If this Prometheus instance is deployed in a Kubernetes cluster, view the token in the corresponding container. If this Prometheus instance is deployed on a VM, skip this step.
                                                                                                                                                                            kubectl exec -ti -n monitoring prometheus-server-0 -- sh
                                                                                                                                                                            
+
                                                                                                                                                                            Replace the variables in the command as needed:
                                                                                                                                                                            
+
                                                                                                                                                                            • monitoring: indicates the namespace where a Prometheus pod is in.
                                                                                                                                                                            • prometheus-server-0: indicates the name of a Prometheus pod.
                                                                                                                                                                            
+
                                                                                                                                                                          2. Check the location of the configuration file.
                                                                                                                                                                            ps -aux | grep prometheus
                                                                                                                                                                            
+
                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                            
+
                                                                                                                                                                            
+
                                                                                                                                                                          3. View and record the token information in prometheus.env.yaml.
                                                                                                                                                                            cat /etc/prometheus/config_out/prometheus.env.yaml
                                                                                                                                                                            
+
                                                                                                                                                                            
+
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Step 3: Connect to a Third-Party Monitoring Platform
                                                                                                                                                                        1. Log in to the CCE console, click the name of a cluster with the Cloud Native Cluster Monitoring add-on installed to access the cluster console.
                                                                                                                                                                        2. In the navigation pane, choose Add-ons, locate the Cloud Native Cluster Monitoring add-on, and click Edit.
                                                                                                                                                                        3. Enable Report Monitoring Data to a Third-Party Platform so that the data collected by Cloud Native Cluster Monitoring can be reported to a third-party monitoring platform.
                                                                                                                                                                          • Source Address: Remote Write URL obtained in step 1, for example, https://127.0.0.1:9090/api/v1/write.
                                                                                                                                                                          • Authentication method: Select the authentication method supported by the third-party monitoring platform in step 2.
                                                                                                                                                                            • Basic Auth: Enter the user name and password.
                                                                                                                                                                            • Bearer Token: Enter the identity credential (token).
                                                                                                                                                                            
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                        4. After the modification is complete, click OK.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Step 4: Check the Data Sending and Receiving Statuses
                                                                                                                                                                        After the preceding configuration is complete, log in to the Prometheus console supported by the third-party platform and view the Prometheus metrics with remote write on the Graph page.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: Monitoring
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_bestpractice_10024.html b/docs/cce/umn/cce_bestpractice_10024.html
index c516390ef..1febfa26e 100644
--- a/docs/cce/umn/cce_bestpractice_10024.html
+++ b/docs/cce/umn/cce_bestpractice_10024.html
@@ -55,14 +55,14 @@
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
-
                                                                                                                                                                      Upgrading the Cluster Version
                                                                                                                                                                      As the CCE cluster version evolves, new overload protection features and optimizations are regularly introduced. It is recommended that you promptly upgrade your clusters to the latest version. For details, see Upgrading a Cluster.
                                                                                                                                                                      
+
                                                                                                                                                                      Upgrading the Cluster Version
                                                                                                                                                                      As the CCE cluster version evolves, new overload protection features and optimizations are regularly introduced. It is recommended that you promptly upgrade your clusters to the latest version. For details, see Process and Method of Upgrading a Cluster.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Enabling Overload Control
                                                                                                                                                                      After overload control is enabled, concurrent LIST requests outside the system will be dynamically controlled based on the resource demands received by master nodes to ensure the stable running of the master nodes and the cluster.
                                                                                                                                                                      
 
                                                                                                                                                                      For details, see Cluster Overload Control.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Enabling Observability
                                                                                                                                                                      Observability is crucial for maintaining the reliability and stability of clusters. By using monitoring, alarms, and logs, administrators can gain a better understanding of the clusters' performance, promptly identify any issues, and take corrective action in a timely manner.
                                                                                                                                                                      
 
                                                                                                                                                                      Monitoring configurations
                                                                                                                                                                      
-
                                                                                                                                                                      • You can check the monitoring information about master nodes on the Overview page of the CCE cluster console.
                                                                                                                                                                      
+
                                                                                                                                                                      • You can check the monitoring information about master nodes on the Overview page of the CCE cluster console.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Controlling Data Volume of Resources
                                                                                                                                                                      When the resource data volume in a cluster is too large, it can negatively impact etcd performance, including data read and write latency. Additionally, if the data volume of a single type of resource is too large, the control plane consumes a significant number of resources when a client requests all the resources. To avoid these issues, it is recommended that you keep both the etcd data volume and the data volume of a single type of resources under control.
                                                                                                                                                                      
 
diff --git a/docs/cce/umn/cce_bestpractice_10041.html b/docs/cce/umn/cce_bestpractice_10041.html
index 0390b38c7..74d5ae75b 100644
--- a/docs/cce/umn/cce_bestpractice_10041.html
+++ b/docs/cce/umn/cce_bestpractice_10041.html
@@ -1,9 +1,9 @@
 
 
-
                                                                                                                                                                      Accessing an IP Address Outside a Cluster That Uses a VPC Network Using Source Pod IP Addresses in the Cluster
                                                                                                                                                                      
+
                                                                                                                                                                      Accessing an IP Address Outside of a Cluster That Uses a VPC Network by Using Source Pod IP Addresses Within the Cluster
                                                                                                                                                                      
 
                                                                                                                                                                      In a CCE cluster that uses a VPC network, when pods try to communicate with external systems, CCE automatically translates the source IP addresses of the pods into the IP addresses of the nodes that are running them. This allows pods to communicate with external systems using the node IP addresses. This process is known as pod IP address masquerading or Source Network Address Translation (SNAT).
                                                                                                                                                                      
 
                                                                                                                                                                      You are allowed to configure private CIDR blocks for your clusters using the nonMasqueradeCIDRs parameter. If a pod tries to access a private CIDR block, the source node will not perform NAT on the pod IP address. Instead, the VPC route table can directly send the pod data packet to the destination, which means, the pod IP address is directly used to communicate with the private CIDR block in the cluster. 
                                                                                                                                                                      
-
                                                                                                                                                                      Figure 1 Pod IP address translation
                                                                                                                                                                      
+
                                                                                                                                                                      Figure 1 Pod IP address translation
                                                                                                                                                                      
 
                                                                                                                                                                      Prerequisites
                                                                                                                                                                      You have a cluster that uses the VPC network and whose version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Default Non-Masqueraded CIDR Block Settings in a CCE Cluster
                                                                                                                                                                      By default, CCE uses the following well-known private CIDR blocks as non-masqueraded CIDR blocks in each cluster:
                                                                                                                                                                      
@@ -23,7 +23,7 @@
 
                                                                                                                                                                      Before doing so, make sure you have evaluated your application scenario and understood the potential risks of improper configuration, because it may block access within clusters. If you are unsure whether to configure this parameter, it is recommended that you keep the default settings and adjust the configuration later once the requirement is clarified.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Procedure
                                                                                                                                                                      To reserve the source IP address of a pod when the pod accesses a CIDR block, you can configure nonMasqueradeCIDRs to specify the CIDR block that does not need to be masqueraded.
                                                                                                                                                                      
-
                                                                                                                                                                      1. Log in to the CCE console and click the name of the target cluster to access the cluster console.
                                                                                                                                                                      2. In the navigation pane, choose Settings and click the Network tab.
                                                                                                                                                                      3. Modify the range of the CIDR block for non-masquerading access to preserve the source pod IP address when accessing a specified CIDR block. Make sure the parameter configuration complies with the following rules:
                                                                                                                                                                        • Each CIDR block must comply with the CIDR format and must be a valid IPv4 CIDR block.
                                                                                                                                                                          Example of a correct CIDR block: 192.168.1.0/24
                                                                                                                                                                          
+
                                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                          2. In the navigation pane, choose Settings and click the Network tab.
                                                                                                                                                                          3. Modify the range of the CIDR blocks for non-masquerading access to preserve the source pod IP address when accessing a specified CIDR block. Make sure the parameter configuration complies with the following rules:
                                                                                                                                                                            • Each CIDR block must comply with the CIDR format and must be a valid IPv4 CIDR block.
                                                                                                                                                                              Example of a correct CIDR block: 192.168.1.0/24
                                                                                                                                                                              
 
                                                                                                                                                                              Example of an incorrect CIDR block: 192.168.1.1/24 (incompliant with the CIDR format)
                                                                                                                                                                              
 
                                                                                                                                                                            • The CIDR blocks you configured do not overlap with each other.
                                                                                                                                                                              Example of correct CIDR blocks: 192.168.1.0/24 and 192.168.2.0/24
                                                                                                                                                                              
 
                                                                                                                                                                              Example of incorrect CIDR blocks: 192.168.1.0/24 and 192.168.1.128/25 (The two CIDR blocks overlap.)
                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bulletin_0000.html b/docs/cce/umn/cce_bulletin_0000.html
index 5c3a01a8a..18346db6f 100644
--- a/docs/cce/umn/cce_bulletin_0000.html
+++ b/docs/cce/umn/cce_bulletin_0000.html
@@ -4,8 +4,6 @@
 
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                                
-
                                                                                                                                                                              • Kubernetes Version Policy
                                                                                                                                                                                
-
                                                                                                                                                                                • 
 
                                                                                                                                                                              • EOM of CentOS
                                                                                                                                                                                
 
                                                                                                                                                                                • 
 
                                                                                                                                                                              • Security Vulnerability Responses
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_bulletin_0026.html b/docs/cce/umn/cce_bulletin_0026.html
index 61b2bfdce..5a86fead7 100644
--- a/docs/cce/umn/cce_bulletin_0026.html
+++ b/docs/cce/umn/cce_bulletin_0026.html
@@ -2,9 +2,9 @@
 
 
                                                                                                                                                                                Kubernetes 1.21 (EOM) Release Notes
                                                                                                                                                                                
 
                                                                                                                                                                                This section describes the updates in CCE Kubernetes 1.21.
                                                                                                                                                                                
-
                                                                                                                                                                                Resource Changes and Deprecations
                                                                                                                                                                                Kubernetes 1.21 Release Notes
                                                                                                                                                                                
+
                                                                                                                                                                                Resource Changes and Deprecations
                                                                                                                                                                                Kubernetes v1.21 Release Notes
                                                                                                                                                                                
 
                                                                                                                                                                                • CronJob is now in the stable state, and the version number changes to batch/v1.
                                                                                                                                                                                • The immutable Secret and ConfigMap have now been upgraded to the stable state. A new immutable field is added to these objects to reject changes. The rejection protects clusters from accidental updates that may cause application outages. As these resources are immutable, kubelet does not monitor or poll for changes. This reduces the load of kube-apiserver and improves scalability and performance of your clusters. For more information, see Immutable ConfigMaps.
                                                                                                                                                                                • Graceful node shutdown has been upgraded to the test state. With this update, kubelet can detect that a node is shut down and gracefully terminate the pods on the node. Prior to this update, when the node was shut down, its pod did not follow the expected termination lifecycle, which caused workload problems. Now kubelet can use systemd to detect the systems that are about to be shut down and notify the running pods to terminate them gracefully.
                                                                                                                                                                                • For a pod with multiple containers, you can use kubectl.kubernetes.io/ to pre-select containers.
                                                                                                                                                                                • PodSecurityPolicy is deprecated. For details, see https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/.
                                                                                                                                                                                • The BoundServiceAccountTokenVolume feature is in beta testing, which has changed the method of mounting tokens into pods for enhanced token security of the service account. This feature is enabled by default in Kubernetes clusters of v1.21 and later versions.
                                                                                                                                                                                
-
                                                                                                                                                                                Kubernetes 1.20 Release Notes
                                                                                                                                                                                
+
                                                                                                                                                                                Kubernetes v1.20 Release Notes
                                                                                                                                                                                
 
                                                                                                                                                                                • The API priority and fairness have reached the test state and are enabled by default. This allows kube-apiserver to classify incoming requests by priority. For more information, see API Priority and Fairness.
                                                                                                                                                                                • The bug of exec probe timeouts is fixed. Before this bug is fixed, the exec probe does not consider the timeoutSeconds field. Instead, the probe will run indefinitely, even beyond its configured deadline. It will stop until the result is returned. Now, if no value is specified, the default value is used, that is, one second. If the detection time exceeds one second, the application health check may fail. During the upgrade, update the timeoutSeconds field for the applications that use this feature. The repair provided by the newly introduced ExecProbeTimeout feature gating enables the cluster operator to restore the previous behavior, but this behavior will be locked and removed in later versions.
                                                                                                                                                                                • RuntimeClass enters the stable state. RuntimeClass provides a mechanism to support multiple runtimes in a cluster and expose information about the container runtime to the control plane.
                                                                                                                                                                                • kubectl debugging has reached the test state. kubectl debugging provides support for common debugging workflows.
                                                                                                                                                                                • dockershim was marked as deprecated in Kubernetes 1.20. Currently, you can continue to use Docker in the cluster. This change is irrelevant to the container image used by clusters. You can still use Docker to build your images. For more information, see Dockershim Deprecation FAQ.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                References
                                                                                                                                                                                For more details about the performance comparison and function evolution between Kubernetes 1.21 and other versions, see the following documents:
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_bulletin_0027.html b/docs/cce/umn/cce_bulletin_0027.html
index ca1c56d54..a5b80ff1d 100644
--- a/docs/cce/umn/cce_bulletin_0027.html
+++ b/docs/cce/umn/cce_bulletin_0027.html
@@ -2,9 +2,9 @@
 
 
                                                                                                                                                                                Kubernetes 1.23 Release Notes
                                                                                                                                                                                
 
                                                                                                                                                                                This section describes the updates in CCE Kubernetes 1.23.
                                                                                                                                                                                
-
                                                                                                                                                                                Resource Changes and Deprecations
                                                                                                                                                                                Kubernetes 1.23 Release Notes
                                                                                                                                                                                
+
                                                                                                                                                                                Resource Changes and Deprecations
                                                                                                                                                                                Kubernetes v1.23 Release Notes
                                                                                                                                                                                
 
                                                                                                                                                                                • FlexVolume is deprecated. Use CSI.
                                                                                                                                                                                • HorizontalPodAutoscaler v2 is promoted to GA, and HorizontalPodAutoscaler API v2 is gradually stable in version 1.23. The HorizontalPodAutoscaler v2beta2 API is not recommended. Use the v2 API.
                                                                                                                                                                                • PodSecurity moves to beta, replacing the deprecated PodSecurityPolicy. PodSecurity is an admission controller that enforces pod security standards on pods in the namespace based on specific namespace labels that set the enforcement level. PodSecurity is enabled by default in version 1.23.
                                                                                                                                                                                
-
                                                                                                                                                                                Kubernetes 1.22 Release Notes
                                                                                                                                                                                
+
                                                                                                                                                                                Kubernetes v1.22 Release Notes
                                                                                                                                                                                
 
                                                                                                                                                                                • Ingresses no longer support networking.k8s.io/v1beta1 and extensions/v1beta1 APIs. If you use the API of an earlier version to manage ingresses, an application cannot be exposed to external services. Use networking.k8s.io/v1.
                                                                                                                                                                                • CustomResourceDefinitions no longer support the apiextensions.k8s.io/v1beta1 API. If you use the API of an earlier version to create a CRD, the creation will fail, which affects the controller that reconciles this CRD. Use apiextensions.k8s.io/v1.
                                                                                                                                                                                • ClusterRoles, ClusterRoleBindings, Roles, and RoleBindings no longer support the rbac.authorization.k8s.io/v1beta1 API. If you use the API of an earlier version to manage RBAC resources, application permissions control is affected and even cannot work in the cluster. Use rbac.authorization.k8s.io/v1.
                                                                                                                                                                                • The Kubernetes release cycle is changed from four releases a year to three releases a year.
                                                                                                                                                                                • StatefulSets support minReadySeconds.
                                                                                                                                                                                • During scale-in, pods are randomly selected and deleted based on the pod UID by default (LogarithmicScaleDown). This feature enhances the randomness of the pods to be deleted and alleviates the problems caused by pod topology spread constraints. For more information, see KEP-2185 and issue 96748.
                                                                                                                                                                                • The BoundServiceAccountTokenVolume feature is stable, which has changed the method of mounting tokens into pods for enhanced token security of the service account. This feature is enabled by default in Kubernetes clusters of v1.21 and later versions.
                                                                                                                                                                                  
 
                                                                                                                                                                                
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_bulletin_0033.html b/docs/cce/umn/cce_bulletin_0033.html
deleted file mode 100644
index 1e403bd37..000000000
--- a/docs/cce/umn/cce_bulletin_0033.html
+++ /dev/null
@@ -1,182 +0,0 @@
-
-
-
                                                                                                                                                                                Kubernetes Version Policy
                                                                                                                                                                                
-
                                                                                                                                                                                CCE provides highly scalable, high-performance, enterprise-class Kubernetes clusters. This section describes the Kubernetes version policy of CCE clusters.
                                                                                                                                                                                
-
                                                                                                                                                                                Lifecycle of CCE Cluster Versions
                                                                                                                                                                                
-
                                                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                                Kubernetes Version
                                                                                                                                                                                
-
                                                                                                                                                                                Status
                                                                                                                                                                                
-
                                                                                                                                                                                Community Release In
                                                                                                                                                                                
-
                                                                                                                                                                                Commercial Use of CCE Clusters
                                                                                                                                                                                
-
                                                                                                                                                                                EOS of CCE Clusters
                                                                                                                                                                                
-
                                                                                                                                                                                v1.30
                                                                                                                                                                                
-
                                                                                                                                                                                In commercial usea
                                                                                                                                                                                
-
                                                                                                                                                                                April 2024
                                                                                                                                                                                
-
                                                                                                                                                                                October 2024
                                                                                                                                                                                
-
                                                                                                                                                                                October 2026
                                                                                                                                                                                
-
                                                                                                                                                                                v1.29
                                                                                                                                                                                
-
                                                                                                                                                                                In commercial usea
                                                                                                                                                                                
-
                                                                                                                                                                                November 2023
                                                                                                                                                                                
-
                                                                                                                                                                                June 2024
                                                                                                                                                                                
-
                                                                                                                                                                                June 2026
                                                                                                                                                                                
-
                                                                                                                                                                                v1.28
                                                                                                                                                                                
-
                                                                                                                                                                                In commercial useb
                                                                                                                                                                                
-
                                                                                                                                                                                August 2023
                                                                                                                                                                                
-
                                                                                                                                                                                February 2024
                                                                                                                                                                                
-
                                                                                                                                                                                February 2026
                                                                                                                                                                                
-
                                                                                                                                                                                v1.27
                                                                                                                                                                                
-
                                                                                                                                                                                In commercial useb
                                                                                                                                                                                
-
                                                                                                                                                                                April 2023
                                                                                                                                                                                
-
                                                                                                                                                                                October 2023
                                                                                                                                                                                
-
                                                                                                                                                                                October 2025
                                                                                                                                                                                
-
                                                                                                                                                                                v1.25
                                                                                                                                                                                
-
                                                                                                                                                                                In commercial useb
                                                                                                                                                                                
-
                                                                                                                                                                                August 2022
                                                                                                                                                                                
-
                                                                                                                                                                                March 2023
                                                                                                                                                                                
-
                                                                                                                                                                                March 2025
                                                                                                                                                                                
-
                                                                                                                                                                                v1.23
                                                                                                                                                                                
-
                                                                                                                                                                                In commercial useb
                                                                                                                                                                                
-
                                                                                                                                                                                December 2021
                                                                                                                                                                                
-
                                                                                                                                                                                September 2022
                                                                                                                                                                                
-
                                                                                                                                                                                September 2024
                                                                                                                                                                                
-
                                                                                                                                                                                v1.21
                                                                                                                                                                                
-
                                                                                                                                                                                End of service (EOS)
                                                                                                                                                                                
-
                                                                                                                                                                                April 2021
                                                                                                                                                                                
-
                                                                                                                                                                                April 2022
                                                                                                                                                                                
-
                                                                                                                                                                                April 2024
                                                                                                                                                                                
-
                                                                                                                                                                                v1.19
                                                                                                                                                                                
-
                                                                                                                                                                                EOS
                                                                                                                                                                                
-
                                                                                                                                                                                August 2020
                                                                                                                                                                                
-
                                                                                                                                                                                March 2021
                                                                                                                                                                                
-
                                                                                                                                                                                September 2023
                                                                                                                                                                                
-
                                                                                                                                                                                v1.17
                                                                                                                                                                                
-
                                                                                                                                                                                EOS
                                                                                                                                                                                
-
                                                                                                                                                                                December 2019
                                                                                                                                                                                
-
                                                                                                                                                                                July 2020
                                                                                                                                                                                
-
                                                                                                                                                                                January 2023
                                                                                                                                                                                
-
                                                                                                                                                                                v1.15
                                                                                                                                                                                
-
                                                                                                                                                                                EOS
                                                                                                                                                                                
-
                                                                                                                                                                                June 2019
                                                                                                                                                                                
-
                                                                                                                                                                                December 2019
                                                                                                                                                                                
-
                                                                                                                                                                                September 2022
                                                                                                                                                                                
-
                                                                                                                                                                                v1.13
                                                                                                                                                                                
-
                                                                                                                                                                                EOS
                                                                                                                                                                                
-
                                                                                                                                                                                December 2018
                                                                                                                                                                                
-
                                                                                                                                                                                June 2019
                                                                                                                                                                                
-
                                                                                                                                                                                March 2022
                                                                                                                                                                                
-
                                                                                                                                                                                v1.11
                                                                                                                                                                                
-
                                                                                                                                                                                EOS
                                                                                                                                                                                
-
                                                                                                                                                                                August 2018
                                                                                                                                                                                
-
                                                                                                                                                                                October 2018
                                                                                                                                                                                
-
                                                                                                                                                                                March 2021
                                                                                                                                                                                
-
                                                                                                                                                                                v1.9
                                                                                                                                                                                
-
                                                                                                                                                                                EOS
                                                                                                                                                                                
-
                                                                                                                                                                                December 2017
                                                                                                                                                                                
-
                                                                                                                                                                                March 2018
                                                                                                                                                                                
-
                                                                                                                                                                                December 2020
                                                                                                                                                                                
-
                                                                                                                                                                                
-
                                                                                                                                                                                
-
                                                                                                                                                                                 
                                                                                                                                                                                The CCE console supports clusters of the latest two commercially used versions:
                                                                                                                                                                                
-
                                                                                                                                                                                • a: Clusters created using the console or APIs
                                                                                                                                                                                • b: Clusters created only using APIs
                                                                                                                                                                                
-
                                                                                                                                                                                
-
                                                                                                                                                                                
-
                                                                                                                                                                                Phases of CCE Cluster Versions
                                                                                                                                                                                • In commercial use: The cluster version has been fully verified and is stable and reliable. You can use clusters of this version in the production environment, and the CCE SLA is valid for such clusters.
                                                                                                                                                                                • EOS: After the cluster version EOS, CCE does not support the creation of new clusters or provide technical support including new feature updates, vulnerability or issue fixes, new patches, work order guidance, and online checks for the EOS cluster version. The CCE SLA is not valid for such clusters.
                                                                                                                                                                                
-
                                                                                                                                                                                
-
                                                                                                                                                                                CCE Cluster Versions
                                                                                                                                                                                CCE clusters are updated according to the versions available in the Kubernetes community. This means that a CCE cluster version is made up of both the Kubernetes community version number and the CCE patch version number. The CCE cluster version is in the format for vX.Y.Z-rN, such as v1.30.4-r0.
                                                                                                                                                                                
-
                                                                                                                                                                                • A Kubernetes version is in the format of X.Y.Z, which inherits the community version policy. The major Kubernetes version is represented by X, the minor Kubernetes version is represented by Y, and the Kubernetes patch version is represented by Z. For details, see the Kubernetes version policies. For details about the Kubernetes versions supported by CCE, see Kubernetes Version Release Notes.
                                                                                                                                                                                • A CCE patch version is in the format of, for example, v1.30.4-rN. New patches are released on an irregular basis for Kubernetes versions that are still in the maintenance period. If a new patch version provides new features, bug fixes, vulnerability fixes, or scenario optimizations compared with the previous version, the N version number increases. For details about the patch versions, see Patch Versions.
                                                                                                                                                                                
-
                                                                                                                                                                                
-
                                                                                                                                                                                Cluster Upgrade
                                                                                                                                                                                Periodically upgrade CCE clusters for better user experience. Using an EOS version, you cannot obtain technical support and CCE SLA assurance. Upgrade CCE clusters in a timely manner.
                                                                                                                                                                                
-
                                                                                                                                                                                On the CCE console, you can easily upgrade clusters in a visualized manner, improving the stability and reliability of clusters. For details, see Upgrade Overview.
                                                                                                                                                                                
-
                                                                                                                                                                                
-
                                                                                                                                                                                
-
                                                                                                                                                                                
-
                                                                                                                                                                                
-
                                                                                                                                                                                Parent topic: Product Bulletin
                                                                                                                                                                                
-
                                                                                                                                                                                
-
                                                                                                                                                                                
-
diff --git a/docs/cce/umn/cce_bulletin_0058.html b/docs/cce/umn/cce_bulletin_0058.html
index c1228642d..08803838f 100644
--- a/docs/cce/umn/cce_bulletin_0058.html
+++ b/docs/cce/umn/cce_bulletin_0058.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                                Indexes
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                New Features
                                                                                                                                                                                Kubernetes 1.25
                                                                                                                                                                                • Pod Security Admission is stable. PodSecurityPolicy is deprecated.
                                                                                                                                                                                  PodSecurityPolicy is replaced by Pod Security Admission. For details about the migration, see Migrate from PodSecurityPolicy to the Built-In PodSecurity Admission Controller.
                                                                                                                                                                                  
-
                                                                                                                                                                                • The ephemeral container is stable.
                                                                                                                                                                                  An ephemeral container is a container that runs temporarily in an existing pod. It is useful for troubleshooting, especially when kubectl exec cannot be used to check a container that breaks down or its image lacks a debugging tool.
                                                                                                                                                                                  
+
                                                                                                                                                                                • The ephemeral containers are stable.
                                                                                                                                                                                  An ephemeral container runs temporarily in an existing pod. It is useful for troubleshooting, especially when kubectl exec cannot be used to check a container that breaks down or its image lacks a debugging tool.
                                                                                                                                                                                  
 
                                                                                                                                                                                • Support for cgroups v2 enters the stable phase.
                                                                                                                                                                                  Kubernetes supports cgroups v2. cgroups v2 provides some improvements over cgroup v1. For details, see About cgroup v2.
                                                                                                                                                                                  
 
                                                                                                                                                                                • SeccompDefault moves to beta.
                                                                                                                                                                                  To enable this feature, add the startup parameter --seccomp-default=true to kubelet. In this way, seccomp is set to RuntimeDefault by default, improving system security. Clusters of v1.25 no longer support seccomp.security.alpha.kubernetes.io/pod and container.seccomp.security.alpha.kubernetes.io/annotation. Replace them with the securityContext.seccompProfile field in pods or containers. For details, see Configure a Security Context for a Pod or Container.
                                                                                                                                                                                   
                                                                                                                                                                                  After this feature is enabled, the system calls required by the application may be restricted by the runtime. Ensure that the debugging is performed in the test environment, so that application is not affected.
                                                                                                                                                                                  
 
                                                                                                                                                                                  
@@ -24,7 +24,7 @@
 
                                                                                                                                                                                
 
                                                                                                                                                                              • Beta APIs are disabled by default.
                                                                                                                                                                                The Kubernetes community found 90% cluster administrators did not care about the beta APIs and left them enabled. However, the beta features are not recommended because these APIs enabled in the production environment by default incur risks. Therefore, in 1.24 and later versions, beta APIs are disabled by default, but the existing beta APIs will retain the original settings.
                                                                                                                                                                                
 
                                                                                                                                                                              • OpenAPI v3 is supported.
                                                                                                                                                                                In Kubernetes 1.24 and later versions, OpenAPI V3 is enabled by default.
                                                                                                                                                                                
-
                                                                                                                                                                              • Storage capacity tracking is stable.
                                                                                                                                                                                In Kubernetes 1.24 and later versions, the CSIStorageCapacity API supports exposing the available storage capacity. This ensures that pods are scheduled to nodes with sufficient storage capacity, which reduces pod scheduling delay caused by volume creation and mounting failures. For details, see Storage Capacity.
                                                                                                                                                                                
+
                                                                                                                                                                              • Storage capacity tracking is stable.
                                                                                                                                                                                In Kubernetes 1.24 and later versions, the CSIStorageCapacity API supports exposing the available storage capacity. This ensures that pods are scheduled to nodes with enough storage capacity, which reduces pod scheduling delay caused by volume creation and mounting failures. For details, see Storage Capacity.
                                                                                                                                                                                
 
                                                                                                                                                                              • gRPC container probe moves to beta.
                                                                                                                                                                                In Kubernetes 1.24 and later versions, the gRPC probe goes to beta. The feature gate GRPCContainerProbe is available by default. For details about how to use this probe, see Configure Probes.
                                                                                                                                                                                
 
                                                                                                                                                                              • LegacyServiceAccountTokenNoAutoGeneration is enabled by default.
                                                                                                                                                                                LegacyServiceAccountTokenNoAutoGeneration moves to beta. By default, this feature is enabled, where no secret token is automatically generated for a service account. To use a token that never expires, create a secret to hold the token. For details, see Service account token Secrets.
                                                                                                                                                                                
 
                                                                                                                                                                              • IP address conflict is prevented.
                                                                                                                                                                                In Kubernetes 1.24, an IP address pool is soft reserved for the static IP addresses of Services. After you manually enable this function, Service IP addresses will be automatically from the IP address pool to minimize IP address conflict.
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_bulletin_0059.html b/docs/cce/umn/cce_bulletin_0059.html
index 9e75fa0e7..dc5e3c0a8 100644
--- a/docs/cce/umn/cce_bulletin_0059.html
+++ b/docs/cce/umn/cce_bulletin_0059.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                                Kubernetes 1.27 Release Notes
                                                                                                                                                                                
-
                                                                                                                                                                                CCE allows you to create clusters of Kubernetes 1.27. This section describes the changes made in Kubernetes 1.27 compared with Kubernetes 1.25.
                                                                                                                                                                                
+
                                                                                                                                                                                CCE allows you to create Kubernetes clusters 1.27. This section describes the changes made in Kubernetes 1.27 compared with Kubernetes 1.25.
                                                                                                                                                                                
 
                                                                                                                                                                                Indexes
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                New Features
                                                                                                                                                                                Kubernetes 1.27
                                                                                                                                                                                • SeccompDefault is stable.
                                                                                                                                                                                  To use SeccompDefault, add the --seccomp-default command line flag using kubelet on each node. If this feature is enabled, the RuntimeDefault profile will be used for all workloads by default, instead of the Unconfined (seccomp disabled) profile.
                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_bulletin_0068.html b/docs/cce/umn/cce_bulletin_0068.html
index b26d321c1..37315ca56 100644
--- a/docs/cce/umn/cce_bulletin_0068.html
+++ b/docs/cce/umn/cce_bulletin_0068.html
@@ -28,7 +28,7 @@
 
                                                                                                                                                                                • Other features
                                                                                                                                                                                  • The ServiceNodePortStaticSubrange feature gate moves to beta. With this feature enabled, static port range can be reserved to avoid conflicts with dynamically allocated ports. For details, see Avoiding Collisions Assigning Ports to NodePort Services.
                                                                                                                                                                                  • The alpha feature ConsistentListFromCache is added to allow the API server to serve consistent lists from cache. Get and list requests can read data from the cache instead of etcd.
                                                                                                                                                                                  • In Kubernetes 1.28, kubelet can configure the drop-in directory (alpha). This feature allows you to add support for the --config-dir flag to kubelet so that you can specify an insert directory that overwrites the kubelet configuration in /etc/kubernetes/kubelet.conf.
                                                                                                                                                                                  • ExpandedDNSConfig moves to GA and is enabled by default. With this feature enabled, DNS configurations can be expanded.
                                                                                                                                                                                  • The alpha feature CRDValidationRatcheting is added. This feature allows CRs with failing validations to pass if a Patch or Update request does not alter any of the invalid fields.
                                                                                                                                                                                  • --concurrent-cron-job-syncs is added to kube-controller-manager to configure the number of workers for the cron job controller.
                                                                                                                                                                                  
 
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                API Changes and Removals
                                                                                                                                                                                • NetworkPolicyStatus is removed. There is no status attribute in a network policy.
                                                                                                                                                                                • annotationbatch.kubernetes.io/cronJob-scheduled-timestamp is added to job objects to indicate the creation time of a job.
                                                                                                                                                                                • The podReplacementPolicy and terminating fields are added to job APIs. With these fields specified, once a previously created pod is terminated in a job, the job immediately starts a new pod to replace the pod. The new fields allow you to specify whether to replace the pod immediately after the previous pod is terminated (original behavior) or replace the pod after the existing pod is completely terminated (new behavior). This is an alpha feature, and you can enable it by turning on the JobPodReplacementPolicy feature gate in your cluster.
                                                                                                                                                                                • The BackoffLimitPerIndex field is available in a job. Pods specified by a job share a backoff mechanism. When backoff times of the job reach the limit, this job is marked as failed and resources, including indexes that are not running, are cleared up. This field allows you to configure backoff limit for a single index. For details, see Backoff limit per index.
                                                                                                                                                                                • The ServedVersions field is added to the StorageVersion API. This change is introduced by mixed version proxy. The new field is used to indicate a version that can be provided by the API server.
                                                                                                                                                                                • SelfSubjectReview is added to authentication.k8s.io/v1, and kubectl auth whoami goes to GA.
                                                                                                                                                                                • LastPhaseTransitionTime is added to PersistentVolume. The new field is used to store the last time when a volume changes to a different phase.
                                                                                                                                                                                • resizeStatus in PVC.Status is replaced by AllocatedResourceStatus. The new field indicates the statuses of the storage resize operation. The default value is an empty string.
                                                                                                                                                                                • If hostNetwork is set to true and ports are specified for a pod, the hostport field will be automatically configured.
                                                                                                                                                                                • StatefulSet pods have the pod index set as a pod label statefulset.kubernetes.io/pod-index.
                                                                                                                                                                                • PodHasNetwork in the Condition field of pods has been renamed to PodReadyToStartContainers. The new field specifies that containers are ready to start after the network, volumes, and sandbox pod have been created.
                                                                                                                                                                                • A new configuration option delayCacheUntilActive is added to KubeSchedulerConfiguration. If delayCacheUntilActive is set to true, kube-scheduler on the leader will not cache scheduling information. This reduces the memory pressure of other master nodes, but slows down the failover speed after the leader failed.
                                                                                                                                                                                • The namespaceParamRef field is added to admissionregistration.k8s.io/v1alpha1.ValidatingAdmissionPolicy.
                                                                                                                                                                                • The reason and fieldPath fields are added to CRD validation rules to allow you to specify reason and field path after verification failed.
                                                                                                                                                                                • The CEL expression of ValidatingAdmissionPolicy supports namespace access via namespaceObject.
                                                                                                                                                                                • API groups ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding are promoted to betav1.
                                                                                                                                                                                • A ValidatingAdmissionPolicy now has its messageExpression field checked against resolved types.
                                                                                                                                                                                
+
                                                                                                                                                                                API Changes and Removals
                                                                                                                                                                                • NetworkPolicyStatus is removed. There is no status attribute in a network policy.
                                                                                                                                                                                • annotationbatch.kubernetes.io/cronJob-scheduled-timestamp is added to job objects to indicate the creation time of a job.
                                                                                                                                                                                • The podReplacementPolicy and terminating fields are added to job APIs. With these fields specified, once a previously created pod is terminated in a job, the job immediately starts a new pod to replace the pod. The new fields allow you to specify whether to replace the pod immediately after the previous pod is terminated (original behavior) or replace the pod after the existing pod is completely terminated (new behavior). This is an alpha feature, and you can enable it by turning on the JobPodReplacementPolicy feature gate in your cluster.
                                                                                                                                                                                • The BackoffLimitPerIndex field is available in a job. Pods specified by a job share a backoff mechanism. When backoff times of the job reach the limit, this job is marked as failed and resources, including indexes that are not running, are cleared up. This field allows you to configure backoff limit for a single index. For details, see Backoff limit per index.
                                                                                                                                                                                • The ServedVersions field is added to the StorageVersion API. This change is introduced by mixed version proxy. The new field is used to indicate a version that can be provided by the API server.
                                                                                                                                                                                • SelfSubjectReview is added to authentication.k8s.io/v1, and kubectl auth whoami goes to GA.
                                                                                                                                                                                • LastPhaseTransitionTime is added to PersistentVolume. The new field is used to store the last time when a volume changes to a different phase.
                                                                                                                                                                                • resizeStatus in PVC.Status is replaced by AllocatedResourceStatus. The new field indicates the statuses of the storage resize operation. The default value is an empty string.
                                                                                                                                                                                • If hostNetwork is set to true and ports are specified for a pod, the hostport field will be automatically configured.
                                                                                                                                                                                • StatefulSet pods have the pod index set as a pod label statefulset.kubernetes.io/pod-index.
                                                                                                                                                                                • PodHasNetwork in the Condition field of pods has been renamed to PodReadyToStartContainers. The new field specifies that containers are ready to start after the network, volumes, and sandbox pod have been created.
                                                                                                                                                                                • A new configuration option delayCacheUntilActive is added to KubeSchedulerConfiguration to specify when to start caching data. This parameter defaults to false. If this parameter is set to true, leader election is enabled. In this case, the scheduler starts to cache the scheduling information only after a control plane node becomes the leader. This reduces memory overheads of the control plane nodes, but also slows down the failover speed.
                                                                                                                                                                                • The namespaceParamRef field is added to admissionregistration.k8s.io/v1alpha1.ValidatingAdmissionPolicy.
                                                                                                                                                                                • The reason and fieldPath fields are added to CRD validation rules to allow you to specify reason and field path after verification failed.
                                                                                                                                                                                • The CEL expression of ValidatingAdmissionPolicy supports namespace access via namespaceObject.
                                                                                                                                                                                • API groups ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding are promoted to betav1.
                                                                                                                                                                                • A ValidatingAdmissionPolicy now has its messageExpression field checked against resolved types.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Feature Gate and Command Line Parameter Changes and Removals
                                                                                                                                                                                • –short is removed from kubelet. Therefore, the default output of kubectl version is the same as that of kubectl version –short.
                                                                                                                                                                                • --volume-host-cidr-denylist and --volume-host-allow-local-loopback are removed from kube-controller-manager. --volume-host-cidr-denylist is a comma-separated list of CIDR ranges. Volume plugins at these IP addresses are not allowed. If --volume-host-allow-local-loopback is set to false, the local loopback IP address and the CIDR ranges specified in --volume-host-cidr-denylist are disabled.
                                                                                                                                                                                • --azure-container-registry-config is deprecated in kubelet and will be deleted in later Kubernetes versions. Use --image-credential-provider-config and --image-credential-provider-bin-dir instead.
                                                                                                                                                                                • --lock-object-namespace and --lock-object-name are removed from kube-scheduler. Use --leader-elect-resource-namespace and --leader-elect-resource-name or ComponentConfig instead. (--lock-object-namespace is used to define the namespace of a lock object, and --lock-object-name is used to define the name of a lock object.)
                                                                                                                                                                                • KMS v1 is deprecated and will only receive security updates. Use KMS v2 instead. In later Kubernetes versions, use --feature-gates=KMSv1=true to configure a KMS v1 provider.
                                                                                                                                                                                • The DelegateFSGroupToCSIDriver, DevicePlugins, KubeletCredentialProviders, MixedProtocolLBService, ServiceInternalTrafficPolicy, ServiceIPStaticSubrange, and EndpointSliceTerminatingCondition feature gates are removed.
                                                                                                                                                                                
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_bulletin_0089.html b/docs/cce/umn/cce_bulletin_0089.html
index 6879a7887..9526fa8d9 100644
--- a/docs/cce/umn/cce_bulletin_0089.html
+++ b/docs/cce/umn/cce_bulletin_0089.html
@@ -20,7 +20,7 @@
 
                                                                                                                                                                              • The legacy ServiceAccount token cleaner is in the beta state.
                                                                                                                                                                                Legacy ServiceAccount token cleaner is promoted to beta. It runs as part of kube-controller-manager and checks every 24 hours to see if any auto-generated legacy ServiceAccount token has not been used in a specific amount of time (one year by default, specified by --legacy-service-account-token-clean-up-period). If so, the cleaner marks those tokens as invalid and adds the kubernetes.io/legacy-token-invalid-since label whose value is the current date. If an invalid token is not used for a specific period of time (one year by default, specified by --legacy-service-account-token-clean-up-period), the cleaner deletes it. For details, see Legacy ServiceAccount token cleaner.
                                                                                                                                                                                
 
                                                                                                                                                                              • DevicePluginCDIDevices is in the beta state.
                                                                                                                                                                                DevicePluginCDIDevices moves to beta. With this feature enabled, plugin developers can use the CDIDevices field added to DeviceRunContainerOptions to pass CDI device names directly to CDI enabled runtimes.
                                                                                                                                                                                
 
                                                                                                                                                                              • PodHostIPs is in the beta state.
                                                                                                                                                                                The PodHostIPs feature moves to beta. With this feature enabled, Kubernetes adds the hostIPs field to Status of pods and downward API to expose node IP addresses to workloads. This field specifies the dual-stack protocol version of the host IP address. The first IP address is always the same as the host IP address.
                                                                                                                                                                                
-
                                                                                                                                                                              • The API Priority and Fairness feature (APF) is in the GA state.
                                                                                                                                                                                APF moves to GA. APF classifies and isolates requests in a more fine-grained way. It improves max-inflight limitations. It also introduces a limited amount of queuing, so that the API server does not reject any request in cases of very brief bursts. Requests are dispatched from queues using a fair queuing technique so that, for example, a poorly-behaved controller does not cause others (even at the same priority level) to become abnormal. For details, see API Priority and Fairness.
                                                                                                                                                                                
+
                                                                                                                                                                              • The API Priority and Fairness (APF) feature is in the GA state.
                                                                                                                                                                                APF moves to GA. APF classifies and isolates requests in a more fine-grained way. It improves max-inflight limitations. It also introduces a limited amount of queuing, so that the API server does not reject any request in cases of very brief bursts. Requests are dispatched from queues using a fair queuing technique so that, for example, a poorly-behaved controller does not cause others (even at the same priority level) to become abnormal. For details, see API Priority and Fairness.
                                                                                                                                                                                
 
                                                                                                                                                                              • APIListChunking is in the GA state.
                                                                                                                                                                                The APIListChunking feature moves to GA. This feature allows clients to perform pagination in List requests to avoid performance problems caused by returning too much data at a time.
                                                                                                                                                                                
 
                                                                                                                                                                              • ServiceNodePortStaticSubrange is in the GA state.
                                                                                                                                                                                The ServiceNodePortStaticSubrange feature moves to GA. With this feature enabled, kubelet calculates the size of reserved IP addresses based on the ranges of the NodePort Services and divides node ports into static band and dynamic band. During automatic node port assignment, dynamic band is preferentially assigned, which helps avoid port conflicts during static band assignment. For details, see ServiceNodePortStaticSubrange.
                                                                                                                                                                                
 
                                                                                                                                                                              • The phase transition timestamp of PersistentVolume (PV) is in the beta state.
                                                                                                                                                                                The PV phase transition timestamp moves to beta. With this feature enabled, Kubernetes adds the lastPhaseTransitionTime field to the status field of a PV to indicate the time when the PV phase changes last time. Cluster administrators are now able to track the last time a PV transitioned to a different phase, allowing for more efficient and informed resource management. For details, see PersistentVolume Last Phase Transition Time in Kubernetes.
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_bulletin_0095.html b/docs/cce/umn/cce_bulletin_0095.html
index c9ed28e05..9f50a9ccd 100644
--- a/docs/cce/umn/cce_bulletin_0095.html
+++ b/docs/cce/umn/cce_bulletin_0095.html
@@ -12,7 +12,7 @@
 
                                                                                                                                                                              • The minimum domain in the pod topology spread is in the GA state.
                                                                                                                                                                                The minimum domain feature in pod topology spread is advanced to GA. This feature allows you to configure a minimum number of domains that meet specific conditions by using the minDomains field in the pod configuration. If the number of domains that match the load topology constraints exceeds the minDomains value, this field will not affect the settings. However, if the number of domains that match the load topology constraints is less than the minDomains value, the global minimum value is set to 0, which represents the minimum number of matched pods in domains that meet the conditions. To prevent pods from being scheduled when topology constraints are not met, this field must be used together with whenUnsatisfiable: DoNotSchedule. For details, see Spread constraint definition.
                                                                                                                                                                                
 
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                              API Changes and Removals
                                                                                                                                                                              • kubectl removes the prune-whitelist parameter of the apply command and replaces it with prune-allowlist.
                                                                                                                                                                              • SecurityContextDeny, which has been deprecated in Kubernetes 1.27, is replaced by Pod Security admission.
                                                                                                                                                                              
+
                                                                                                                                                                              API Changes and Removals
                                                                                                                                                                              • kubectl removes the prune-whitelist parameter of the apply command and replaces it with prune-allowlist.
                                                                                                                                                                              • SecurityContextDeny, which has been deprecated in Kubernetes 1.27, is replaced by Pod Security admission controller.
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              Enhanced Kubernetes 1.30 on CCE
                                                                                                                                                                              During a version maintenance period, CCE periodically updates Kubernetes 1.30 and provides enhanced functions.
                                                                                                                                                                              
 
                                                                                                                                                                              For details about cluster version updates, see Patch Versions.
                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bulletin_0099.html b/docs/cce/umn/cce_bulletin_0099.html
new file mode 100644
index 000000000..b7bab5199
--- /dev/null
+++ b/docs/cce/umn/cce_bulletin_0099.html
@@ -0,0 +1,30 @@
+
+
+
                                                                                                                                                                              Kubernetes 1.31 Release Notes
                                                                                                                                                                              
+
                                                                                                                                                                              CCE allows you to create Kubernetes clusters 1.31. This section describes the changes made in Kubernetes 1.31.
                                                                                                                                                                              
+
                                                                                                                                                                              Indexes
                                                                                                                                                                              
+
                                                                                                                                                                              
+
                                                                                                                                                                              New and Enhanced Features
                                                                                                                                                                              • Start ordinal of StatefulSets is in the General Availability (GA) state.
                                                                                                                                                                                StatefulSet start ordinal is advanced to GA. By default, each pod in a StatefulSet is assigned an integer ordinal from 0. With this feature, you can configure a start ordinal for each pod. For details, see Start ordinal.
                                                                                                                                                                                
+
                                                                                                                                                                              • Elastic indexed jobs are in the GA state.
                                                                                                                                                                                Elastic indexed jobs are advanced to GA. You can scale indexed Jobs up or down by modifying .spec.completions and .spec.parallelism. For details, see Elastic Indexed Jobs.
                                                                                                                                                                                
+
                                                                                                                                                                              • Pod failure policy is in the GA state.
                                                                                                                                                                                Pod failure policies are advanced to GA. This feature allows you to choose how the system handles pod failures by specifying the processing mode (retry or ignore). This helps prevent unnecessary pod restarts. For details, see Pod failure policy.
                                                                                                                                                                                
+
                                                                                                                                                                              • Pod disruption conditions are in the GA state.
                                                                                                                                                                                Pod disruption conditions are advanced to GA. The new DisruptionTarget condition indicates the reasons for pod failures, such as being preempted by a higher priority pod, cleared due to node deletion, or terminated by kubelet. When a pod is created using a job or cron job, you can use these pod disruption conditions as part of your job's pod failure policy to define the action when a pod is abnormal. For details, see Pod disruption conditions.
                                                                                                                                                                                
+
                                                                                                                                                                              • Selectable fields for custom resources are in the beta state.
                                                                                                                                                                                Selectable fields for custom resources are moved to beta. You can specify the selectableFields field of a CustomResourceDefinition (CRD) to define which other fields in a custom resource may be used in field selectors. Field selectors can then be used to get only resources by filtering List, Watch, and DeleteCollection requests. For details, see Selectable fields for custom resources.
                                                                                                                                                                                
+
                                                                                                                                                                              • Job success policies are in the beta state.
                                                                                                                                                                                Job success policies are moved to beta. This feature allows you to configure success policies for jobs based on the number of pods that succeeded. For details, see Success policy.
                                                                                                                                                                                
+
                                                                                                                                                                              • matchLabelKeys is in the beta state.
                                                                                                                                                                                matchLabelKeys is moved to beta. matchLabelKeys and mismatchLabelKeys are finer fields for pod affinity or anti-affinity. They specify the keys for the labels that should or should not match with the incoming pod's labels, so that a rolling upgrade will not break affinity or anti-affinity. For details, see matchLabelKeys.
                                                                                                                                                                                
+
                                                                                                                                                                              • ServiceAccountTokenNodeBinding is in the beta state.
                                                                                                                                                                                ServiceAccountTokenNodeBinding is moved to beta. You can create a service account token that is directly bound to a node. The token defines the node information and verifies whether the node is available. The token will be valid until it expires or either the associated node is deleted. For details, see Manually create an API token for a ServiceAccount.
                                                                                                                                                                                
+
                                                                                                                                                                              
+
                                                                                                                                                                              
+
                                                                                                                                                                              API Changes and Removals
                                                                                                                                                                              • In Kubernetes 1.31, the kubectl exec [POD] [COMMAND] command cannot be executed without a -- separator. In this case, you need to run kubectl exec [POD] -- [COMMAND].
                                                                                                                                                                              • In Kubernetes 1.31, if caBundle is not empty but the value is invalid or it does not define any CA certificate, the CRD does not provide services. If caBundle is set to a valid value, it remains unchanged if updated. Attempting direct updates results in an "invalid field value" error, ensuring uninterrupted CRD services.
                                                                                                                                                                              
+
                                                                                                                                                                              
+
                                                                                                                                                                              Enhanced Kubernetes 1.31 on CCE
                                                                                                                                                                              During a version maintenance period, CCE periodically updates Kubernetes 1.31 and provides enhanced functions.
                                                                                                                                                                              
+
                                                                                                                                                                              For details about cluster version updates, see Patch Versions.
                                                                                                                                                                              
+
                                                                                                                                                                              
+
                                                                                                                                                                              References
                                                                                                                                                                              For more details about the performance comparison and function evolution between Kubernetes 1.31 and other versions, see Kubernetes v1.31 Release Notes.
                                                                                                                                                                              
+
                                                                                                                                                                              
+
                                                                                                                                                                              
+
                                                                                                                                                                              
+
                                                                                                                                                                              
+
                                                                                                                                                                              Parent topic: Kubernetes Version Release Notes
                                                                                                                                                                              
+
                                                                                                                                                                              
+
                                                                                                                                                                              
+
diff --git a/docs/cce/umn/cce_faq_00004.html b/docs/cce/umn/cce_faq_00004.html
index d491dd392..af6ff84c8 100644
--- a/docs/cce/umn/cce_faq_00004.html
+++ b/docs/cce/umn/cce_faq_00004.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                              What Is the Retry Mechanism When CCE Fails to Start a Pod?
                                                                                                                                                                              
-
                                                                                                                                                                              CCE is a fully managed Kubernetes service and is fully compatible with Kubernetes APIs and kubectl.
                                                                                                                                                                              
+
                                                                                                                                                                              CCE is a cloud container engine service built on native Kubernetes. It fully supports native Kubernetes versions, Kubernetes APIs, and kubectl.
                                                                                                                                                                              
 
                                                                                                                                                                              In Kubernetes, the spec of a pod contains a restartPolicy field. The value of restartPolicy can be Always, OnFailure, or Never. The default value is Always.
                                                                                                                                                                              
 
                                                                                                                                                                              • Always: When a container fails, kubelet automatically restarts the container.
                                                                                                                                                                              • OnFailure: When a container stops running and the exit code is not 0 (indicating normal exit), kubelet automatically restarts the container.
                                                                                                                                                                              • Never: kubelet does not restart the container regardless of the container running status.
                                                                                                                                                                              
 
                                                                                                                                                                              restartPolicy applies to all containers in a pod.
                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_faq_00006.html b/docs/cce/umn/cce_faq_00006.html
index 048e06905..22507dbeb 100644
--- a/docs/cce/umn/cce_faq_00006.html
+++ b/docs/cce/umn/cce_faq_00006.html
@@ -3,11 +3,15 @@
 
                                                                                                                                                                              Common FAQ
                                                                                                                                                                              
 
                                                                                                                                                                              Cluster Management
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                              Node/Node Pool Management
                                                                                                                                                                              
+
                                                                                                                                                                              Node/Node Pool Management
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                              Workload Management
                                                                                                                                                                              
+
                                                                                                                                                                              Workload Management
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                              Network Management
                                                                                                                                                                              
+
                                                                                                                                                                              Network Management
                                                                                                                                                                              
+
                                                                                                                                                                              
+
                                                                                                                                                                              Storage Management
                                                                                                                                                                              
+
                                                                                                                                                                              
+
                                                                                                                                                                              API & kubectl
                                                                                                                                                                              Why Is "Error from server (Forbidden)" Displayed When I Use kubectl?
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_faq_00012.html b/docs/cce/umn/cce_faq_00012.html
index 014aa1056..cc51b9945 100644
--- a/docs/cce/umn/cce_faq_00012.html
+++ b/docs/cce/umn/cce_faq_00012.html
@@ -1,11 +1,11 @@
 
 
 
                                                                                                                                                                              What Should I Do If a Workload Is Stopped Caused by Pod Deletion?
                                                                                                                                                                              
-
                                                                                                                                                                              Problem
                                                                                                                                                                              A workload is in Stopped state.
                                                                                                                                                                              
+
                                                                                                                                                                              Symptom
                                                                                                                                                                              A workload is in Stopped state.
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                              Cause:
                                                                                                                                                                              The metadata.enable field in the YAML file of the workload is false. As a result, the pod of the workload is deleted and the workload is in the stopped status.
                                                                                                                                                                              
+
                                                                                                                                                                              Possible Cause
                                                                                                                                                                              The metadata.enable field in the YAML file of the workload is false. As a result, the pod of the workload is deleted and the workload is in the stopped status.
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                              
+
                                                                                                                                                                              
 
                                                                                                                                                                              Solution
                                                                                                                                                                              Delete the enable field or set it to true.
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_faq_00015.html b/docs/cce/umn/cce_faq_00015.html
index c6e634b00..46c8f7987 100644
--- a/docs/cce/umn/cce_faq_00015.html
+++ b/docs/cce/umn/cce_faq_00015.html
@@ -1,11 +1,11 @@
 
 
 
                                                                                                                                                                              What Should I Do If a Pod Fails to Pull the Image?
                                                                                                                                                                              
-
                                                                                                                                                                              Fault Locating
                                                                                                                                                                              When a workload enters the state of "Pod not ready: Back-off pulling image "xxxxx", a Kubernetes event of PodsFailed to pull image or Failed to re-pull image will be reported. For details about how to view Kubernetes events, see Viewing Pod Events.
                                                                                                                                                                              
+
                                                                                                                                                                              Fault Locating
                                                                                                                                                                              When a workload's status shows "Pod not ready: Back-off pulling image "xxxxx", a Kubernetes event of PodsFailed to pull image or Failed to re-pull image will be reported. For details about how to view Kubernetes events, see Viewing Pod Events.
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                              Troubleshooting Process
                                                                                                                                                                              Determine the cause based on the event information, as listed in Table 1.
                                                                                                                                                                              
+
                                                                                                                                                                              Troubleshooting
                                                                                                                                                                              Determine the cause based on the events, as listed in Table 1.
                                                                                                                                                                              
 
-
                                                                                                                                                                              Table 1 FailedPullImage
                                                                                                                                                                              Event Information
                                                                                                                                                                              
+
                                                                                                                                                                              
@@ -44,7 +44,7 @@
 
-
                                                                                                                                                                              Table 1 Events related to an image pull failure
                                                                                                                                                                              Event
                                                                                                                                                                              
                                                                                                                                                                               		
 
                                                                                                                                                                              Cause and Solution
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              Failed to pull image "docker.io/bitnami/nginx:1.22.0-debian-11-r3": rpc error: code = Unknown desc = Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
                                                                                                                                                                              
 
                                                                                                                                                                              Check Item 7: Connection to the Image Repository
                                                                                                                                                                              
+
                                                                                                                                                                              Check Item 7: Whether the Image Repository Can Be Accessed
                                                                                                                                                                              
                                                                                                                                                                               		
 
                                                                                                                                                                              
 
                                                                                                                                                                              ERROR: toomanyrequests: Too Many Requests.
                                                                                                                                                                              
@@ -52,14 +52,14 @@
 
                                                                                                                                                                              you have reached your pull rate limit, you may increase the limit by authenticating an upgrading
                                                                                                                                                                              
                                                                                                                                                                               		
 
                                                                                                                                                                              The rate is limited because the number of image pull times reaches the upper limit.
                                                                                                                                                                              
-
                                                                                                                                                                              Check Item 8: Whether the Number of Public Image Pull Times Reaches the Upper Limit
                                                                                                                                                                              
+
                                                                                                                                                                              Check Item 8: Whether the Number of Public Image Pulls Reaches the Upper Limit
                                                                                                                                                                              
                                                                                                                                                                               		
 
                                                                                                                                                                              
 
 
                                                                                                                                                                              
 
                                                                                                                                                                              
 
-
                                                                                                                                                                              Check Item 1: Whether imagePullSecret Is Specified When You Use kubectl to Create a Workload
                                                                                                                                                                              If the workload status is abnormal and a Kubernetes event is displayed indicating that the pod fails to pull the image, check whether the imagePullSecrets field exists in the YAML file.
                                                                                                                                                                              
+
                                                                                                                                                                              Check Item 1: Whether imagePullSecret Is Specified When You Use kubectl to Create a Workload
                                                                                                                                                                              If the workload is abnormal and a Kubernetes event that indicates the pod fails to pull the image is displayed, you can check whether the imagePullSecrets field exists in the YAML file.
                                                                                                                                                                              
 
                                                                                                                                                                              Items to Check
                                                                                                                                                                              
 
                                                                                                                                                                              • If an image needs to be pulled from SWR, the name parameter must be set to default-secret.
                                                                                                                                                                                apiVersion: extensions/v1beta1
 kind: Deployment
@@ -83,47 +83,47 @@ spec:
         name: nginx
       imagePullSecrets:
       - name: default-secret
                                                                                                                                                                                
-
                                                                                                                                                                              • If an image needs to be pulled from a third-party image repository, the imagePullSecrets parameter must be set to the created secret name.
                                                                                                                                                                                When you use kubectl to create a workload from a third-party image, specify the imagePullSecret field, in which name indicates the name of the secret used to pull the image.
                                                                                                                                                                                
+
                                                                                                                                                                              • If an image needs to be pulled from a third-party image repository, the name parameter must be set to the created secret name.
                                                                                                                                                                                When you use kubectl to create a workload from a third-party image, specify the imagePullSecret field, in which name indicates the name of the secret used to pull the image.
                                                                                                                                                                                
 
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              Check Item 2: Whether the Image Address Is Correct When a Third-Party Image Is Used
                                                                                                                                                                              CCE allows you to create workloads using images pulled from third-party image repositories.
                                                                                                                                                                              
-
                                                                                                                                                                              Enter the third-party image address according to requirements. The format must be ip:port/path/name:version or name:version. If no tag is specified, latest is used by default.
                                                                                                                                                                              
-
                                                                                                                                                                              • For a private repository, enter an image address in the format of ip:port/path/name:version.
                                                                                                                                                                              • For an open-source Docker repository, enter an image address in the format of name:version, for example, nginx:latest.
                                                                                                                                                                              
-
                                                                                                                                                                              The following information is displayed when you fail to pull an image due to incorrect image address provided.
                                                                                                                                                                              
+
                                                                                                                                                                              You need to enter the third-party image addresses based on specific requirements. The image addresses must be in the format of ip:port/path/name:version or name:version. If no version is specified, latest is used by default.
                                                                                                                                                                              
+
                                                                                                                                                                              • For a private repository, enter an image address in the format of ip:port/path/name:version.
                                                                                                                                                                              • For an open source Docker repository, enter an image address in the format of name:version, for example, nginx:latest.
                                                                                                                                                                              
+
                                                                                                                                                                              When you fail to pull an image due to incorrect image address provided, information similar to the following information is displayed in the Kubernetes events:
                                                                                                                                                                              
 
                                                                                                                                                                              Failed to pull image "nginx:v1.1": rpc error: code = Unknown desc = Error response from daemon: Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io: no such host
                                                                                                                                                                              
 
                                                                                                                                                                              Solution
                                                                                                                                                                              
-
                                                                                                                                                                              You can either edit your YAML file to change the image address or log in to the CCE console to replace the image on the Upgrade tab on the workload details page.
                                                                                                                                                                              
+
                                                                                                                                                                              Change the image address by editing your YAML file or log in to the CCE console and replace the image on the Upgrade tab on the workload details page.
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                              Check Item 3: Whether an Incorrect Secret Is Used When a Third-Party Image Is Used
                                                                                                                                                                              Generally, a third-party image repository can be accessed only after authentication (using your account and password). CCE uses the secret authentication mode to pull images. Therefore, you need to create a secret for an image repository before pulling images from the repository.
                                                                                                                                                                              
+
                                                                                                                                                                              Check Item 3: Whether an Incorrect Secret Is Used When a Third-Party Image Is Used
                                                                                                                                                                              Typically, a third-party image repository can be accessed only after authentication (using your account and password). CCE uses the secret authentication mode to pull images, so you need to create a secret for an image repository before pulling images from the repository.
                                                                                                                                                                              
 
                                                                                                                                                                              Solution
                                                                                                                                                                              
 
                                                                                                                                                                              If your secret is incorrect, images will fail to be pulled. In this case, create a new secret.
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                              Check Item 4: Whether the Node Disk Space Is Insufficient
                                                                                                                                                                              If the Kubernetes event contains information "no space left on device", there is no disk space left for storing the image. As a result, the image will fail to be pulled. In this case, clear the image or expand the disk space to resolve this issue.
                                                                                                                                                                              
+
                                                                                                                                                                              Check Item 4: Whether the Node Disk Space Is Insufficient
                                                                                                                                                                              If information similar to the following is displayed in the Kubernetes events, it means that there is no disk space left for storing the image. As a result, the image will fail to be pulled. In this case, clear the image or expand the disk space to resolve this issue.
                                                                                                                                                                              
 
                                                                                                                                                                              Failed create pod sandbox: rpc error: code = Unknown desc = failed to create a sandbox for pod "nginx-6dc48bf8b6-l8xrw": Error response from daemon: mkdir xxxxx: no space left on device
                                                                                                                                                                              
-
                                                                                                                                                                              Run the following command to obtain the disk space for storing images on a node:
                                                                                                                                                                              
+
                                                                                                                                                                              You can obtain the disk space for storing images on a node by running the following command:
                                                                                                                                                                              
 
                                                                                                                                                                              lvs
                                                                                                                                                                              
-
                                                                                                                                                                              
+
                                                                                                                                                                              
 
                                                                                                                                                                              Solution 1: Clearing images
                                                                                                                                                                              
 
                                                                                                                                                                              Perform the following operations to clear unused images:
                                                                                                                                                                              • Nodes that use containerd
                                                                                                                                                                                1. Obtain local images on the node.
                                                                                                                                                                                  crictl images -v
                                                                                                                                                                                  
-
                                                                                                                                                                                2. Delete the images that are not required by image ID.
                                                                                                                                                                                  crictl rmi Image ID
                                                                                                                                                                                  
+
                                                                                                                                                                                3. Delete the unnecessary images by image ID.
                                                                                                                                                                                  crictl rmi {Image ID}
                                                                                                                                                                                  
 
                                                                                                                                                                                
 
                                                                                                                                                                              • Nodes that use Docker
                                                                                                                                                                                1. Obtain local images on the node.
                                                                                                                                                                                  docker images
                                                                                                                                                                                  
-
                                                                                                                                                                                2. Delete the images that are not required by image ID.
                                                                                                                                                                                  docker rmi Image ID
                                                                                                                                                                                  
+
                                                                                                                                                                                3. Delete the unnecessary images by image ID.
                                                                                                                                                                                  docker rmi {}Image ID}
                                                                                                                                                                                  
 
                                                                                                                                                                                
 
                                                                                                                                                                              
-
                                                                                                                                                                               
                                                                                                                                                                              Do not delete system images such as the cce-pause image. Otherwise, pods may fail to be created.
                                                                                                                                                                              
+
                                                                                                                                                                               
                                                                                                                                                                              Do not delete system images such as the cce-pause image. Otherwise, the pod creation may fail.
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              Solution 2: Expanding the disk capacity
                                                                                                                                                                              
-
                                                                                                                                                                              To expand a disk capacity, perform the following steps:
                                                                                                                                                                              
-
                                                                                                                                                                              1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                                Only the storage capacity of the EVS disk is expanded. You also need to perform the following steps to expand the capacity of the logical volume and file system.
                                                                                                                                                                                
-
                                                                                                                                                                              2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                              3. Log in to the target node.
                                                                                                                                                                              4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                
+
                                                                                                                                                                                To expand a disk capacity, perform the following operations:
                                                                                                                                                                                
+
                                                                                                                                                                                1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                                  Only the storage capacity of EVS disks can be expanded. You need to perform the following operations to expand the capacity of logical volumes and file systems.
                                                                                                                                                                                  
+
                                                                                                                                                                                2. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Nodes. In the right pane, click the Nodes tab, locate the row containing the target node, and choose More > Sync Server Data in the Operation column.
                                                                                                                                                                                3. Log in to the target node.
                                                                                                                                                                                4. Run lsblk to view the block device information of the node.
                                                                                                                                                                                  A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                  
 
                                                                                                                                                                                  Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys.
                                                                                                                                                                                  
-
                                                                                                                                                                                  1. Check the disk and partition sizes of the device.
                                                                                                                                                                                    # lsblk
+
                                                                                                                                                                                    1. Check the disk and partition space of the device.
                                                                                                                                                                                      # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 sda                   8:0    0   50G  0 disk 
 └─sda1                8:1    0   50G  0 part /
-sdb                   8:16   0  150G  0 disk      # The data disk has been expanded to 150 GiB, but 50 GiB space is not allocated.
+sdb                   8:16   0  150G  0 disk      # The data disk has been expanded to 150 GiB, but 50 GiB space is free.
 ├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd
 └─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                      
 
                                                                                                                                                                                    2. Expand the disk capacity.
                                                                                                                                                                                      Add the new disk capacity to the dockersys logical volume used by the container engine.
                                                                                                                                                                                      
@@ -141,7 +141,7 @@ Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                    
 old_desc_blocks = 12, new_desc_blocks = 18
 The filesystem on /dev/vgpaas/dockersys is now 36700160 blocks long.
 
                                                                                                                                                                                  
-
                                                                                                                                                                                5. Check whether the capacity is expanded.
                                                                                                                                                                                  # lsblk
+
                                                                                                                                                                                6. Check whether the capacity has been expanded.
                                                                                                                                                                                  # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 sda                   8:0    0   50G  0 disk 
 └─sda1                8:1    0   50G  0 part /
@@ -149,22 +149,22 @@ sda                   8:0    0   50G  0 disk
 ├─vgpaas-dockersys  253:0    0   140G  0 lvm  /var/lib/containerd
 └─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                  
 
                                                                                                                                                                                
-
                                                                                                                                                                                Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                
-
                                                                                                                                                                                1. Check the disk and partition sizes of the device.
                                                                                                                                                                                  # lsblk
+
                                                                                                                                                                                  Device Mapper: A thin pool is allocated to store image data.
                                                                                                                                                                                  
+
                                                                                                                                                                                  1. Check the disk and partition space of the device.
                                                                                                                                                                                    # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
 vdb                                   8:16   0  200G  0 disk 
 ├─vgpaas-dockersys                  253:0    0   18G  0 lvm  /var/lib/docker    
 ├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
-│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm                   # Space used by thinpool
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm                   # Space used by thin pool
 │   ...
 ├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
 │ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
 │   ...
 └─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                    
-
                                                                                                                                                                                  2. Expand the disk capacity.
                                                                                                                                                                                    Option 1: Add the new disk capacity to the thin pool disk.
                                                                                                                                                                                    
-
                                                                                                                                                                                    1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where thinpool is located.
                                                                                                                                                                                      pvresize /dev/vdb
                                                                                                                                                                                      
+
                                                                                                                                                                                    2. Expand the disk capacity.
                                                                                                                                                                                      Option 1: Add the new disk capacity to the thin pool.
                                                                                                                                                                                      
+
                                                                                                                                                                                      1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where thin pool is located.
                                                                                                                                                                                        pvresize /dev/vdb
                                                                                                                                                                                        
 
                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                        
 
                                                                                                                                                                                        Physical volume "/dev/vdb" changed
 1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                        
@@ -172,7 +172,7 @@ vda                                   8:0    0   50G  0 disk
 
                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                        
 
                                                                                                                                                                                        Size of logical volume vgpaas/thinpool changed from <67.00 GiB (23039 extents) to <167.00 GiB (48639 extents).
 Logical volume vgpaas/thinpool successfully resized.
                                                                                                                                                                                        
-
                                                                                                                                                                                      2. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                      3. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the thin pool, the capacity is expanded.
                                                                                                                                                                                        # lsblk
+
                                                                                                                                                                                      4. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                      5. Run the lsblk command to check the disk and partition space of the device and check whether the capacity has been expanded. If the new disk capacity was added to the thin pool, the capacity has been expanded.
                                                                                                                                                                                        # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
@@ -200,7 +200,7 @@ Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                        
 
                                                                                                                                                                                        Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/docker; on-line resizing required
 old_desc_blocks = 3, new_desc_blocks = 15
 The filesystem on /dev/vgpaas/dockersys is now 30932992 blocks long.
                                                                                                                                                                                        
-
                                                                                                                                                                                      6. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the dockersys, the capacity is expanded.
                                                                                                                                                                                        # lsblk
+
                                                                                                                                                                                      7. Run the lsblk command to check the disk and partition space of the device and check whether the capacity has been expanded. If the new disk capacity was added to the dockersys, the capacity has been expanded.
                                                                                                                                                                                        # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
@@ -217,54 +217,54 @@ vda                                   8:0    0   50G  0 disk
 
                                                                                                                                                                                      
 
                                                                                                                                                                                    
 
                                                                                                                                                                                    
-
                                                                                                                                                                                    Check Item 5: Whether the Remote Image Repository Uses an Unknown or Insecure Certificate
                                                                                                                                                                                    When a pod pulls an image from a third-party image repository that uses an unknown or insecure certificate, the image fails to be pulled from the node. The pod event list contains the event "Failed to pull the image" with the cause "x509: certificate signed by unknown authority".
                                                                                                                                                                                    
-
                                                                                                                                                                                     
                                                                                                                                                                                    The security of EulerOS 2.9 images has been improved by removing insecure or expired certificates from the system. While some third-party images on certain nodes may not report any errors, it is common for this type of error to occur in EulerOS 2.9. To fix the issue, you can carry out the following operations.
                                                                                                                                                                                    
+
                                                                                                                                                                                    Check Item 5: Whether the Remote Image Repository Uses an Unknown or Insecure Certificate
                                                                                                                                                                                    If a pod tries to pull an image from a third-party repository with an unknown or insecure certificate, the image pulling will fail on the node. The pod events contain "Failed to pull the image" with the cause "x509: certificate signed by unknown authority".
                                                                                                                                                                                    
+
                                                                                                                                                                                     
                                                                                                                                                                                    The security of EulerOS 2.9 images has been improved by removing insecure or expired certificates from the system. While some third-party images on certain nodes may not report any errors, it is common for this type of error to occur in EulerOS 2.9. To fix the issue, you can perform the following operations.
                                                                                                                                                                                    
 
                                                                                                                                                                                    
 
                                                                                                                                                                                    Solution
                                                                                                                                                                                    
-
                                                                                                                                                                                    1. Check the IP address and port number of the third-party image server for which the error message "unknown authority" is displayed.
                                                                                                                                                                                      You can see the IP address and port number of the third-party image server for which the error is reported in the event information "Failed to pull image".
                                                                                                                                                                                      Failed to pull image "bitnami/redis-cluster:latest": rpc error: code = Unknown desc = error pulling image configuration: Get https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/e8/e83853f03a2e792614e7c1e6de75d63e2d6d633b4e7c39b9d700792ee50f7b56/data?verify=1636972064-AQbl5RActnudDZV%2F3EShZwnqOe8%3D: x509: certificate signed by unknown authority
                                                                                                                                                                                      
+
                                                                                                                                                                                      1. Check the IP address and port number of the third-party image server for which the error message "unknown authority" is displayed.
                                                                                                                                                                                        You can see the IP address and port number of the third-party image server for which the error is reported in the event "Failed to pull image".
                                                                                                                                                                                        Failed to pull image "bitnami/redis-cluster:latest": rpc error: code = Unknown desc = error pulling image configuration: Get https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/e8/e83853f03a2e792614e7c1e6de75d63e2d6d633b4e7c39b9d700792ee50f7b56/data?verify=1636972064-AQbl5RActnudDZV%2F3EShZwnqOe8%3D: x509: certificate signed by unknown authority
                                                                                                                                                                                        
 
                                                                                                                                                                                        
-
                                                                                                                                                                                        The IP address of the third-party image server is production.cloudflare.docker.com, and the default HTTPS port number is 443.
                                                                                                                                                                                        
-
                                                                                                                                                                                      2. Load the root certificate of the third-party image server to the node where the third-party image is to be downloaded.
                                                                                                                                                                                        Run the following command on the EulerOS and CentOS nodes with {server_url}:{server_port} replaced with the IP address and port number obtained in Step 1, for example, production.cloudflare.docker.com:443.
                                                                                                                                                                                        
+
                                                                                                                                                                                        The IP address of the third-party image server is production.cloudflare.docker.com, and the default HTTPS port number is 443.
                                                                                                                                                                                        
+
                                                                                                                                                                                      3. Load the root certificate of the third-party image server to the node where the third-party image is to be pulled.
                                                                                                                                                                                        Run the following command on an EulerOS or CentOS node with {server_url}:{server_port} replaced with the IP address and port number obtained in the previous step, for example, production.cloudflare.docker.com:443.
                                                                                                                                                                                        
 
                                                                                                                                                                                        If the container engine of the node is containerd, replace systemctl restart docker with systemctl restart containerd.
                                                                                                                                                                                        openssl s_client -showcerts -connect {server_url}:{server_port} < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/pki/ca-trust/source/anchors/tmp_ca.crt
 update-ca-trust
 systemctl restart docker
                                                                                                                                                                                        
 
                                                                                                                                                                                        
-
                                                                                                                                                                                        Run the following command on Ubuntu nodes:
                                                                                                                                                                                        openssl s_client -showcerts -connect {server_url}:{server_port} < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /usr/local/share/ca-certificates/tmp_ca.crt
+
                                                                                                                                                                                        Run the following command on an Ubuntu node:
                                                                                                                                                                                        openssl s_client -showcerts -connect {server_url}:{server_port} < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /usr/local/share/ca-certificates/tmp_ca.crt
 update-ca-trust
 systemctl restart docker
                                                                                                                                                                                        
 
                                                                                                                                                                                        
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      
-
                                                                                                                                                                                      Check Item 6: Whether the Image Size Is Too Large
                                                                                                                                                                                      The pod event list contains the event "Failed to pull image". This may be caused by a large image size.
                                                                                                                                                                                      
+
                                                                                                                                                                                      Check Item 6: Whether the Image Size Is Too Large
                                                                                                                                                                                      The pod events contain "Failed to pull image". This may be caused by a large image size.
                                                                                                                                                                                      
 
                                                                                                                                                                                      Failed to pull image "XXX": rpc error: code = Unknown desc = context canceled
                                                                                                                                                                                      
-
                                                                                                                                                                                      However, the image can be manually pulled by running the docker pull command.
                                                                                                                                                                                      
-
                                                                                                                                                                                      Possible Causes
                                                                                                                                                                                      
-
                                                                                                                                                                                      In Kubernetes clusters, there is a default timeout period for pulling images. If the image pulling progress is not updated within a certain period of time, the download will be canceled. If the node performance is poor or the image size is too large, the image may fail to be pulled and the workload may fail to be started.
                                                                                                                                                                                      
+
                                                                                                                                                                                      However, the image can be manually pulled by running the docker pull command on the node.
                                                                                                                                                                                      
+
                                                                                                                                                                                      Possible cause
                                                                                                                                                                                      
+
                                                                                                                                                                                      In Kubernetes clusters, there is a default timeout period for pulling images. If the image pulling progress is not updated within a certain period of time, the pulling will be canceled. If the node performance is poor or the image size is too large, the image may fail to be pulled and the workload may fail to be started.
                                                                                                                                                                                      
 
                                                                                                                                                                                      Solution
                                                                                                                                                                                      
-
                                                                                                                                                                                      • Solution 1 (recommended):
                                                                                                                                                                                        1. Log in to the node and manually pull the image.
                                                                                                                                                                                          • containerd nodes:
                                                                                                                                                                                            crictl pull <image-address>
                                                                                                                                                                                            
-
                                                                                                                                                                                          • Docker nodes:
                                                                                                                                                                                            docker pull <image-address>
                                                                                                                                                                                            
+
                                                                                                                                                                                            • (Recommended) Solution 1:
                                                                                                                                                                                              1. Log in to the node and manually pull the image.
                                                                                                                                                                                                • Nodes that use containerd:
                                                                                                                                                                                                  crictl pull <image-address>
                                                                                                                                                                                                  
+
                                                                                                                                                                                                • Nodes that use Docker:
                                                                                                                                                                                                  docker pull <image-address>
                                                                                                                                                                                                  
 
                                                                                                                                                                                                
-
                                                                                                                                                                                              2. When creating a workload, ensure that imagePullPolicy is set to IfNotPresent (the default configuration). In this case, the workload uses the image that has been pulled to the local host.
                                                                                                                                                                                              
-
                                                                                                                                                                                            • Solution 2 (applies to clusters of v1.25 or later): Modify the configuration parameters of the node pools. The configuration parameters for nodes in the DefaultPool node pool cannot be modified.
                                                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab.
                                                                                                                                                                                              3. Locate the row that contains the target node pool and click Manage.
                                                                                                                                                                                              4. In the window that slides out from the right, modify the image-pull-progress-timeout parameter under Docker/containerd. This parameter specifies the timeout interval for pulling an image.
                                                                                                                                                                                              5. Click OK.
                                                                                                                                                                                              
+
                                                                                                                                                                                            • When creating a workload, ensure that imagePullPolicy is set to IfNotPresent (the default configuration). In this case, the workload can use the image that has been pulled to the local host.
                                                                                                                                                                                        
+
                                                                                                                                                                                      • (For clusters of v1.25 or later) Solution 2: Modify the configuration parameters of the node pool. The configuration parameters for nodes in the DefaultPool node pool cannot be modified.
                                                                                                                                                                                        1. Log in to the CCE console.
                                                                                                                                                                                        2. Click the cluster name to access the cluster console. In the navigation pane, choose Nodes. In the right pane, click the Node Pools tab.
                                                                                                                                                                                        3. Locate the row containing the target node pool and click Manage.
                                                                                                                                                                                        4. In the window that slides out from the right, modify the image-pull-progress-timeout parameter under Docker/containerd. This image-pull-progress-timeout parameter specifies the timeout interval for pulling an image.
                                                                                                                                                                                        5. Click OK.
                                                                                                                                                                                        
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      
-
                                                                                                                                                                                      Check Item 7: Connection to the Image Repository
                                                                                                                                                                                      Symptom
                                                                                                                                                                                      
-
                                                                                                                                                                                      The following error message is displayed during workload creation:
                                                                                                                                                                                      
+
                                                                                                                                                                                      Check Item 7: Whether the Image Repository Can Be Accessed
                                                                                                                                                                                      Symptom
                                                                                                                                                                                      
+
                                                                                                                                                                                      An error message similar to the following is displayed during workload creation:
                                                                                                                                                                                      
 
                                                                                                                                                                                      Failed to pull image "docker.io/bitnami/nginx:1.22.0-debian-11-r3": rpc error: code = Unknown desc = Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
                                                                                                                                                                                      
-
                                                                                                                                                                                      Possible Causes
                                                                                                                                                                                      
-
                                                                                                                                                                                      Failed to connect to the image repository due to the disconnected network. SWR allows you to pull images only from the official Docker repository. For image pulls from other repositories, you need to access the Internet.
                                                                                                                                                                                      
+
                                                                                                                                                                                      Possible cause
                                                                                                                                                                                      
+
                                                                                                                                                                                      The image repository cannot be accessed due to the network problems. SWR allows you to pull images only from the official Docker repository. To pull images from other repositories, you need to access the Internet.
                                                                                                                                                                                      
 
                                                                                                                                                                                      Solution
                                                                                                                                                                                      
-
                                                                                                                                                                                      • Bind a public IP address to the node which needs to pull the images.
                                                                                                                                                                                      • Upload the image to SWR and then pull the image from SWR.
                                                                                                                                                                                      
+
                                                                                                                                                                                      • Bind a public IP address to the node to which the image needs to be pulled.
                                                                                                                                                                                      • Push images to SWR and then pull them from SWR to your nodes.
                                                                                                                                                                                      
 
                                                                                                                                                                                      
-
                                                                                                                                                                                      Check Item 8: Whether the Number of Public Image Pull Times Reaches the Upper Limit
                                                                                                                                                                                      Symptom
                                                                                                                                                                                      
-
                                                                                                                                                                                      The following error message is displayed during workload creation:
                                                                                                                                                                                      
+
                                                                                                                                                                                      Check Item 8: Whether the Number of Public Image Pulls Reaches the Upper Limit
                                                                                                                                                                                      Symptom
                                                                                                                                                                                      
+
                                                                                                                                                                                      An error message similar to the following is displayed during workload creation:
                                                                                                                                                                                      
 
                                                                                                                                                                                      ERROR: toomanyrequests: Too Many Requests.
                                                                                                                                                                                      
 
                                                                                                                                                                                      Or
                                                                                                                                                                                      
 
                                                                                                                                                                                      you have reached your pull rate limit, you may increase the limit by authenticating an upgrading: https://www.docker.com/increase-rate-limits.
                                                                                                                                                                                      
-
                                                                                                                                                                                      Possible Causes
                                                                                                                                                                                      
-
                                                                                                                                                                                      Docker Hub sets the maximum number of container image pull requests. For details, see Docker Hub pull usage and limits.
                                                                                                                                                                                      
+
                                                                                                                                                                                      Possible cause
                                                                                                                                                                                      
+
                                                                                                                                                                                      Docker Hub sets limits for the maximum number of container image pull requests. For details, see Docker Hub pull usage and limits.
                                                                                                                                                                                      
 
                                                                                                                                                                                      Solution
                                                                                                                                                                                      
-
                                                                                                                                                                                      Push the frequently used image to SWR and then pull the image from SWR.
                                                                                                                                                                                      
+
                                                                                                                                                                                      Push the frequently used images to SWR and then pull them from SWR to your nodes.
                                                                                                                                                                                      
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00018.html b/docs/cce/umn/cce_faq_00018.html
index 8a6313aae..63397df6a 100644
--- a/docs/cce/umn/cce_faq_00018.html
+++ b/docs/cce/umn/cce_faq_00018.html
@@ -1,15 +1,21 @@
 
 
 
                                                                                                                                                                                      What Should I Do If Container Startup Fails?
                                                                                                                                                                                      
-
                                                                                                                                                                                      Fault Locating
                                                                                                                                                                                      On the details page of a workload, if an event is displayed indicating that the container fails to be started, perform the following steps to locate the fault:
                                                                                                                                                                                      
-
                                                                                                                                                                                      1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                      2. Check the ID of the container where the workload pod exits abnormally.
                                                                                                                                                                                        docker ps -a | grep $podName
                                                                                                                                                                                        
-
                                                                                                                                                                                      3. View the logs of the corresponding container.
                                                                                                                                                                                        docker logs $containerID
                                                                                                                                                                                        
+
                                                                                                                                                                                        Fault Locating
                                                                                                                                                                                        On the details page of a workload, if an event is displayed indicating that the container fails to be started, perform the following operations to locate the fault:
                                                                                                                                                                                        
+
                                                                                                                                                                                        1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                        2. Check the ID of the container where the workload pod exits abnormally.
                                                                                                                                                                                          If the node is a Docker node, run the following command:
                                                                                                                                                                                          
+
                                                                                                                                                                                          docker ps -a | grep $podName
                                                                                                                                                                                          
+
                                                                                                                                                                                          If the node is a containerd node, run the following command:
                                                                                                                                                                                          crictl ps -a | grep $podName
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                        3. View the logs of the corresponding container.
                                                                                                                                                                                          If the node is a Docker node, run the following command:
                                                                                                                                                                                          
+
                                                                                                                                                                                          docker logs $containerID
                                                                                                                                                                                          
+
                                                                                                                                                                                          If the node is a containerd node, run the following command:
                                                                                                                                                                                          crictl logs $containerID
                                                                                                                                                                                          
+
                                                                                                                                                                                          
 
                                                                                                                                                                                          Rectify the fault of the workload based on logs.
                                                                                                                                                                                          
 
                                                                                                                                                                                        4. Check the error logs.
                                                                                                                                                                                          cat /var/log/messages | grep $containerID  | grep oom
                                                                                                                                                                                          
 
                                                                                                                                                                                          Check whether the system OOM is triggered based on the logs.
                                                                                                                                                                                          
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        
-
                                                                                                                                                                                        Troubleshooting Process
                                                                                                                                                                                        Determine the cause based on the event information, as listed in Table 1.
                                                                                                                                                                                        
+
                                                                                                                                                                                        Troubleshooting
                                                                                                                                                                                        Determine the cause based on the event information, as listed in Table 1.
                                                                                                                                                                                        
 
 
                                                                                                                                                                                        
@@ -31,7 +37,7 @@
 
                                                                                                                                                                                        Check Item 2: Whether Health Check Fails to Be Performed (Exit Code: 137)
                                                                                                                                                                                        
-
+
+
+
+
+
                                                                                                                                                                                        Table 1 Container startup failure
                                                                                                                                                                                        Log or Event
                                                                                                                                                                                        
                                                                                                                                                                                         		
 
 
                                                                                                                                                                                        Event information:
                                                                                                                                                                                        
+
                                                                                                                                                                                        Event:
                                                                                                                                                                                        
 
                                                                                                                                                                                        Thin Pool has 15991 free data blocks which are less than minimum required 16383 free data blocks. Create more free space in thin pool or use dm.min_free_space option to change behavior
                                                                                                                                                                                        
                                                                                                                                                                                         		
 
                                                                                                                                                                                        The disk space is insufficient. Clear the disk space.
                                                                                                                                                                                        
@@ -62,11 +68,14 @@
 
 
                                                                                                                                                                                        In addition to the preceding possible causes, there are some other possible causes:
                                                                                                                                                                                        
 
-
                                                                                                                                                                                        Figure 1 Troubleshooting process of the container restart failure
                                                                                                                                                                                        
+
                                                                                                                                                                                        Figure 1 Troubleshooting process of the container restart failure
                                                                                                                                                                                        
+
+
                                                                                                                                                                                        Check Item 1: Whether There Are Processes that Keep Running in the Container (Exit Code: 0)
                                                                                                                                                                                        1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                        2. View the container status.
                                                                                                                                                                                          If the node is a Docker node, run the following command:
                                                                                                                                                                                          
+
                                                                                                                                                                                          docker ps -a | grep $podName
                                                                                                                                                                                          
+
                                                                                                                                                                                          If the node is a containerd node, run the following command:
                                                                                                                                                                                          crictl ps -a | grep $podName
                                                                                                                                                                                          
 
                                                                                                                                                                                          
-
                                                                                                                                                                                          Check Item 1: Whether There Are Processes that Keep Running in the Container (Exit Code: 0)
                                                                                                                                                                                          1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                          2. View the container status.
                                                                                                                                                                                            docker ps -a | grep $podName
                                                                                                                                                                                            
 
                                                                                                                                                                                            Example:
                                                                                                                                                                                            
-
                                                                                                                                                                                            
+
                                                                                                                                                                                            
 
                                                                                                                                                                                            If no running process exists in the container, the status code Exited (0) is displayed.
                                                                                                                                                                                            
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          
@@ -77,29 +86,29 @@
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        Check Item 3: Whether the Container Disk Space Is Insufficient
                                                                                                                                                                                        The following message refers to the thin pool disk that is allocated from the Docker disk selected during node creation. You can run the lvs command as user root to view the current disk usage.
                                                                                                                                                                                        
 
                                                                                                                                                                                        Thin Pool has 15991 free data blocks which are less than minimum required 16383 free data blocks. Create more free space in thin pool or use dm.min_free_space option to change behavior
                                                                                                                                                                                        
-
                                                                                                                                                                                        
+
                                                                                                                                                                                        
 
                                                                                                                                                                                        Solution
                                                                                                                                                                                        
 
                                                                                                                                                                                        Solution 1: Clearing images
                                                                                                                                                                                        
 
                                                                                                                                                                                        Perform the following operations to clear unused images:
                                                                                                                                                                                        • Nodes that use containerd
                                                                                                                                                                                          1. Obtain local images on the node.
                                                                                                                                                                                            crictl images -v
                                                                                                                                                                                            
-
                                                                                                                                                                                          2. Delete the images that are not required by image ID.
                                                                                                                                                                                            crictl rmi Image ID
                                                                                                                                                                                            
+
                                                                                                                                                                                          3. Delete the unnecessary images by image ID.
                                                                                                                                                                                            crictl rmi {Image ID}
                                                                                                                                                                                            
 
                                                                                                                                                                                          
 
                                                                                                                                                                                        • Nodes that use Docker
                                                                                                                                                                                          1. Obtain local images on the node.
                                                                                                                                                                                            docker images
                                                                                                                                                                                            
-
                                                                                                                                                                                          2. Delete the images that are not required by image ID.
                                                                                                                                                                                            docker rmi Image ID
                                                                                                                                                                                            
+
                                                                                                                                                                                          3. Delete the unnecessary images by image ID.
                                                                                                                                                                                            docker rmi {}Image ID}
                                                                                                                                                                                            
 
                                                                                                                                                                                          
 
                                                                                                                                                                                        
-
                                                                                                                                                                                         
                                                                                                                                                                                        Do not delete system images such as the cce-pause image. Otherwise, pods may fail to be created.
                                                                                                                                                                                        
+
                                                                                                                                                                                         
                                                                                                                                                                                        Do not delete system images such as the cce-pause image. Otherwise, the pod creation may fail.
                                                                                                                                                                                        
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        Solution 2: Expanding the disk capacity
                                                                                                                                                                                        
-
                                                                                                                                                                                        To expand a disk capacity, perform the following steps:
                                                                                                                                                                                        
-
                                                                                                                                                                                        1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                                          Only the storage capacity of the EVS disk is expanded. You also need to perform the following steps to expand the capacity of the logical volume and file system.
                                                                                                                                                                                          
-
                                                                                                                                                                                        2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                        3. Log in to the target node.
                                                                                                                                                                                        4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                          A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                          
+
                                                                                                                                                                                          To expand a disk capacity, perform the following operations:
                                                                                                                                                                                          
+
                                                                                                                                                                                          1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                                            Only the storage capacity of EVS disks can be expanded. You need to perform the following operations to expand the capacity of logical volumes and file systems.
                                                                                                                                                                                            
+
                                                                                                                                                                                          2. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Nodes. In the right pane, click the Nodes tab, locate the row containing the target node, and choose More > Sync Server Data in the Operation column.
                                                                                                                                                                                          3. Log in to the target node.
                                                                                                                                                                                          4. Run lsblk to view the block device information of the node.
                                                                                                                                                                                            A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                            
 
                                                                                                                                                                                            Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys.
                                                                                                                                                                                            
-
                                                                                                                                                                                            1. Check the disk and partition sizes of the device.
                                                                                                                                                                                              # lsblk
+
                                                                                                                                                                                              1. Check the disk and partition space of the device.
                                                                                                                                                                                                # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 sda                   8:0    0   50G  0 disk 
 └─sda1                8:1    0   50G  0 part /
-sdb                   8:16   0  150G  0 disk      # The data disk has been expanded to 150 GiB, but 50 GiB space is not allocated.
+sdb                   8:16   0  150G  0 disk      # The data disk has been expanded to 150 GiB, but 50 GiB space is free.
 ├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd
 └─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                
 
                                                                                                                                                                                              2. Expand the disk capacity.
                                                                                                                                                                                                Add the new disk capacity to the dockersys logical volume used by the container engine.
                                                                                                                                                                                                
@@ -117,7 +126,7 @@ Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                              
 old_desc_blocks = 12, new_desc_blocks = 18
 The filesystem on /dev/vgpaas/dockersys is now 36700160 blocks long.
 
                                                                                                                                                                                            
-
                                                                                                                                                                                          5. Check whether the capacity is expanded.
                                                                                                                                                                                            # lsblk
+
                                                                                                                                                                                          6. Check whether the capacity has been expanded.
                                                                                                                                                                                            # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 sda                   8:0    0   50G  0 disk 
 └─sda1                8:1    0   50G  0 part /
@@ -125,22 +134,22 @@ sda                   8:0    0   50G  0 disk
 ├─vgpaas-dockersys  253:0    0   140G  0 lvm  /var/lib/containerd
 └─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                            
 
                                                                                                                                                                                          
-
                                                                                                                                                                                          Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                          
-
                                                                                                                                                                                          1. Check the disk and partition sizes of the device.
                                                                                                                                                                                            # lsblk
+
                                                                                                                                                                                            Device Mapper: A thin pool is allocated to store image data.
                                                                                                                                                                                            
+
                                                                                                                                                                                            1. Check the disk and partition space of the device.
                                                                                                                                                                                              # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
 vdb                                   8:16   0  200G  0 disk 
 ├─vgpaas-dockersys                  253:0    0   18G  0 lvm  /var/lib/docker    
 ├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
-│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm                   # Space used by thinpool
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm                   # Space used by thin pool
 │   ...
 ├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
 │ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
 │   ...
 └─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                              
-
                                                                                                                                                                                            2. Expand the disk capacity.
                                                                                                                                                                                              Option 1: Add the new disk capacity to the thin pool disk.
                                                                                                                                                                                              
-
                                                                                                                                                                                              1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where thinpool is located.
                                                                                                                                                                                                pvresize /dev/vdb
                                                                                                                                                                                                
+
                                                                                                                                                                                              2. Expand the disk capacity.
                                                                                                                                                                                                Option 1: Add the new disk capacity to the thin pool.
                                                                                                                                                                                                
+
                                                                                                                                                                                                1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where thin pool is located.
                                                                                                                                                                                                  pvresize /dev/vdb
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Information similar to the following is displayed:
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Physical volume "/dev/vdb" changed
 1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                                  
@@ -148,7 +157,7 @@ vda                                   8:0    0   50G  0 disk
 
                                                                                                                                                                                                  Information similar to the following is displayed:
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Size of logical volume vgpaas/thinpool changed from <67.00 GiB (23039 extents) to <167.00 GiB (48639 extents).
 Logical volume vgpaas/thinpool successfully resized.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                2. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                                3. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the thin pool, the capacity is expanded.
                                                                                                                                                                                                  # lsblk
+
                                                                                                                                                                                                4. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                                5. Run the lsblk command to check the disk and partition space of the device and check whether the capacity has been expanded. If the new disk capacity was added to the thin pool, the capacity has been expanded.
                                                                                                                                                                                                  # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
@@ -176,7 +185,7 @@ Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/docker; on-line resizing required
 old_desc_blocks = 3, new_desc_blocks = 15
 The filesystem on /dev/vgpaas/dockersys is now 30932992 blocks long.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                6. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the dockersys, the capacity is expanded.
                                                                                                                                                                                                  # lsblk
+
                                                                                                                                                                                                7. Run the lsblk command to check the disk and partition space of the device and check whether the capacity has been expanded. If the new disk capacity was added to the dockersys, the capacity has been expanded.
                                                                                                                                                                                                  # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
@@ -195,15 +204,21 @@ vda                                   8:0    0   50G  0 disk
 
                                                                                                                                                                                                
 
                                                                                                                                                                                                Check Item 4: Whether the Upper Limit of Container Resources Has Been Reached
                                                                                                                                                                                                If the upper limit of container resources has been reached, OOM will be displayed in the event details as well as in the log:
                                                                                                                                                                                                
 
                                                                                                                                                                                                cat /var/log/messages | grep 96feb0a425d6 | grep oom
                                                                                                                                                                                                
-
                                                                                                                                                                                                
+
                                                                                                                                                                                                
 
                                                                                                                                                                                                When a workload is created, if the requested resources exceed the configured upper limit, the system OOM is triggered and the container exits unexpectedly.
                                                                                                                                                                                                
 
                                                                                                                                                                                                
 
                                                                                                                                                                                                Check Item 5: Whether the Resource Limits Are Improperly Configured for the Container
                                                                                                                                                                                                If the resource limits set for the container during workload creation are less than required, the container fails to be restarted.
                                                                                                                                                                                                
 
                                                                                                                                                                                                
-
                                                                                                                                                                                                Check Item 6: Whether the Container Ports in the Same Pod Conflict with Each Other
                                                                                                                                                                                                1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                                2. Check the ID of the container where the workload pod exits abnormally.
                                                                                                                                                                                                  docker ps -a | grep $podName
                                                                                                                                                                                                  
-
                                                                                                                                                                                                3. View the logs of the corresponding container.
                                                                                                                                                                                                  docker logs $containerID
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Check Item 6: Whether the Container Ports in the Same Pod Conflict with Each Other
                                                                                                                                                                                                  1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                                  2. Check the ID of the container where the workload pod exits abnormally.
                                                                                                                                                                                                    If the node is a Docker node, run the following command:
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    docker ps -a | grep $podName
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    If the node is a containerd node, run the following command:
                                                                                                                                                                                                    crictl ps -a | grep $podName
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  3. View the logs of the corresponding container.
                                                                                                                                                                                                    If the node is a Docker node, run the following command:
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    docker logs $containerID
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    If the node is a containerd node, run the following command:
                                                                                                                                                                                                    crictl logs $containerID
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Rectify the fault of the workload based on logs. As shown in the following figure, container ports in the same pod conflict. As a result, the container fails to be started.
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Figure 2 Container restart failure due to a container port conflict
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Figure 2 Container restart failure due to a container port conflict
                                                                                                                                                                                                    
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Solution
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Re-create the workload and set a port number that is not used by any other pod.
                                                                                                                                                                                                  
@@ -211,21 +226,27 @@ vda                                   8:0    0   50G  0 disk
 
                                                                                                                                                                                                  Check Item 7: Whether the Value of the Secret Mounted to the Workload Meets Requirements
                                                                                                                                                                                                  Information similar to the following is displayed in the event:
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Error: failed to start container "filebeat": Error response from daemon: OCI runtime create failed: container_linux.go:330: starting container process caused "process_linux.go:381: container init caused \"setenv: invalid argument\"": unknown
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  The root cause is that a secret is mounted to the workload, but the value of the secret is not encrypted using Base64.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Solution:
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Solution
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Create a secret on the console. The value of the secret is automatically encrypted using Base64.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  If you use YAML to create a secret, you need to manually encrypt its value using Base64.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  # echo -n "Content to be encoded" | base64
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Check Item 8: Whether the Container Startup Command Is Correctly Configured
                                                                                                                                                                                                  The error messages are as follows:
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Solution
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Click the workload name to go to the workload details page, click the Containers tab. Choose Lifecycle, click Startup Command, and ensure that the command is correct.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Check Item 9: Whether the User Service Has a Bug
                                                                                                                                                                                                  Check whether the workload startup command is correctly executed or whether the workload has a bug.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                                  2. Check the ID of the container where the workload pod exits abnormally.
                                                                                                                                                                                                    docker ps -a | grep $podName
                                                                                                                                                                                                    
-
                                                                                                                                                                                                  3. View the logs of the corresponding container.
                                                                                                                                                                                                    docker logs $containerID
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                                    2. Check the ID of the container where the workload pod exits abnormally.
                                                                                                                                                                                                      If the node is a Docker node, run the following command:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      docker ps -a | grep $podName
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      If the node is a containerd node, run the following command:
                                                                                                                                                                                                      crictl ps -a | grep $podName
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    3. View the logs of the corresponding container.
                                                                                                                                                                                                      If the node is a Docker node, run the following command:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      docker logs $containerID
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      If the node is a containerd node, run the following command:
                                                                                                                                                                                                      crictl logs $containerID
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Note: In the preceding command, containerID indicates the ID of the container that has exited.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Figure 3 Incorrect startup command of the container
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Figure 3 Incorrect startup command of the container
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      As shown in the figure above, the container fails to be started due to an incorrect startup command. For other errors, rectify the bugs based on the logs.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Solution
                                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_faq_00020.html b/docs/cce/umn/cce_faq_00020.html
index ad3c0c9ec..278886554 100644
--- a/docs/cce/umn/cce_faq_00020.html
+++ b/docs/cce/umn/cce_faq_00020.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                                                    A node is running properly and has GPU resources. However, the following error information is displayed:
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    0/9 nodes are available: 9 insufficient nvidia.com/gpu
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Analysis
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    1. Check whether the node is attached with NVIDIA label.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. Check whether the node is attached with NVIDIA label.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      2. Check whether the NVIDIA driver is running properly.
                                                                                                                                                                                                        Log in to the node where the add-on is running and view the driver installation log in the following path:
                                                                                                                                                                                                        /opt/cloud/cce/nvidia/nvidia_installer.log
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
@@ -20,7 +20,7 @@
 
                                                                                                                                                                                                        cat /usr/local/cuda/version.txt
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Check whether the CUDA version supported by the NVIDIA driver version of the node where the container is located contains the CUDA version of the container.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Helpful Links
                                                                                                                                                                                                  What Should I Do If an Error Occurs When I Deploy a Service on the GPU Node?
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Helpful Links
                                                                                                                                                                                                  What Should I Do If an Error Occurs When I Deploy a Service on a GPU Node?
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_faq_00021.html b/docs/cce/umn/cce_faq_00021.html
index 9d6e89c5a..03252fe34 100644
--- a/docs/cce/umn/cce_faq_00021.html
+++ b/docs/cce/umn/cce_faq_00021.html
@@ -4,6 +4,8 @@
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • How Can I Locate a Fault That Occurs with a Node?
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    • 
 
                                                                                                                                                                                                  • Node Creation
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    • 
 
                                                                                                                                                                                                  • Node Running
                                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_faq_00027.html b/docs/cce/umn/cce_faq_00027.html
index 132629f9d..19b8204b4 100644
--- a/docs/cce/umn/cce_faq_00027.html
+++ b/docs/cce/umn/cce_faq_00027.html
@@ -14,15 +14,15 @@
 
                                                                                                                                                                                                    Cause Analysis
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    The default node subnet CIDR block of the cluster is too small, causing all the available private IP addresses in the subnet to be exhausted. Consequently, it is not possible to allocate any private IP addresses to the nodes.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Solution
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    • Scenario 1: IP addresses in the VPC CIDR block are not used up.
                                                                                                                                                                                                      When creating a node, you can select a new node subnet in the network configuration. If no node subnet is available, you can go to the VPC console and create a node subnet. 
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • Scenario 1: IP addresses in the VPC CIDR block are not used up.
                                                                                                                                                                                                        When creating a node, you can select a new node subnet in the network configuration. If no node subnet is available, you can go to the VPC console and create a node subnet. 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      • Scenario 2: All IP addresses in the VPC CIDR block have been used up.
                                                                                                                                                                                                        If all IP addresses in the VPC CIDR block have been used up, you need to expand the VPC CIDR block and create a node subnet.
                                                                                                                                                                                                        1. Log in to the management console. In the service list, choose Virtual Private Cloud. In the VPC list, locate the row containing the target VPC and click Edit CIDR block in the Operation column.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        2. After adding a secondary CIDR block, click OK.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Scenario 2: All IP addresses in the VPC CIDR block have been used up.
                                                                                                                                                                                                          If all IP addresses in the VPC CIDR block have been used up, you need to expand the VPC CIDR block and create a node subnet.
                                                                                                                                                                                                          1. Log in to the management console. In the service list, choose Virtual Private Cloud. In the VPC list, locate the row containing the target VPC and click Edit CIDR block in the Operation column.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          2. After adding a secondary CIDR block, click OK.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          3. In the navigation pane, choose Subnets and click Create Subnet to create a subnet for the VPC where the cluster resides.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          4. In the navigation pane, choose Subnets and click Create Subnet to create a subnet for the VPC where the cluster resides.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          5. Go back to the page for adding a node on the CCE console, and select the newly created subnet.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          6. Go back to the page for adding a node on the CCE console and select the newly created subnet.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                             
                                                                                                                                                                                                            1. Adding subnets to the VPC does not affect the use of the existing CIDR blocks. If the service requirements still cannot be met, you can add more subnets.
                                                                                                                                                                                                            2. Subnets in the same VPC can communicate with each other through the private network.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
@@ -30,27 +30,27 @@
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Check Item 2: EIP Quota
                                                                                                                                                                                                  Symptom
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  When a node is added, EIP is set to Auto create. The node cannot be created, and a message indicating that EIPs are insufficient is displayed.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Check Item 2: EIP Quota
                                                                                                                                                                                                  Symptom
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  When a node is added, EIP is set to Auto create. The node cannot be created, and a message indicating that EIPs are insufficient is displayed.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Solution
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Two methods are available to solve the problem.
                                                                                                                                                                                                  
-
 
 
                                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_faq_00038.html b/docs/cce/umn/cce_faq_00038.html
index 90e0ab072..c31770852 100644
--- a/docs/cce/umn/cce_faq_00038.html
+++ b/docs/cce/umn/cce_faq_00038.html
@@ -60,11 +60,20 @@
 
                                                                                                                                                                                        Supported. This type of volumes can be shared among multiple nodes or workloads.
                                                                                                                                                                                        
                                                                                                                                                                                         		
 
                                                                                                                                                                                        Dedicated Distributed Storage Service (DSS)
                                                                                                                                                                                        
+
                                                                                                                                                                                        Supported
                                                                                                                                                                                        
+
                                                                                                                                                                                        Supported
                                                                                                                                                                                        
+
                                                                                                                                                                                        Not supported
                                                                                                                                                                                        
+
                                                                                                                                                                                        
 
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        Selecting a Storage Class
                                                                                                                                                                                        You can use the following types of storage volumes when creating a workload. You are advised to store workload data on EVS volumes. If you store workload data on a local volume, the data cannot be restored when a fault occurs on the node.
                                                                                                                                                                                        
-
                                                                                                                                                                                        • Local volumes: Mount the file directory of the host where a container is located to a specified container path (corresponding to hostPath in Kubernetes). Alternatively, you can leave the source path empty (corresponding to emptyDir in Kubernetes). If the source path is left empty, a temporary directory of the host will be mounted to the mount point of the container. A specified source path is used when data needs to be persistently stored on the host, while emptyDir is used when temporary storage is needed. A ConfigMap is a type of resource that stores configuration data required by a workload. Its contents are user-defined. A Secret is an object that contains sensitive data such as workload authentication information and keys. Information stored in a Secret is determined by users.
                                                                                                                                                                                        • EVS volumes: Mount an EVS volume to a container path. When the container is migrated, the mounted EVS volume is migrated together. This storage class is applicable when data needs to be stored permanently.
                                                                                                                                                                                        • SFS volumes: Create SFS volumes and mount them to a container path. The file system volumes created by the underlying SFS service can also be used. SFS volumes are applicable to persistent storage for frequent read/write in multiple workload scenarios, including media processing, content management, big data analysis, and workload analysis.
                                                                                                                                                                                        • OBS volumes: Create OBS volumes and mount them to a container path. OBS volumes are applicable to scenarios such as cloud workload, data analysis, content analysis, and hotspot objects.
                                                                                                                                                                                        • SFS Turbo volumes: Create SFS Turbo volumes and mount them to a container path. SFS Turbo volumes are fast, on-demand, and scalable, which makes them suitable for DevOps, containerized microservices, and enterprise office applications. 
                                                                                                                                                                                        
+
                                                                                                                                                                                        • Local volumes: Mount the file directory of the host where a container is located to a specified container path (corresponding to hostPath in Kubernetes). Alternatively, you can leave the source path empty (corresponding to emptyDir in Kubernetes). If the source path is left empty, a temporary directory of the host will be mounted to the mount point of the container. A specified source path is used when data needs to be persistently stored on the host, while emptyDir is used when temporary storage is needed. A ConfigMap is a type of resource that stores configuration data required by a workload. Its contents are user-defined. A secret is an object that contains sensitive data such as workload authentication information and keys. Information stored in a secret is determined by users.
                                                                                                                                                                                        • EVS volumes: Mount an EVS volume to a container path. When the container is migrated, the mounted EVS volume is migrated together. This storage class is applicable when data needs to be stored permanently.
                                                                                                                                                                                        • SFS volumes: Create SFS volumes and mount them to a container path. The file system volumes created by the underlying SFS service can also be used. SFS volumes are applicable to persistent storage for frequent read/write in multiple workload scenarios, including media processing, content management, big data analysis, and workload analysis.
                                                                                                                                                                                        • OBS volumes: Create OBS volumes and mount them to a container path. OBS volumes are applicable to scenarios such as cloud workload, data analysis, content analysis, and hotspot objects.
                                                                                                                                                                                        • SFS Turbo volumes: Create SFS Turbo volumes and mount them to a container path. SFS Turbo volumes are fast, on-demand, and scalable, which makes them suitable for DevOps, containerized microservices, and enterprise office applications. 
                                                                                                                                                                                        • DSS volumes: CCE allows you to create DSS volumes and mount them to a container path. DSS offers dedicated, physical storage resources tailored to fulfill the needs of high-performance and low-latency storage. It is ideal for scenarios such as high-performance computing, real-time analysis and processing, and handling mixed workloads.
                                                                                                                                                                                        
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_faq_00039.html b/docs/cce/umn/cce_faq_00039.html
index 5d3b3af3d..d81368970 100644
--- a/docs/cce/umn/cce_faq_00039.html
+++ b/docs/cce/umn/cce_faq_00039.html
@@ -1,24 +1,23 @@
 
 
 
                                                                                                                                                                                        How Do I Locate the Fault When a Cluster Is Unavailable?
                                                                                                                                                                                        
-
                                                                                                                                                                                        If a cluster is unavailable, perform the following operations to locate the fault.
                                                                                                                                                                                        
-
                                                                                                                                                                                        Troubleshooting Process
                                                                                                                                                                                        The issues here are described in order of how likely they are to occur.
                                                                                                                                                                                        
+
                                                                                                                                                                                        This section provides you with some operations to locate the fault when a cluster becomes unavailable.
                                                                                                                                                                                        
+
                                                                                                                                                                                        Troubleshooting
                                                                                                                                                                                        The issues here are described in order of how likely they are to occur.
                                                                                                                                                                                        
 
                                                                                                                                                                                        Check these causes one by one until you find the cause of the fault.
                                                                                                                                                                                        
-
+
 
                                                                                                                                                                                        If the fault persists, contact the customer service to help you locate the fault.
                                                                                                                                                                                        
 
                                                                                                                                                                                        
-
                                                                                                                                                                                        Check Item 1: Whether the Security Group Is Modified
                                                                                                                                                                                        1. Log in to the management console and choose Service List > Networking > Virtual Private Cloud. In the navigation pane, choose Access Control > Security Groups to find the security group of the master node in the cluster.
                                                                                                                                                                                          The name of this security group is in the format of Cluster name-cce-control-ID.
                                                                                                                                                                                          
-
                                                                                                                                                                                        2. Click the security group. On the details page displayed, ensure that the security group rules of the master node are correct.
                                                                                                                                                                                          For details, see How Can I Configure a Security Group Rule in a Cluster?
                                                                                                                                                                                          
+
                                                                                                                                                                                          Check Item 1: Whether the Security Group Is Modified
                                                                                                                                                                                          1. Log in to the management console and choose Service List > Networking > Virtual Private Cloud. In the navigation pane, choose Access Control > Security Groups and find the security group of the master node in the cluster.
                                                                                                                                                                                            The name of this security group is in the format of Cluster name-cce-control-ID.
                                                                                                                                                                                            
+
                                                                                                                                                                                          2. Click the security group. On the details page displayed, ensure that the security group rules of the master node are correct.
                                                                                                                                                                                            For details, see How Can I Configure a Security Group Rule for a Cluster?
                                                                                                                                                                                            
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          
-
                                                                                                                                                                                          Check Item 2: Whether There Are Residual Listeners and Backend Server Groups on the Load Balancer
                                                                                                                                                                                          Reproducing the Problem
                                                                                                                                                                                          
-
                                                                                                                                                                                          A cluster exception occurs when a LoadBalancer Service is being created or deleted. After the fault is rectified, the Service is deleted successfully, but there are residual listeners and backend server groups.
                                                                                                                                                                                          
-
                                                                                                                                                                                          1. Pre-create a CCE cluster. In the cluster, use the official Nginx image to create a workload, preset a load balancer, a Service, and an ingress.
                                                                                                                                                                                          2. Ensure that the cluster is running properly and the Nginx workload is stable.
                                                                                                                                                                                          3. Create and delete 10 LoadBalancer Services every 20 seconds.
                                                                                                                                                                                          4. Verify that an injection exception occurs in the cluster. For example, the etcd is unavailable or the cluster is hibernated.
                                                                                                                                                                                          
-
                                                                                                                                                                                          Possible Causes
                                                                                                                                                                                          
-
                                                                                                                                                                                          There are residual listeners and backend server groups on the load balancer.
                                                                                                                                                                                          
+
                                                                                                                                                                                          Check Item 2: Whether the Cluster Is Overloaded
                                                                                                                                                                                          Symptom
                                                                                                                                                                                          
+
                                                                                                                                                                                          The resource usage on the master nodes in the cluster reaches 100%.
                                                                                                                                                                                          
+
                                                                                                                                                                                          Possible cause
                                                                                                                                                                                          
+
                                                                                                                                                                                          When a cluster has a large number of resources created simultaneously, it causes an overload on the API server. This, in turn, overloads the master nodes and leads to OOM issues.
                                                                                                                                                                                          
 
                                                                                                                                                                                          Solution
                                                                                                                                                                                          
-
                                                                                                                                                                                          Manually clear residual listeners and backend server groups.
                                                                                                                                                                                          
-
                                                                                                                                                                                          1. Log in to the management console and choose Networking > Elastic Load Balance from the service list.
                                                                                                                                                                                          2. In the load balancer list, click the name of the target load balancer to go to the details page. On the Listeners tab, locate the target listener and delete it.
                                                                                                                                                                                          3. On the Backend Server Groups page, locate the target backend server group and delete it.
                                                                                                                                                                                          
+
                                                                                                                                                                                          Increase the cluster management scale. A larger cluster management scale means higher capacity and improved performance of the master nodes. For details, see Changing Cluster Scale.
                                                                                                                                                                                          
+
                                                                                                                                                                                          If a cluster is overloaded, you can submit a service ticket for technical support.
                                                                                                                                                                                          
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_faq_00040.html b/docs/cce/umn/cce_faq_00040.html
index e519bdbb4..1e69076b6 100644
--- a/docs/cce/umn/cce_faq_00040.html
+++ b/docs/cce/umn/cce_faq_00040.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                                          How Do I Retrieve Data After a CCE Cluster Is Deleted?
                                                                                                                                                                                          
 
                                                                                                                                                                                          Question
                                                                                                                                                                                          
 
                                                                                                                                                                                          How do I retrieve data after a CCE cluster is deleted?
                                                                                                                                                                                          
-
                                                                                                                                                                                          Answer:
                                                                                                                                                                                          
+
                                                                                                                                                                                          Answer
                                                                                                                                                                                          
 
                                                                                                                                                                                          After a cluster is deleted, the workload on the cluster will also be deleted and cannot be restored. Therefore, exercise caution when deleting a cluster.
                                                                                                                                                                                          
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_faq_00041.html b/docs/cce/umn/cce_faq_00041.html
index da07028e8..305a06978 100644
--- a/docs/cce/umn/cce_faq_00041.html
+++ b/docs/cce/umn/cce_faq_00041.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                                          How Do I Download kubeconfig for Connecting to a Cluster Using kubectl?
                                                                                                                                                                                          
-
                                                                                                                                                                                          1. Log in to the CCE console and click the target cluster to access the cluster console.
                                                                                                                                                                                          2. In the Connection Information area, view the kubectl connection mode.
                                                                                                                                                                                          3. In the window that is displayed, download the kubectl configuration file (kubeconfig.json).
                                                                                                                                                                                            Figure 1 Downloading kubeconfig.json
                                                                                                                                                                                            
+
                                                                                                                                                                                            1. Log in to the CCE console and click the name of the target cluster to access the cluster console.
                                                                                                                                                                                            2. In the Connection Information area, check the kubectl access mode.
                                                                                                                                                                                            3. In the window that slides out from the right, download the kubectl configuration file (kubeconfig.json).
                                                                                                                                                                                              Figure 1 Downloading kubeconfig.json
                                                                                                                                                                                              
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
diff --git a/docs/cce/umn/cce_faq_00089.html b/docs/cce/umn/cce_faq_00089.html
index 59354d9f8..de42156f2 100644
--- a/docs/cce/umn/cce_faq_00089.html
+++ b/docs/cce/umn/cce_faq_00089.html
@@ -1,8 +1,8 @@
 
 
 
                                                                                                                                                                                            Can I Create a CCE Node Without Adding a Data Disk to the Node?
                                                                                                                                                                                            
-
                                                                                                                                                                                            • If System Component Storage is set to System Disk, you do not need to add a data disk.
                                                                                                                                                                                            • Data disks are required if System Component Storage is set to Data Disk.
                                                                                                                                                                                              A data disk dedicated for kubelet and the container engine will be attached to a new node. By default, CCE uses LVM to manage data disks. With LVM, you can adjust the disk space ratio for different resources on a data disk.
                                                                                                                                                                                              
-
                                                                                                                                                                                              If the data disk is uninstalled or damaged, the container engine will malfunction and the node becomes unavailable.
                                                                                                                                                                                              
+
                                                                                                                                                                                              • If System Component Storage is set to System Disk, you do not need to add a data disk.
                                                                                                                                                                                              • Data disks are required if System Component Storage is set to Data Disk.
                                                                                                                                                                                                A data disk dedicated for kubelet and the container engine will be attached to a new node. By default, CCE uses LVM to manage data disks. With LVM, you can adjust the disk space ratio for different resources on a data disk.
                                                                                                                                                                                                
+
                                                                                                                                                                                                If the data disk is uninstalled or damaged, the container engine will malfunction and the node becomes unavailable.
                                                                                                                                                                                                
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_faq_00090.html b/docs/cce/umn/cce_faq_00090.html
index 23be78ff8..bca385cbb 100644
--- a/docs/cce/umn/cce_faq_00090.html
+++ b/docs/cce/umn/cce_faq_00090.html
@@ -1,9 +1,10 @@
 
 
 
                                                                                                                                                                                              Is Management Scale of a Cluster Related to the Number of Master Nodes?
                                                                                                                                                                                              
-
                                                                                                                                                                                              Management scale indicates the maximum number of nodes that can be managed by a cluster. If you select 50 nodes, the cluster can manage a maximum of 50 nodes.
                                                                                                                                                                                              
-
                                                                                                                                                                                              The number of master nodes varies according to the cluster specification, but is not affected by the management scale.
                                                                                                                                                                                              
-
                                                                                                                                                                                              After the multi-master node mode is enabled, three master nodes will be created. If one of them is faulty, the cluster can still run properly. The services will not be affected.
                                                                                                                                                                                              
+
                                                                                                                                                                                              In a CCE cluster, the management scale is not directly related to the number of master nodes. These are cluster parameters that operate in different dimensions. Here are the details:
                                                                                                                                                                                              
+
                                                                                                                                                                                              • Cluster management scale: indicates the maximum number of nodes that a cluster can manage. For example, if you choose 50 nodes, the cluster can manage up to 50 worker nodes.
                                                                                                                                                                                                The flavors of master nodes may vary with the cluster scale. However, the number of master nodes is not affected by the management scale.
                                                                                                                                                                                                
+
                                                                                                                                                                                              • Number of master nodes: The number of master nodes impacts the high availability of the cluster. To enhance the cluster's DR capabilities, you can choose multiple master nodes.
                                                                                                                                                                                                For example, you can choose three masters for your cluster. If one of them is faulty, the cluster can still run properly. The services will not be affected.
                                                                                                                                                                                                
+
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_faq_00097.html b/docs/cce/umn/cce_faq_00097.html
index 8213eb070..bdb0585ba 100644
--- a/docs/cce/umn/cce_faq_00097.html
+++ b/docs/cce/umn/cce_faq_00097.html
@@ -8,7 +8,7 @@
 
                                                                                                                                                                                              Notes and Constraints
                                                                                                                                                                                              • ECSs can be managed.
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              Prerequisites
                                                                                                                                                                                              The cloud servers to be managed must meet the following requirements:
                                                                                                                                                                                              
-
                                                                                                                                                                                              • The node to be accepted must be in the Running state and not used by other clusters. In addition, the node to be accepted does not carry the CCE-Dynamic-Provisioning-Node tag.
                                                                                                                                                                                              • The node to be accepted and the cluster must be in the same VPC. (If the cluster version is earlier than v1.13.10, the node to be accepted and the CCE cluster must be in the same subnet.)
                                                                                                                                                                                              • Data disks must be attached to the nodes to be managed if the system components of these nodes are separately stored. A local disk (disk-intensive disk) or a data disk of at least 20 GiB can be attached to the node, and any data disks already attached cannot be smaller than 10 GiB. 
                                                                                                                                                                                              • The node to be accepted has 2-core or higher CPU, 4 GiB or larger memory, and only one NIC.
                                                                                                                                                                                              • Only cloud servers with the same data disk configuration can be accepted in batches for management.
                                                                                                                                                                                              • If IPv6 is enabled for a cluster, only nodes in a subnet with IPv6 enabled can be accepted and managed. If IPv6 is not enabled for the cluster, only nodes in a subnet without IPv6 enabled can be accepted.
                                                                                                                                                                                              • Nodes in a CCE Turbo cluster must support sub-ENIs or be bound to at least 16 ENIs. For details about the node flavors, see the node flavors that can be selected on the console when you create a node. 
                                                                                                                                                                                              • Data disks that have been partitioned will be ignored during node management. Ensure that there is at least one unpartitioned data disk meeting the specifications is attached to the node.
                                                                                                                                                                                              
+
                                                                                                                                                                                              • The node to be accepted must be in the Running state and not used by other clusters. In addition, the node to be accepted does not carry the CCE-Dynamic-Provisioning-Node tag.
                                                                                                                                                                                              • The node to be accepted and the cluster must be in the same VPC. (If the cluster version is earlier than v1.13.10, the node to be accepted and the CCE cluster must be in the same subnet.)
                                                                                                                                                                                              • Data disks must be attached to the nodes to be managed if the system components of these nodes are separately stored. A local disk (disk-intensive disk) or a data disk of at least 20 GiB can be attached to the node, and any data disks already attached cannot be smaller than 10 GiB. 
                                                                                                                                                                                              • The node to be accepted has 2-core or higher CPU, 4 GiB or larger memory, and only one NIC.
                                                                                                                                                                                              • Only cloud servers with the same data disk configuration can be accepted in batches for management.
                                                                                                                                                                                              • If IPv6 is enabled for a cluster, only nodes in a subnet with IPv6 enabled can be accepted and managed. If IPv6 is not enabled for the cluster, only nodes in a subnet without IPv6 enabled can be accepted.
                                                                                                                                                                                              • Nodes in a CCE Turbo cluster must support sub-ENIs or be bound to at least 16 ENIs. For details about the node flavors, see the options provided on the console when you create a node. 
                                                                                                                                                                                              • Data disks that have been partitioned will be ignored during node management. Ensure that there is at least one unpartitioned data disk meeting the specifications is attached to the node.
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              Procedure
                                                                                                                                                                                              View the cluster log information to locate the failure cause and rectify the fault.
                                                                                                                                                                                              
 
                                                                                                                                                                                              1. Log in to the CCE console and click Operation Records above the cluster list to view operation records.
                                                                                                                                                                                              2. Click the record of the Failed status to view error information.
                                                                                                                                                                                              3. Rectify the fault based on the error information and accept the node into a cluster again.
                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_faq_00098.html b/docs/cce/umn/cce_faq_00098.html
index 448ca7654..e1a5f0003 100644
--- a/docs/cce/umn/cce_faq_00098.html
+++ b/docs/cce/umn/cce_faq_00098.html
@@ -1,11 +1,11 @@
 
 
-
                                                                                                                                                                                              What Should I Do If Pod Scheduling Fails?
                                                                                                                                                                                              
-
                                                                                                                                                                                              Fault Locating
                                                                                                                                                                                              If the pod is in the Pending state and the event contains pod scheduling failure information, locate the cause based on the event information. For details about how to view events, see How Can I Find the Fault for an Abnormal Workload?
                                                                                                                                                                                              
+
                                                                                                                                                                                              What Should I Do If the Scheduling of a Pod Fails?
                                                                                                                                                                                              
+
                                                                                                                                                                                              Fault Locating
                                                                                                                                                                                              If a pod is in the Pending state and the events contain the information that indicates a pod scheduling failure, you can locate the cause based on the events. For details about how to view events, see How Can I Locate the Root Cause If a Workload Is Abnormal?
                                                                                                                                                                                              
 
                                                                                                                                                                                              
-
                                                                                                                                                                                              Troubleshooting Process
                                                                                                                                                                                              Determine the cause based on the event information, as listed in Table 1.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Troubleshooting
                                                                                                                                                                                              Determine the cause based on the events, as listed in Table 1.
                                                                                                                                                                                              
 
-
                                                                                                                                                                                              
-
@@ -24,14 +24,14 @@
 
-
-
-
-
-
-
-
-
@@ -88,9 +88,10 @@
 
                                                                                                                                                                                              On the CCE console, click the workload name to go to the workload details page, locate the row containing the abnormal pod, and choose More > View Events in the Operation column.
                                                                                                                                                                                              Method 2
                                                                                                                                                                                              
-
                                                                                                                                                                                              Run kubectl describe pod {Pod name} to view pod events. The following shows an example:
                                                                                                                                                                                              
-
                                                                                                                                                                                              $ kubectl describe pod prepare-58bd7bdf9-fthrp
-...
+
                                                                                                                                                                                              Use the kubectl command:
                                                                                                                                                                                              
+
                                                                                                                                                                                              kubectl describe pod {pod-name}
                                                                                                                                                                                              
+
                                                                                                                                                                                              Information similar to the following is displayed:
                                                                                                                                                                                              
+
                                                                                                                                                                                              ...
 Events:
   Type     Reason            Age   From               Message
   ----     ------            ----  ----               -------
diff --git a/docs/cce/umn/cce_faq_00140.html b/docs/cce/umn/cce_faq_00140.html
index 4dbdccaa3..082e6db7f 100644
--- a/docs/cce/umn/cce_faq_00140.html
+++ b/docs/cce/umn/cce_faq_00140.html
@@ -3,19 +3,19 @@
 
                                                                                                                                                                                              What Should I Do If a Workload Remains in the Creating State?
                                                                                                                                                                                              
 
                                                                                                                                                                                              Symptom
                                                                                                                                                                                              The workload remains in the creating state.
                                                                                                                                                                                              
 
                                                                                                                                                                                              
-
                                                                                                                                                                                              Troubleshooting Process
                                                                                                                                                                                              The issues here are described in order of how likely they are to occur.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Troubleshooting
                                                                                                                                                                                              The issues here are described in order of how likely they are to occur.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Check these causes one by one until you find the cause of the fault.
                                                                                                                                                                                              
 
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              Check Item 1: Whether the cce-pause Image Is Deleted by Mistake
                                                                                                                                                                                              Symptom
                                                                                                                                                                                              
 
                                                                                                                                                                                              When creating a workload, an error message indicating that the sandbox cannot be created is displayed. This is because the cce-pause:3.1 image fails to be pulled.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Failed to create pod sandbox: rpc error: code = Unknown desc = failed to get sandbox image "cce-pause:3.1": failed to pull image "cce-pause:3.1": failed to pull and unpack image "docker.io/library/cce-pause:3.1": failed to resolve reference "docker.io/library/cce-pause:3.1": pulling from host **** failed with status code [manifests 3.1]: 400 Bad Request
                                                                                                                                                                                              
-
                                                                                                                                                                                              Possible Causes
                                                                                                                                                                                              
+
                                                                                                                                                                                              Possible cause
                                                                                                                                                                                              
 
                                                                                                                                                                                              The image is a system image added during node creation. If the image is deleted by mistake, the workload cannot be created.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Solution
                                                                                                                                                                                              
 
                                                                                                                                                                                              1. Log in to the faulty node.
                                                                                                                                                                                              2. Decompress the cce-pause image installation package.
                                                                                                                                                                                                tar -xzvf /opt/cloud/cce/package/node-package/pause-*.tgz
                                                                                                                                                                                                
-
                                                                                                                                                                                              3. Import the image.
                                                                                                                                                                                                • Docker nodes:
                                                                                                                                                                                                  docker load -i ./pause/package/image/cce-pause-*.tar
                                                                                                                                                                                                  
-
                                                                                                                                                                                                • containerd nodes:
                                                                                                                                                                                                  ctr -n k8s.io images import --all-platforms ./pause/package/image/cce-pause-*.tar
                                                                                                                                                                                                  
+
                                                                                                                                                                                                • Import the image.
                                                                                                                                                                                                  • Nodes that use Docker:
                                                                                                                                                                                                    docker load -i ./pause/package/image/cce-pause-*.tar
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • Nodes that use containerd:
                                                                                                                                                                                                    ctr -n k8s.io images import --all-platforms ./pause/package/image/cce-pause-*.tar
                                                                                                                                                                                                    
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                • Create a workload.
                                                                                                                                                                                              
 
                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_faq_00146.html b/docs/cce/umn/cce_faq_00146.html
index 42c0fba34..005ad22ec 100644
--- a/docs/cce/umn/cce_faq_00146.html
+++ b/docs/cce/umn/cce_faq_00146.html
@@ -6,7 +6,7 @@
 
                                                                                                                                                                                                
 
                                                                                                                                                                                              • What Is the Relationship Between Clusters, VPCs, and Subnets?
                                                                                                                                                                                                
 
                                                                                                                                                                                                • 
-
                                                                                                                                                                                              • How Can I Configure a Security Group Rule in a Cluster?
                                                                                                                                                                                                
+
                                                                                                                                                                                              • How Can I Configure a Security Group Rule for a Cluster?
                                                                                                                                                                                                
 
                                                                                                                                                                                                • 
 
                                                                                                                                                                                              • How Do I Configure the IPv6 Service CIDR Block When Creating a CCE Turbo Cluster?
                                                                                                                                                                                                
 
                                                                                                                                                                                                • 
diff --git a/docs/cce/umn/cce_faq_00185.html b/docs/cce/umn/cce_faq_00185.html
index 3bc73532b..b0aac8982 100644
--- a/docs/cce/umn/cce_faq_00185.html
+++ b/docs/cce/umn/cce_faq_00185.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                                                How Do I Obtain a TLS Key Certificate?
                                                                                                                                                                                                
 
                                                                                                                                                                                                Scenario
                                                                                                                                                                                                If your ingress needs to use HTTPS, you must configure a secret of the IngressTLS or kubernetes.io/tls type when creating an ingress.
                                                                                                                                                                                                
-
                                                                                                                                                                                                The certificate file uploaded in the secret data must match the private key file. Otherwise, the certificate file becomes invalid.
                                                                                                                                                                                                
+
                                                                                                                                                                                                When creating a secret, ensure that the certificate file uploaded in the secret data must match the private key file. Otherwise, the certificate file becomes invalid.
                                                                                                                                                                                                
 
                                                                                                                                                                                                
 
                                                                                                                                                                                                Solution
                                                                                                                                                                                                Generally, you need to obtain a valid certificate from the certificate provider. If you want to use it in the test environment, you can create a certificate and private key by the performing the following steps.
                                                                                                                                                                                                
 
                                                                                                                                                                                                 
                                                                                                                                                                                                Self-created certificates apply only to test scenarios. Such certificates are invalid and will affect browser access. Manually upload a valid one to ensure secure connections.
                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00195.html b/docs/cce/umn/cce_faq_00195.html
index f69684695..1e18eca63 100644
--- a/docs/cce/umn/cce_faq_00195.html
+++ b/docs/cce/umn/cce_faq_00195.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                                                How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out?
                                                                                                                                                                                                
 
                                                                                                                                                                                                The following is an example resolv.conf file for a container in a workload:
                                                                                                                                                                                                
-
                                                                                                                                                                                                
+
                                                                                                                                                                                                
 
                                                                                                                                                                                                In the preceding information:
                                                                                                                                                                                                
 
                                                                                                                                                                                                • nameserver: IP address of the DNS. Set this parameter to the cluster IP address of CoreDNS.
                                                                                                                                                                                                • search: domain name search list, which is a common suffix of Kubernetes.
                                                                                                                                                                                                • ndots: If the number of dots (.) is less than the domain name, search is preferentially used for resolution.
                                                                                                                                                                                                • timeout: timeout interval.
                                                                                                                                                                                                • single-request-reopen: indicates that different source ports are used to send different types of requests.
                                                                                                                                                                                                
 
                                                                                                                                                                                                By default, when you create a workload on the CCE console, the preceding parameters are configured as follows:
                                                                                                                                                                                                
@@ -15,7 +15,7 @@
           - name: single-request-reopen
                                                                                                                                                                                              
 
                                                                                                                                                                                              These parameters can be optimized or modified based on service requirements.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Scenario 1: Slow External Domain Name Resolution
                                                                                                                                                                                              Optimization Solution
                                                                                                                                                                                              
-
                                                                                                                                                                                              1. If the workload does not need to access the Kubernetes Service in the cluster, see How Do I Configure a DNS Policy for a Container?.
                                                                                                                                                                                              2. If the number of dots (.) in the domain name used by the working Service to access other Kubernetes Services is less than 2, set ndots to 2.
                                                                                                                                                                                              
+
                                                                                                                                                                                              1. If the workload does not need to access the Kubernetes Service in the cluster, see How Do I Configure a DNS Policy for a Container?
                                                                                                                                                                                              2. If the number of dots (.) in the domain name used by the working Service to access other Kubernetes Services is less than 2, set ndots to 2.
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              Scenario 2: External Domain Name Resolution Timeout
                                                                                                                                                                                              Optimization Solution
                                                                                                                                                                                              
 
                                                                                                                                                                                              1. Generally, the timeout of a Service must be greater than the value of timeout multiplied by attempts.
                                                                                                                                                                                              2. If it takes more than 2s to resolve the domain name, you can set timeout to a larger value.
                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_faq_00197.html b/docs/cce/umn/cce_faq_00197.html
index 656fe24b9..a9cc3fbc0 100644
--- a/docs/cce/umn/cce_faq_00197.html
+++ b/docs/cce/umn/cce_faq_00197.html
@@ -10,13 +10,13 @@
 
                                                                                                                                                                                              Check Item 3: Whether the External Domain Name Resolution Is Slow or Times Out
                                                                                                                                                                                              If the domain name resolution failure rate is lower than 1/10000, optimize parameters by referring to How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out? or add a retry policy in the service.
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              Check Item 4: Whether UnknownHostException Occurs
                                                                                                                                                                                              When service requests in the cluster are sent to an external DNS server, a domain name resolution error occurs due to occasional UnknownHostException. UnknownHostException is a common exception. When this exception occurs, check whether there is any domain name-related error or whether you have entered a correct domain name.
                                                                                                                                                                                              
-
                                                                                                                                                                                              To locate the fault, perform the following steps:
                                                                                                                                                                                              
+
                                                                                                                                                                                              To locate the fault, perform the following operations:
                                                                                                                                                                                              
 
                                                                                                                                                                                              1. Check the host name carefully (spelling and extra spaces).
                                                                                                                                                                                              2. Check the DNS settings. Before running the application, run the ping hostname command to ensure that the DNS server has been started and running. If the host name is new, you need to wait for a period of time before the DNS server is accessed.
                                                                                                                                                                                              3. Check the CPU and memory usage of the coredns add-on to determine whether the performance bottleneck has been reached. For details, see Check Item 2: Whether the coredns Instance Reaches the Performance Limit.
                                                                                                                                                                                              4. Check whether traffic limiting is performed on the coredns add-on. If traffic limiting is triggered, the processing time of some requests may be prolonged. In this case, you need to adjust the coredns add-on specifications.
                                                                                                                                                                                                Log in to the node where the coredns add-on is installed and view the following content:
                                                                                                                                                                                                cat /sys/fs/cgroup/cpu/kubepods/pod<pod_uid>/<coredns container ID>/cpu.stat
                                                                                                                                                                                                
 
                                                                                                                                                                                                • <pod uid> indicates the pod UID of the coredns add-on, which can be obtained by running the following command:
                                                                                                                                                                                                  kubectl get po <pod name> -nkube-system -ojsonpath='{.metadata.uid}{"\n"}'
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  In the preceding command, <pod name> indicates the name of the coredns add-on running on the current node.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                • <coredns container ID> must be a complete container ID, which can be obtained by running the following command:
                                                                                                                                                                                                  Docker nodes:
                                                                                                                                                                                                  
+
                                                                                                                                                                                                • <coredns container ID> must be a complete container ID, which can be obtained by running the following command:
                                                                                                                                                                                                  Nodes that use Docker:
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  docker ps --no-trunc | grep k8s_coredns | awk '{print $1}'
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  containerd nodes:
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Nodes that use containerd:
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  crictl ps --no-trunc | grep k8s_coredns | awk '{print $1}'
                                                                                                                                                                                                  
 
                                                                                                                                                                                                
 
                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00200.html b/docs/cce/umn/cce_faq_00200.html
index 5799342f5..eca52b518 100644
--- a/docs/cce/umn/cce_faq_00200.html
+++ b/docs/cce/umn/cce_faq_00200.html
@@ -1,40 +1,79 @@
 
 
 
                                                                                                                                                                                                What Should I Do If a Storage Volume Cannot Be Mounted or the Mounting Times Out?
                                                                                                                                                                                                
-
                                                                                                                                                                                                Troubleshooting Process
                                                                                                                                                                                                The issues here are described in order of how likely they are to occur.
                                                                                                                                                                                                
-
                                                                                                                                                                                                Check these causes one by one until you find the cause of the fault.
                                                                                                                                                                                                
-
-
                                                                                                                                                                                                Figure 1 Troubleshooting for storage volume mounting failure or mounting timeout
                                                                                                                                                                                                
+
                                                                                                                                                                                                Fault Locating
                                                                                                                                                                                                
 
                                                                                                                                                                                                
-
                                                                                                                                                                                                Check Item 1: Whether EVS Volumes Are Mounted Across AZs
                                                                                                                                                                                                Symptom
                                                                                                                                                                                                
-
                                                                                                                                                                                                Mounting an EVS volume to a StatefulSet times out.
                                                                                                                                                                                                
-
                                                                                                                                                                                                Fault Locating
                                                                                                                                                                                                
-
                                                                                                                                                                                                If your node is in AZ 1 but the volume to be mounted is in AZ 2, the mounting times out and the volume cannot be mounted.
                                                                                                                                                                                                
-
                                                                                                                                                                                                Solution
                                                                                                                                                                                                
-
                                                                                                                                                                                                Create a volume in the same AZ as the node and mount the volume.
                                                                                                                                                                                                
+
                                                                                                                                                                                                Abnormal EVS Storage Volume Mounting
                                                                                                                                                                                                
+
                                                                                                                                                                                              Table 1 Pod scheduling failure
                                                                                                                                                                                              Event Information
                                                                                                                                                                                              
+
                                                                                                                                                                                              
@@ -13,14 +13,14 @@
 
-
-
@@ -33,75 +33,81 @@
 
-
-
+
+
+
                                                                                                                                                                                              Table 1 Events related to a pod scheduling failure
                                                                                                                                                                                              Event
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              Cause and Solution
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              no nodes available to schedule pods.
                                                                                                                                                                                              
 
                                                                                                                                                                                              No node is available in the cluster.
                                                                                                                                                                                              
+
                                                                                                                                                                                              There are not any available nodes in the cluster.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Check Item 1: Whether a Node Is Available in the Cluster
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              0/2 nodes are available: 2 Insufficient cpu.
                                                                                                                                                                                              
 
                                                                                                                                                                                              0/2 nodes are available: 2 Insufficient memory.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Node resources (CPU and memory) are insufficient.
                                                                                                                                                                                              
+
                                                                                                                                                                                              The resources (CPU and memory) on the node are insufficient.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Check Item 2: Whether Node Resources (CPU and Memory) Are Sufficient
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              0/2 nodes are available: 2 node(s) had volume node affinity conflict.
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              The EVS volume mounted to the pod and the node are not in the same AZ.
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check Item 4: Whether the Workload's Volume and Node Reside in the Same AZ
                                                                                                                                                                                              
+
                                                                                                                                                                                              Check Item 4: Whether the Workload's Volume and the Node Are in the Same AZ
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              0/1 nodes are available: 1 node(s) had taints that the pod didn't tolerate.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Taints exist on the node, but the pod cannot tolerate these taints.
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check Item 5: Taint Toleration of Pods
                                                                                                                                                                                              
+
                                                                                                                                                                                              There are some taints on the node, and the pod cannot tolerate these taints.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Check Item 5: Tolerations of the Pod
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              0/7 nodes are available: 7 Insufficient ephemeral-storage.
                                                                                                                                                                                              
 
                                                                                                                                                                                              The ephemeral storage space of the node is insufficient.
                                                                                                                                                                                              
+
                                                                                                                                                                                              The ephemeral storage space on the node is insufficient.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Check Item 6: Ephemeral Volume Usage
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              0/1 nodes are available: 1 everest driver not found at node
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              The everest-csi-driver on the node is not in the running state.
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check Item 7: Whether everest Works Properly
                                                                                                                                                                                              
+
                                                                                                                                                                                              Check Item 7: Whether the CCE Container Storage (Everest) Add-on Works Properly
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              Failed to create pod sandbox: ...
                                                                                                                                                                                              
 
                                                                                                                                                                                              Create more free space in thin pool or use dm.min_free_space option to change behavior
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              The node thin pool space is insufficient.
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check Item 8: Thin Pool Space
                                                                                                                                                                                              
+
                                                                                                                                                                                              Check Item 8: Whether the Thin Pool Space Is Sufficient
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              0/1 nodes are available: 1 Too many pods.
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              The number of pods scheduled to the node exceeded the maximum number allowed by the node.
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check Item 9: Number of Pods Scheduled onto the Node
                                                                                                                                                                                              
+
                                                                                                                                                                                              Check Item 9: Whether the Node Has Too Many Pods Scheduled onto It
                                                                                                                                                                                              
+
                                                                                                                                                                                              UnexpectedAdmissionError Allocate failed due to not enough cpus available to satisfy request, which is unexpected.
                                                                                                                                                                                              
+
                                                                                                                                                                                              The kubelet static CPU pinning is abnormal due to a known community issue.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Check Item 10: Whether the Static CPU Pinning of kubelet Is Abnormal
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
                                                                                                                                                                                               
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
-
                                                                                                                                                                                              Check Item 1: Whether a Node Is Available in the Cluster
                                                                                                                                                                                              Log in to the CCE console and check whether the node status is Available. Alternatively, run the following command to check whether the node status is Ready:
                                                                                                                                                                                              
+
                                                                                                                                                                                              Check Item 1: Whether a Node Is Available in the Cluster
                                                                                                                                                                                              You can log in to the CCE console and check whether the node status is Available. You can also use the following command to check whether the node status is Ready:
                                                                                                                                                                                              
 
                                                                                                                                                                                              $ kubectl get node
 NAME           STATUS   ROLES    AGE   VERSION
 192.168.0.37   Ready    <none>   21d   v1.19.10-r1.0.0-source-121-gb9675686c54267
 192.168.0.71   Ready    <none>   21d   v1.19.10-r1.0.0-source-121-gb9675686c54267
                                                                                                                                                                                              
-
                                                                                                                                                                                              If the status of all nodes is Not Ready, no node is available in the cluster.
                                                                                                                                                                                              
+
                                                                                                                                                                                              If the status of all nodes is Not Ready, it means that there are no available nodes in the cluster.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Solution
                                                                                                                                                                                              
-
+
 
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check Item 2: Whether Node Resources (CPU and Memory) Are Sufficient
                                                                                                                                                                                              0/2 nodes are available: 2 Insufficient cpu.
                                                                                                                                                                                              
-
                                                                                                                                                                                              0/2 nodes are available: 2 Insufficient memory.
                                                                                                                                                                                              
-
                                                                                                                                                                                              If the resources requested by the pod exceed the allocatable resources of the node where the pod runs, the node cannot provide the resources required to run new pods and pod scheduling onto the node will definitely fail.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Check Item 2: Whether Node Resources (CPU and Memory) Are Sufficient
                                                                                                                                                                                              0/2 nodes are available: 2 Insufficient cpu. indicates that the CPUs are insufficient.
                                                                                                                                                                                              
+
                                                                                                                                                                                              0/2 nodes are available: 2 Insufficient memory. indicates that the memory is insufficient.
                                                                                                                                                                                              
+
                                                                                                                                                                                              If the resources requested by the pod exceed the allocatable resources on the node where the pod will run, the pod scheduling onto the node will definitely fail due to insufficient node resources.
                                                                                                                                                                                              
 
                                                                                                                                                                                              
-
                                                                                                                                                                                              If the number of resources that can be allocated to a node is less than the number of resources that a pod requests, the node does not meet the resource requirements of the pod. As a result, the scheduling fails.
                                                                                                                                                                                              
+
                                                                                                                                                                                              
+
                                                                                                                                                                                              If there are fewer allocatable resources on the node than the resources that a pod requests, the pod scheduling will fail.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Solution
                                                                                                                                                                                              
-
                                                                                                                                                                                              Add nodes to the cluster. Scale-out is the common solution to insufficient resources.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Add more nodes to the cluster. Scale-out is the common solution to insufficient resources.
                                                                                                                                                                                              
 
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check Item 3: Affinity and Anti-Affinity Configuration of the Workload
                                                                                                                                                                                              Inappropriate affinity policies will cause pod scheduling to fail.
                                                                                                                                                                                              
-
                                                                                                                                                                                              Example:
                                                                                                                                                                                              
-
                                                                                                                                                                                              An anti-affinity relationship is established between workload 1 and workload 2. Workload 1 is deployed on node 1 while workload 2 is deployed on node 2.
                                                                                                                                                                                              
-
                                                                                                                                                                                              When you try to deploy workload 3 on node 1 and establish an affinity relationship with workload 2, a conflict occurs, resulting in a workload deployment failure.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Check Item 3: Affinity and Anti-Affinity Configuration of the Workload
                                                                                                                                                                                              Inappropriate affinity policies will cause the pod scheduling to fail.
                                                                                                                                                                                              
+
                                                                                                                                                                                              For example, an anti-affinity policy is configured for workload 1 and workload 2. They run on node 1 and node 2, respectively.
                                                                                                                                                                                              
+
                                                                                                                                                                                              If you try to configure an affinity policy for workload 3 and workload 2 and then deploy workload 3 on a node different from one hosting workload 2, such as node 1, it will cause a conflict and lead to the workload deployment failure.
                                                                                                                                                                                              
 
                                                                                                                                                                                              0/2 nodes are available: 1 node(s) didn't match node selector, 1 node(s) didn't match pod affinity rules, 1 node(s) didn't match pod affinity/anti-affinity.
                                                                                                                                                                                              
-
                                                                                                                                                                                              • node selector indicates that the node affinity is not met.
                                                                                                                                                                                              • pod affinity rules indicate that the pod affinity is not met.
                                                                                                                                                                                              • pod affinity/anti-affinity indicates that the pod affinity/anti-affinity is not met.
                                                                                                                                                                                              
+
                                                                                                                                                                                              • node selector indicates that the node affinity is not met.
                                                                                                                                                                                              • pod affinity rules indicate that the pod affinity is not met.
                                                                                                                                                                                              • pod affinity/anti-affinity indicates that the pod affinity and anti-affinity are not met.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Solution
                                                                                                                                                                                              
-
                                                                                                                                                                                              • When adding workload-workload affinity and workload-node affinity policies, ensure that the two types of policies do not with conflict each other. Otherwise, workload deployment will fail.
                                                                                                                                                                                              • If the workload has a node affinity policy, make sure that supportContainer in the label of the affinity node is set to true. Otherwise, pods cannot be scheduled onto the affinity node and the following event is generated:
                                                                                                                                                                                                No nodes are available that match all of the following predicates: MatchNode Selector, NodeNotSupportsContainer
                                                                                                                                                                                                
-
                                                                                                                                                                                                If the value is false, the scheduling fails.
                                                                                                                                                                                                
+
                                                                                                                                                                                                • When configuring workload-workload affinity and workload-node affinity policies, ensure that these policies do not conflict with each other, or the workload deployment will fail.
                                                                                                                                                                                                • For a workload that has a node affinity policy configured, you need to make sure that supportContainer in the label of the affinity node is set to true. Otherwise, pods cannot be scheduled onto the node and the following event is generated:
                                                                                                                                                                                                  No nodes are available that match all of the following predicates: MatchNode Selector, NodeNotSupportsContainer
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  If the value is false, the pod scheduling will fail.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                
 
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check Item 4: Whether the Workload's Volume and Node Reside in the Same AZ
                                                                                                                                                                                              0/2 nodes are available: 2 node(s) had volume node affinity conflict. An affinity conflict occurs between volumes and nodes. As a result, the scheduling fails.
                                                                                                                                                                                              
-
                                                                                                                                                                                              This is because EVS disks cannot be attached to nodes across AZs. For example, if the EVS volume is located in AZ 1 and the node is located in AZ 2, scheduling fails.
                                                                                                                                                                                              
-
                                                                                                                                                                                              The EVS volume created on CCE has affinity settings by default, as shown below.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Check Item 4: Whether the Workload's Volume and the Node Are in the Same AZ
                                                                                                                                                                                              0/2 nodes are available: 2 node(s) had volume node affinity conflict. indicates that an affinity conflict occurs between the volume mounted to the pod and the host node. As a result, the pod scheduling fails.
                                                                                                                                                                                              
+
                                                                                                                                                                                              This is because EVS disks cannot be attached to nodes in different AZs from the EVS disks. For example, a workload pod with an EVS volume that is in AZ 1 cannot be scheduled to a node in AZ 2.
                                                                                                                                                                                              
+
                                                                                                                                                                                              The EVS volumes created on CCE have affinity settings by default, as shown below.
                                                                                                                                                                                              
 
                                                                                                                                                                                              kind: PersistentVolume
 apiVersion: v1
 metadata:
@@ -119,15 +125,15 @@ spec:
 
                                                                                                                                                                                              Solution
                                                                                                                                                                                              
 
                                                                                                                                                                                              In the AZ where the workload's node resides, create a volume. Alternatively, create an identical workload and select an automatically assigned cloud storage volume.
                                                                                                                                                                                              
 
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check Item 5: Taint Toleration of Pods
                                                                                                                                                                                              0/1 nodes are available: 1 node(s) had taints that the pod didn't tolerate. This means the node is tainted and the pod cannot be scheduled to the node.
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check the taints on the node. If the following information is displayed, taints exist on the node:
                                                                                                                                                                                              
+
                                                                                                                                                                                              Check Item 5: Tolerations of the Pod
                                                                                                                                                                                              0/1 nodes are available: 1 node(s) had taints that the pod didn't tolerate. indicates that there are some taints on the node, and the pod cannot tolerate these taints.
                                                                                                                                                                                              
+
                                                                                                                                                                                              In this case, you can check the taints on the node. If information similar to the following is displayed, there are some taints on the node:
                                                                                                                                                                                              
 
                                                                                                                                                                                              $ kubectl describe node 192.168.0.37
 Name:               192.168.0.37
 ...
 Taints:             key1=value1:NoSchedule
 ...
                                                                                                                                                                                              
-
                                                                                                                                                                                              In some cases, the system automatically adds a taint to a node. The current built-in taints include:
                                                                                                                                                                                              
-
                                                                                                                                                                                              • node.kubernetes.io/not-ready: The node is not ready.
                                                                                                                                                                                              • node.kubernetes.io/unreachable: The node controller cannot access the node.
                                                                                                                                                                                              • node.kubernetes.io/memory-pressure: The node has memory pressure.
                                                                                                                                                                                              • node.kubernetes.io/disk-pressure: The node has disk pressure. Follow the instructions described in Check Item 4: Whether the Node Disk Space Is Insufficient to handle it.
                                                                                                                                                                                              • node.kubernetes.io/pid-pressure: The node is under PID pressure. 
                                                                                                                                                                                              • node.kubernetes.io/network-unavailable: The node network is unavailable.
                                                                                                                                                                                              • node.kubernetes.io/unschedulable: The node cannot be scheduled.
                                                                                                                                                                                              • node.cloudprovider.kubernetes.io/uninitialized: If an external cloud platform driver is specified when kubelet is started, kubelet adds a taint to the current node and marks it as unavailable. After cloud-controller-manager initializes the node, kubelet deletes the taint.
                                                                                                                                                                                              
+
                                                                                                                                                                                              In some cases, the system automatically adds a taint to a node. The built-in taints include:
                                                                                                                                                                                              
+
                                                                                                                                                                                              • node.kubernetes.io/not-ready: The node is not ready.
                                                                                                                                                                                              • node.kubernetes.io/unreachable: The node controller cannot access the node.
                                                                                                                                                                                              • node.kubernetes.io/memory-pressure: The node is under memory pressure.
                                                                                                                                                                                              • node.kubernetes.io/disk-pressure: The node is under disk pressure. In this case, follow the instructions described in Check Item 4: Whether the Node Disk Space Is Insufficient to handle it.
                                                                                                                                                                                              • node.kubernetes.io/pid-pressure: The node is under PID pressure. 
                                                                                                                                                                                              • node.kubernetes.io/network-unavailable: The node network is unavailable.
                                                                                                                                                                                              • node.kubernetes.io/unschedulable: The node is unschedulable.
                                                                                                                                                                                              • node.cloudprovider.kubernetes.io/uninitialized: When kubelet is started with an external cloud platform driver specified, it adds a taint to the node, marking it as unavailable. After cloud-controller-manager initializes the node, kubelet deletes the taint.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Solution
                                                                                                                                                                                              
 
                                                                                                                                                                                              To schedule the pod to the node, use either of the following methods:
                                                                                                                                                                                              
 
                                                                                                                                                                                              • If the taint is added by a user, you can delete the taint on the node. If the taint is automatically added by the system, the taint will be automatically deleted after the fault is rectified.
                                                                                                                                                                                              • Specify a toleration for the pod containing the taint. For details, see Taints and Tolerations.
                                                                                                                                                                                                apiVersion: v1
@@ -145,8 +151,8 @@ spec:
     effect: "NoSchedule" 
                                                                                                                                                                                                
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check Item 6: Ephemeral Volume Usage
                                                                                                                                                                                              0/7 nodes are available: 7 Insufficient ephemeral-storage. This means insufficient ephemeral storage of the node.
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check whether the size of the ephemeral volume in the pod is limited. If the size of the ephemeral volume required by the application exceeds the existing capacity of the node, the application cannot be scheduled. To solve this problem, change the size of the ephemeral volume or expand the disk capacity of the node.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Check Item 6: Ephemeral Volume Usage
                                                                                                                                                                                              0/7 nodes are available: 7 Insufficient ephemeral-storage. indicates that there are not enough ephemeral storage space on the node.
                                                                                                                                                                                              
+
                                                                                                                                                                                              In this case, you can check whether the space of the ephemeral volume is limited by the pod. If the ephemeral volume space required by the application exceeds the existing capacity on the node, the application cannot be scheduled to that node. To solve this problem, change the space of the ephemeral volume or expand the disk capacity on the node.
                                                                                                                                                                                              
 
                                                                                                                                                                                              apiVersion: v1
 kind: Pod
 metadata:
@@ -167,7 +173,7 @@ spec:
     - name: ephemeral
       emptyDir: {}
                                                                                                                                                                                              
 
                                                                                                                                                                                              
-
                                                                                                                                                                                              To obtain the total capacity (Capacity) and available capacity (Allocatable) of the temporary volume mounted to the node, run the kubectl describe node command, and view the application value and limit value of the temporary volume mounted to the node.
                                                                                                                                                                                              
+
                                                                                                                                                                                              To obtain the total capacity (Capacity) and available capacity (Allocatable) of the temporary volumes on the node, run the kubectl describe node command and check the memory request and limit of the allocated temporary volume on the node.
                                                                                                                                                                                              
 
                                                                                                                                                                                              The following is an example of the output:
                                                                                                                                                                                              
 
                                                                                                                                                                                              ...
 Capacity:
@@ -201,31 +207,31 @@ Allocated resources:
   localssd           0             0
   localvolume        0             0
 Events:              <none>
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check Item 7: Whether everest Works Properly
                                                                                                                                                                                              0/1 nodes are available: 1 everest driver not found at node. This means the everest-csi-driver of everest is not started properly on the node.
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check the daemon named everest-csi-driver in the kube-system namespace and check whether the pod is started properly. If not, delete the pod. The daemon will restart the pod.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Check Item 7: Whether the CCE Container Storage (Everest) Add-on Works Properly
                                                                                                                                                                                              0/1 nodes are available: 1 everest driver not found at node. indicates that everest-csi-driver of CCE Container Storage (Everest) is not started properly on the node.
                                                                                                                                                                                              
+
                                                                                                                                                                                              In this case, you can check the daemon named everest-csi-driver in the kube-system namespace and check whether the pod is started properly. If it is not, delete the pod. The daemon will restart another pod.
                                                                                                                                                                                              
 
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check Item 8: Thin Pool Space
                                                                                                                                                                                              A data disk dedicated for kubelet and the container engine will be attached to a new node. If the data disk space is insufficient, the pod cannot be created.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Check Item 8: Whether the Thin Pool Space Is Sufficient
                                                                                                                                                                                              A data disk dedicated for kubelet and the container engine will be attached to a new node. If the data disk space is insufficient, the pod cannot be created on the node.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Solution 1: Clearing images
                                                                                                                                                                                              
 
                                                                                                                                                                                              Perform the following operations to clear unused images:
                                                                                                                                                                                              • Nodes that use containerd
                                                                                                                                                                                                1. Obtain local images on the node.
                                                                                                                                                                                                  crictl images -v
                                                                                                                                                                                                  
-
                                                                                                                                                                                                2. Delete the images that are not required by image ID.
                                                                                                                                                                                                  crictl rmi Image ID
                                                                                                                                                                                                  
+
                                                                                                                                                                                                3. Delete the unnecessary images by image ID.
                                                                                                                                                                                                  crictl rmi {Image ID}
                                                                                                                                                                                                  
 
                                                                                                                                                                                                
 
                                                                                                                                                                                              • Nodes that use Docker
                                                                                                                                                                                                1. Obtain local images on the node.
                                                                                                                                                                                                  docker images
                                                                                                                                                                                                  
-
                                                                                                                                                                                                2. Delete the images that are not required by image ID.
                                                                                                                                                                                                  docker rmi Image ID
                                                                                                                                                                                                  
+
                                                                                                                                                                                                3. Delete the unnecessary images by image ID.
                                                                                                                                                                                                  docker rmi {}Image ID}
                                                                                                                                                                                                  
 
                                                                                                                                                                                                
 
                                                                                                                                                                                              
-
                                                                                                                                                                                               
                                                                                                                                                                                              Do not delete system images such as the cce-pause image. Otherwise, pods may fail to be created.
                                                                                                                                                                                              
+
                                                                                                                                                                                               
                                                                                                                                                                                              Do not delete system images such as the cce-pause image. Otherwise, the pod creation may fail.
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              Solution 2: Expanding the disk capacity
                                                                                                                                                                                              
-
                                                                                                                                                                                              To expand a disk capacity, perform the following steps:
                                                                                                                                                                                              
-
                                                                                                                                                                                              1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                                                Only the storage capacity of the EVS disk is expanded. You also need to perform the following steps to expand the capacity of the logical volume and file system.
                                                                                                                                                                                                
-
                                                                                                                                                                                              2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                              3. Log in to the target node.
                                                                                                                                                                                              4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                                A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                                
+
                                                                                                                                                                                                To expand a disk capacity, perform the following operations:
                                                                                                                                                                                                
+
                                                                                                                                                                                                1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                                                  Only the storage capacity of EVS disks can be expanded. You need to perform the following operations to expand the capacity of logical volumes and file systems.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                2. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Nodes. In the right pane, click the Nodes tab, locate the row containing the target node, and choose More > Sync Server Data in the Operation column.
                                                                                                                                                                                                3. Log in to the target node.
                                                                                                                                                                                                4. Run lsblk to view the block device information of the node.
                                                                                                                                                                                                  A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  1. Check the disk and partition sizes of the device.
                                                                                                                                                                                                    # lsblk
+
                                                                                                                                                                                                    1. Check the disk and partition space of the device.
                                                                                                                                                                                                      # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 sda                   8:0    0   50G  0 disk 
 └─sda1                8:1    0   50G  0 part /
-sdb                   8:16   0  150G  0 disk      # The data disk has been expanded to 150 GiB, but 50 GiB space is not allocated.
+sdb                   8:16   0  150G  0 disk      # The data disk has been expanded to 150 GiB, but 50 GiB space is free.
 ├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd
 └─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    2. Expand the disk capacity.
                                                                                                                                                                                                      Add the new disk capacity to the dockersys logical volume used by the container engine.
                                                                                                                                                                                                      
@@ -243,7 +249,7 @@ Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                                    
 old_desc_blocks = 12, new_desc_blocks = 18
 The filesystem on /dev/vgpaas/dockersys is now 36700160 blocks long.
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                5. Check whether the capacity is expanded.
                                                                                                                                                                                                  # lsblk
+
                                                                                                                                                                                                6. Check whether the capacity has been expanded.
                                                                                                                                                                                                  # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 sda                   8:0    0   50G  0 disk 
 └─sda1                8:1    0   50G  0 part /
@@ -251,22 +257,22 @@ sda                   8:0    0   50G  0 disk
 ├─vgpaas-dockersys  253:0    0   140G  0 lvm  /var/lib/containerd
 └─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                  
 
                                                                                                                                                                                                
-
                                                                                                                                                                                                Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                                
-
                                                                                                                                                                                                1. Check the disk and partition sizes of the device.
                                                                                                                                                                                                  # lsblk
+
                                                                                                                                                                                                  Device Mapper: A thin pool is allocated to store image data.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  1. Check the disk and partition space of the device.
                                                                                                                                                                                                    # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
 vdb                                   8:16   0  200G  0 disk 
 ├─vgpaas-dockersys                  253:0    0   18G  0 lvm  /var/lib/docker    
 ├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
-│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm                   # Space used by thinpool
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm                   # Space used by thin pool
 │   ...
 ├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
 │ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
 │   ...
 └─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                    
-
                                                                                                                                                                                                  2. Expand the disk capacity.
                                                                                                                                                                                                    Option 1: Add the new disk capacity to the thin pool disk.
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where thinpool is located.
                                                                                                                                                                                                      pvresize /dev/vdb
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    2. Expand the disk capacity.
                                                                                                                                                                                                      Option 1: Add the new disk capacity to the thin pool.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where thin pool is located.
                                                                                                                                                                                                        pvresize /dev/vdb
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Physical volume "/dev/vdb" changed
 1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                                        
@@ -274,7 +280,7 @@ vda                                   8:0    0   50G  0 disk
 
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Size of logical volume vgpaas/thinpool changed from <67.00 GiB (23039 extents) to <167.00 GiB (48639 extents).
 Logical volume vgpaas/thinpool successfully resized.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      2. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                                      3. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the thin pool, the capacity is expanded.
                                                                                                                                                                                                        # lsblk
+
                                                                                                                                                                                                      4. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                                      5. Run the lsblk command to check the disk and partition space of the device and check whether the capacity has been expanded. If the new disk capacity was added to the thin pool, the capacity has been expanded.
                                                                                                                                                                                                        # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
@@ -302,7 +308,7 @@ Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/docker; on-line resizing required
 old_desc_blocks = 3, new_desc_blocks = 15
 The filesystem on /dev/vgpaas/dockersys is now 30932992 blocks long.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      6. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the dockersys, the capacity is expanded.
                                                                                                                                                                                                        # lsblk
+
                                                                                                                                                                                                      7. Run the lsblk command to check the disk and partition space of the device and check whether the capacity has been expanded. If the new disk capacity was added to the dockersys, the capacity has been expanded.
                                                                                                                                                                                                        # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
@@ -319,11 +325,19 @@ vda                                   8:0    0   50G  0 disk
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Check Item 9: Number of Pods Scheduled onto the Node
                                                                                                                                                                                                    0/1 nodes are available: 1 Too many pods. indicates excessive number of pods have been scheduled to the node.
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    When creating a node, configure Max. Pods in Advanced Settings to specify the maximum number of pods that can run properly on the node. The default value varies with the node flavor. You can change the value as needed.
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    On the Nodes page, obtain the Pods (Allocated/Total) value of the node, and check whether the number of pods scheduled onto the node has reached the upper limit. If so, add nodes or change the maximum number of pods.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Check Item 9: Whether the Node Has Too Many Pods Scheduled onto It
                                                                                                                                                                                                    0/1 nodes are available: 1 Too many pods. indicates excessive number of pods have been scheduled to the node.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    When creating a node, configure Max. Pods in the Advanced Settings area to specify the maximum number of pods that can run properly on the node. The default value varies with the node flavor. You can change the value as needed.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    On the Nodes page, obtain the Pods (Allocated/Total Available Addresses/Total) value of the node, and check whether the number of pods scheduled onto the node has reached the upper limit. If so, add nodes or change the maximum number of pods.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    To change the maximum number of pods that can run on a node, do as follows:
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    • For nodes in the default node pool: Change the Max. Pods value when resetting the node.
                                                                                                                                                                                                    • For nodes in a customized node pool: Change the value of the node pool parameter max-pods. 
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    • For nodes in the default node pool: Change the Max. Pods value when resetting the node.
                                                                                                                                                                                                    • For nodes in a custom node pool: Change the value of the node pool parameter max-pods. 
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Check Item 10: Whether the Static CPU Pinning of kubelet Is Abnormal
                                                                                                                                                                                                    If a pod has an init container with a CPU request that is different from the main container settings, and it is assigned a Guaranteed QoS class while the kubelet uses static CPU pinning, the pod scheduling could fail, resulting in the error UnexpectedAdmissionError.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Community-related issue: https://github.com/kubernetes/kubernetes/issues/112228
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Solution
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Set the CPU request of the init container to a decimal value that matches the CPU limit and avoid using CPU pinning.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    For example: the main container: {"limits":{"cpu":"7","memory":"60G"},"requests":{"cpu":"7","memory":"60G"}}; the init container: {"limits":{"cpu":"6.9","memory":"60G"},"requests":{"cpu":"6.9","memory":"60G"}}
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_faq_00106.html b/docs/cce/umn/cce_faq_00106.html
index cad0145d9..1dc854bde 100644
--- a/docs/cce/umn/cce_faq_00106.html
+++ b/docs/cce/umn/cce_faq_00106.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                                                    What Should I Do If Error Message "Auth is empty" Is Displayed When a Private Image Is Pulled?
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Problem Description
                                                                                                                                                                                                    When you replace the image of a container in a created workload and use an uploaded image on the CCE console, an error message "Auth is empty, only accept X-Auth-Token or Authorization" is displayed when the uploaded image is pulled.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Symptom
                                                                                                                                                                                                    When you replace the image of a container in a created workload and use an uploaded image on the CCE console, an error message "Auth is empty, only accept X-Auth-Token or Authorization" is displayed when the uploaded image is pulled.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Failed to pull image "IP address:Port number /magicdoom/tidb-operator:latest": rpc error: code = Unknown desc = Error response from daemon: Get https://IP address:Port number /v2/magicdoom/tidb-operator/manifests/latest: error parsing HTTP 400 response body: json: cannot unmarshal number into Go struct field Error.code of type errcode.ErrorCode: "{\"errors\":[{\"code\":400,\"message\":\"Auth is empty, only accept X-Auth-Token or Authorization.\"}]}"
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Solution
                                                                                                                                                                                                    You can select a private image to create an application on the CCE console. In this case, CCE automatically carries the secret. This problem will not occur during the upgrade.
                                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_faq_00107.html b/docs/cce/umn/cce_faq_00107.html
index f1cdaa164..360837936 100644
--- a/docs/cce/umn/cce_faq_00107.html
+++ b/docs/cce/umn/cce_faq_00107.html
@@ -8,9 +8,9 @@
 
                                                                                                                                                                                                    Solution
                                                                                                                                                                                                    According to the resolution rules of private domain names, the subnet DNS in the VPC must be set to the cloud DNS. You can find the details of the private network DNS service on its console.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    The customer can perform domain name resolution on the ECSs in the VPC subnet, which indicates that the preceding configuration has been completed in the subnet.
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    However, when the domain name resolution is performed in a container, the message "bad address" is displayed, indicating that the domain name cannot be resolved.
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Log in to the CCE console and check the add-ons installed in the cluster.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    If you find that the coredns add-on does not exist in Add-ons Installed, the coredns add-on may have been incorrectly uninstalled.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Install it and add the corresponding domain name and DNS service address to resolve the domain name.
                                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_faq_00109.html b/docs/cce/umn/cce_faq_00109.html
index 545f47ceb..a4b4a071f 100644
--- a/docs/cce/umn/cce_faq_00109.html
+++ b/docs/cce/umn/cce_faq_00109.html
@@ -1,11 +1,11 @@
 
 
-
                                                                                                                                                                                                    What Should I Do If an Error Occurs When I Deploy a Service on the GPU Node?
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    What Should I Do If an Error Occurs When I Deploy a Service on a GPU Node?
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Symptom
                                                                                                                                                                                                    The following exceptions occur when services are deployed on the GPU nodes in a CCE cluster:
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    1. The GPU memory of containers cannot be queried.
                                                                                                                                                                                                    2. Seven GPU services are deployed, but only two of them can be accessed properly. Errors are reported during the startup of the remaining five services.
                                                                                                                                                                                                      • The CUDA versions of the two services that can be accessed properly are 10.1 and 10.0, respectively.
                                                                                                                                                                                                      • The CUDA versions of the failing services are also 10.0 and 10.1.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. The GPU memory of containers cannot be obtained.
                                                                                                                                                                                                      2. Seven GPU services are deployed, but only two of them can be accessed properly. Errors are reported during the startup of the remaining five services.
                                                                                                                                                                                                        • The CUDA versions of the two services that can be accessed properly are 10.1 and 10.0, respectively.
                                                                                                                                                                                                        • The CUDA versions of the failing services are also 10.0 and 10.1.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      3. Files named core.* are found in the GPU service containers. No such files existed in any of the previous deployments.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Fault Locating
                                                                                                                                                                                                    1. The driver version of the gpu add-on is too old. After a new driver is downloaded and installed, the fault is rectified.
                                                                                                                                                                                                    2. The workloads do not declare that GPU resources are required.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Fault Locating
                                                                                                                                                                                                    1. The CCE AI Suite (NVIDIA GPU) add-on has an outdated driver version. After a new driver is downloaded and installed, the fault is rectified.
                                                                                                                                                                                                    2. You did not specify the requirement for GPUs in workloads.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Suggested Solution
                                                                                                                                                                                                    After you install gpu-beta (gpu-device-plugin) on a node, nvidia-smi will be automatically installed. If an error is reported during GPU deployment, this issue is typically caused by an NVIDIA driver installation failure. Check whether the NVIDIA driver has been downloaded.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    • GPU node:
                                                                                                                                                                                                      # If the add-on version is earlier than 2.0.0, run the following command:
diff --git a/docs/cce/umn/cce_faq_00111.html b/docs/cce/umn/cce_faq_00111.html
index da17ceffa..74ca0bd02 100644
--- a/docs/cce/umn/cce_faq_00111.html
+++ b/docs/cce/umn/cce_faq_00111.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                                      Overview
                                                                                                                                                                                                      This section describes how to locate and rectify the fault if you fail to create a CCE cluster.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Details
                                                                                                                                                                                                      Possible causes:
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      1. The Network Time Protocol daemon (ntpd) is not installed or fails to be installed, Kubernetes components fail to pass the pre-verification, or the disk partition is incorrect. The current solution is to create a cluster again. For details about how to locate the fault, see Locating the Failure Cause.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. The Network Time Protocol daemon (ntpd) is not installed or fails to be installed, Kubernetes components fail to pass the pre-verification, or the disk partition is incorrect. The current solution is to create a cluster again. For details about how to locate the fault, see Locating the Failure Cause.
                                                                                                                                                                                                      2. The cluster does not have sufficient underlying resources. You can create a new cluster with the appropriate type and scale.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Locating the Failure Cause
                                                                                                                                                                                                      View the cluster logs to identify the cause and rectify the fault.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      1. Log in to the CCE console and click Operation Records above the cluster list to view operation records.
                                                                                                                                                                                                      2. Click the record of the Failed status to view error information.
                                                                                                                                                                                                      3. Rectify the fault based on the error information and create a cluster again.
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00120.html b/docs/cce/umn/cce_faq_00120.html
index e05ad579c..db84e206f 100644
--- a/docs/cce/umn/cce_faq_00120.html
+++ b/docs/cce/umn/cce_faq_00120.html
@@ -1,46 +1,46 @@
 
 
-
                                                                                                                                                                                                      What Should I Do If a Cluster Is Available But Some Nodes Are Unavailable?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      If the cluster status is available but some nodes in the cluster are unavailable, perform the following operations to rectify the fault.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Mechanism for Detecting Node Unavailability
                                                                                                                                                                                                      Kubernetes provides the heartbeat mechanism to help you determine node availability. For details about the mechanism and interval, see Heartbeats.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      What Should I Do If a Cluster Is Available But Some Nodes in It Are Unavailable?
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      If you encountered a fault that a cluster is available but some nodes in it are unavailable, you can rectify this fault by referring to the methods provided in this section.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Mechanism for Detecting Node Unavailability
                                                                                                                                                                                                      Kubernetes provides heartbeats to help you detect whether a node is available. For details about the mechanism and detection interval, see Heartbeats.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Troubleshooting Process
                                                                                                                                                                                                      The issues here are described in order of how likely they are to occur.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Fault Locating
                                                                                                                                                                                                      The issues here are described in order of how likely they are to occur.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check these causes one by one until you find the cause of the fault.
                                                                                                                                                                                                      
-
+
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check Item 1: Whether the Node Is Overloaded
                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      The node connection in the cluster is abnormal. Multiple nodes report write errors, but services are not affected.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Fault Locating
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Nodes and click the Nodes tab. Locate the row that contains the unavailable node and click Monitor.
                                                                                                                                                                                                      2. On the top of the displayed page, click View More to go to the AOM console and view historical monitoring records.
                                                                                                                                                                                                        A too high CPU or memory usage of the node will result in a high network latency or trigger system OOM. Therefore, the node is displayed as unavailable.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Fault locating
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Nodes. In the right pane, click the Nodes tab, locate the row containing the unavailable node, and click Monitor.
                                                                                                                                                                                                        2. On the top of the displayed page, click View More to go to the AOM console and view historical monitoring records.
                                                                                                                                                                                                          A too high CPU or memory usage on the node will result in a high network latency or trigger a system OOM, so the node is displayed as unavailable.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Solution
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        1. Migrate services to reduce the workloads on the node and configure resource limits for the workloads.
                                                                                                                                                                                                        2. Clear data on the CCE nodes in the cluster.
                                                                                                                                                                                                        3. Limit the CPU and memory quotas of each container.
                                                                                                                                                                                                        4. Add more nodes to the cluster.
                                                                                                                                                                                                        5. Restart the node on the ECS console.
                                                                                                                                                                                                        6. Add nodes to deploy memory-intensive containers separately.
                                                                                                                                                                                                        7. Reset the nodes.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Reduce the number of workloads on the node by migrating the services to other nodes and configure resource limits for the workloads.
                                                                                                                                                                                                        2. Clear data on the CCE nodes in the cluster.
                                                                                                                                                                                                        3. Limit the CPU and memory quotas of each container.
                                                                                                                                                                                                        4. Add more nodes to the cluster.
                                                                                                                                                                                                        5. Restart the node on the ECS console.
                                                                                                                                                                                                        6. Add more nodes and deploy memory-intensive containers separately.
                                                                                                                                                                                                        7. Reset the nodes.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        After the nodes become available, the workload is restored.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check Item 2: Whether the ECS Is Deleted or Faulty
                                                                                                                                                                                                      1. Check whether the cluster is available.
                                                                                                                                                                                                        Log in to the CCE console and check whether the cluster is available.
                                                                                                                                                                                                        
 
-
                                                                                                                                                                                                      2. Log in to the ECS console and view the ECS status.
                                                                                                                                                                                                        • If the ECS status is Deleted, go back to the CCE console, delete the corresponding node from the node list of the cluster, and then create another one.
                                                                                                                                                                                                        • If the ECS status is Stopped or Frozen, restore the ECS first. It takes about 3 minutes to restore the ECS.
                                                                                                                                                                                                        • If the ECS is Faulty, restart the ECS to rectify the fault.
                                                                                                                                                                                                        • If the ECS status is Running, log in to the ECS to locate the fault according to Check Item 7: Whether Internal Components Are Normal.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      3. Log in to the ECS console and view the ECS status.
                                                                                                                                                                                                        • If the ECS status is Deleted, go back to the CCE console, delete the corresponding node from the node list, and create another one.
                                                                                                                                                                                                        • If the ECS status is Stopped or Frozen, restore the ECS first. It takes about 3 minutes to restore the ECS.
                                                                                                                                                                                                        • If the ECS is Faulty, restart the ECS to rectify the fault.
                                                                                                                                                                                                        • If the ECS status is Running, log in to the ECS and locate the fault by referring to Check Item 7: Whether Internal Components Are Normal.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Check Item 3: Whether You Can Log In to the ECS
                                                                                                                                                                                                      1. Log in to the ECS console.
                                                                                                                                                                                                      2. Check whether the node name displayed on the page is the same as that on the VM and whether the password or key can be used to log in to the node.
                                                                                                                                                                                                        If the node names are inconsistent and the password and key cannot be used to log in to the node, Cloud-Init problems occurred when an ECS was created. In this case, restart the node and submit a service ticket to the ECS personnel to locate the root cause.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Check Item 3: Whether the ECS Can Be Logged In To 
                                                                                                                                                                                                        1. Log in to the ECS console.
                                                                                                                                                                                                        2. Check whether the node name displayed is the same as that on the VM and whether the password or key can be used to log in to the node.
                                                                                                                                                                                                          If the node names are inconsistent and the node cannot be logged in to using the password or key, it means that a Cloud-Init problem occurred when the ECS was created. In this case, restart the node and submit a service ticket to the ECS personnel to locate the root cause.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Check Item 4: Whether the Security Group Is Modified
                                                                                                                                                                                                        Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups and locate the security group of the cluster master node.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        The name of this security group is in the format of Cluster name-cce-control-ID. You can search for the security group by cluster name and -cce-control-.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Check whether the security group rules have been modified. For details about security groups, see How Can I Configure a Security Group Rule in a Cluster?
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Check Item 4: Whether the Security Group Has Been Changed
                                                                                                                                                                                                        Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups and locate the security group of the cluster master node.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        The name of this security group is in the format of {Cluster name}-cce-control-{ID}. You can search for the security group by cluster name and then -cce-control-.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Check whether the security group rules have been changed. For details about security groups, see How Can I Configure a Security Group Rule for a Cluster?
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Check Item 5: Whether the Security Group Rules Contain the Security Group Policy for the Communication Between the Master Node and the Worker Node
                                                                                                                                                                                                        Check whether such a security group policy exists.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        When a node is added to an existing cluster, if an extended CIDR block is added to the VPC corresponding to the subnet and the subnet is an extended CIDR block, you need to add the following three security group rules to the master node security group (the group name is in the format of Cluster name-cce-control-Random number). These rules ensure that the nodes added to the cluster are available. (This step is not required if an extended CIDR block has been added to the VPC during cluster creation.)
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        For details about security groups, see How Can I Configure a Security Group Rule in a Cluster?
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Check Item 5: Whether the Security Group Rules Contain the One That Allows the Communication Between the Master Nodes and the Worker Nodes
                                                                                                                                                                                                        Check whether such a security group rule exists.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        When a node is added to an existing cluster, if an extended CIDR block is added to the subnet's VPC and the subnet is an extended CIDR block, you need to add the security group rules shown in the below figure to the master node security group, with the name following the format of Cluster name-cce-control-Random number. These rules ensure that the nodes added to the cluster are available. (This step is not required if an extended CIDR block has been added to the VPC during cluster creation.)
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        For details about security groups, see How Can I Configure a Security Group Rule for a Cluster?
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Check Item 6: Whether the Disk Is Abnormal
                                                                                                                                                                                                        A 100-GiB data disk dedicated for Docker is attached to the new node. If the data disk is uninstalled or damaged, the Docker service becomes abnormal and the node becomes unavailable.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Click the node name to check whether the data disk mounted to the node is uninstalled. If the disk is uninstalled, mount a data disk to the node again and restart the node. Then the node can be recovered.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Check Item 6: Whether the Disk Is Abnormal
                                                                                                                                                                                                        Each new node is equipped with a 100-GiB data disk dedicated for Docker. If this data disk is removed or damaged, the Docker service will be disrupted and the node will become unavailable.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Click the node name and check whether the data disk attached to the node has been removed. If the disk has been detached from the node, you need to attach another data disk to the node and restart the node. Then the node can be restored.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Check Item 7: Whether Internal Components Are Normal
                                                                                                                                                                                                        1. Log in to the ECS where the unavailable node is located. 
                                                                                                                                                                                                        2. Run the following command to check whether the PaaS components are normal:
                                                                                                                                                                                                          systemctl status kubelet
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          If the command is successfully executed, the status of each component is displayed as active, as shown in the following figure.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          If the component status is not active, run the following commands (using the faulty component canal as an example):
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 7: Whether Internal Components Are Normal
                                                                                                                                                                                                          1. Log in to the ECS of the unavailable node.
                                                                                                                                                                                                          2. Run the following command to check whether the PaaS components are normal:
                                                                                                                                                                                                            systemctl status kubelet
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            If the command is successfully executed, the status of each component is displayed as active.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            If the component status is not active, do as follows: (The faulty component canal is taken as an example):
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Run systemctl restart canal to restart the component.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            After restarting the component, run systemctl status canal to check the status.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          3. If the restart command fails to be run, run the following command to check the running status of the monitrc process:
                                                                                                                                                                                                            ps -ef | grep monitrc
                                                                                                                                                                                                            
@@ -48,20 +48,20 @@
 
                                                                                                                                                                                                            kill -s 9  `ps -ef | grep monitrc | grep -v grep | awk '{print $2}'`
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Check Item 8: Whether the DNS Address Is Correct
                                                                                                                                                                                                          1. After logging in to the node, check whether any domain name resolution failure is recorded in the /var/log/cloud-init-output.log file.
                                                                                                                                                                                                            cat /var/log/cloud-init-output.log | grep resolv
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            If the command output contains the following information, the domain name cannot be resolved:
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Check Item 8: Whether the DNS Address Is Properly Configured
                                                                                                                                                                                                            1. Log in to the node and check whether any domain name resolution failure is recorded in the /var/log/cloud-init-output.log file.
                                                                                                                                                                                                              cat /var/log/cloud-init-output.log | grep resolv
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              If the command output contains the following information, it means that there is a domain name resolution failure.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Could not resolve host:  Unknown error
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            2. On the node, ping the domain name that cannot be resolved in the previous step to check whether the domain name can be resolved on the node.
                                                                                                                                                                                                              • If not, the DNS cannot resolve the IP address. Check whether the DNS address in the /etc/resolv.conf file is the same as that configured on the VPC subnet. In most cases, the DNS address in the file is incorrectly configured. As a result, the domain name cannot be resolved. Correct the DNS configuration of the VPC subnet and reset the node.
                                                                                                                                                                                                              • If yes, the DNS address configuration is correct. Check whether there are other faults.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            3. On the node, ping the domain name that cannot be resolved in the previous step to check whether the domain name can be resolved.
                                                                                                                                                                                                              • If not, the DNS cannot resolve the IP address. Check whether the DNS address in the /etc/resolv.conf file is the same as that configured on the VPC subnet. In most cases, the DNS address in the file is configured incorrectly, leading to the inability to resolve the domain name. To fix this issue, adjust the DNS configuration of the VPC subnet and reset the node.
                                                                                                                                                                                                              • If yes, the DNS address configuration is correct. Check whether there are other faults.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Check Item 9: Whether the vdb Disk on the Node Is Deleted
                                                                                                                                                                                                            If the vdb disk on a node is deleted, you can refer to this topic to restore the node.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Check Item 9: Whether the vdb Disk on the Node Has Been Deleted
                                                                                                                                                                                                            If the vdb disk on a node has been deleted, you can refer to this topic to restore the node.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Check Item 10: Whether the Docker Service Is Normal
                                                                                                                                                                                                            1. Run the following command to check whether the Docker service is running:
                                                                                                                                                                                                              systemctl status docker
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              If the command fails or the Docker service status is not active, locate the cause or contact technical support if necessary.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              If the command fails to be executed or the Docker service status is not active, locate the cause or contact technical support if necessary.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            2. Run the following command to check the number of containers on the node:
                                                                                                                                                                                                              docker ps -a | wc -l
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              If the command is suspended, the command execution takes a long time, or there are more than 1000 abnormal containers, check whether workloads are repeatedly created and deleted. If a large number of containers are frequently created and deleted, there may be a large number of abnormal containers, and these containers cannot be cleared in a timely manner.
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              In this case, stop repeated creation and deletion of the workload or use more nodes to share the workload. Generally, the nodes will be restored after a period of time. If necessary, run the docker rm {container_id} command to manually clear abnormal containers.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              If the command is suspended, takes too long to execute, or if there are over 1000 abnormal containers, you should check if workloads are being repeatedly created and deleted. If many containers are being created and deleted frequently, it may result in numerous abnormal containers that cannot be cleared promptly.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              In this case, stop repeated creation and deletion of workloads or use more nodes to share the load. Typically, the node will be restored after a period of time. If necessary, run the docker rm {container_id} command to manually clear the abnormal containers.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
diff --git a/docs/cce/umn/cce_faq_00134.html b/docs/cce/umn/cce_faq_00134.html
index 0daac7ffc..0cea806c2 100644
--- a/docs/cce/umn/cce_faq_00134.html
+++ b/docs/cce/umn/cce_faq_00134.html
@@ -1,14 +1,14 @@
 
 
-
                                                                                                                                                                                                            How Can I Find the Fault for an Abnormal Workload?
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            How Can I Locate the Root Cause If a Workload Is Abnormal?
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            If a workload is abnormal, you can check the pod events first to locate the fault and then rectify the fault.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Fault Locating
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Fault Locating
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            To locate the fault of an abnormal workload, take the following steps:
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            1. Check whether the pod is running properly.
                                                                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                                                                              2. Click the cluster name to access the cluster console. In the navigation pane, choose Workloads.
                                                                                                                                                                                                              3. In the upper left corner of the page, select a namespace, locate the target workload, and view its status.
                                                                                                                                                                                                                • If the workload is not ready, you can view pod events and determine the cause. For details, see Viewing Pod Events. You can find the solution to the exception based on the events by referring to Common Pod Issues.
                                                                                                                                                                                                                • If the workload is processing, wait patiently.
                                                                                                                                                                                                                • If the workload is running, no action is required. If the workload status is normal but it cannot be accessed, check whether intra-cluster access is normal.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                1. Check whether the workload pod is running properly.
                                                                                                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                                                                                                  2. Click the cluster name to access the cluster console. In the navigation pane, choose Workloads.
                                                                                                                                                                                                                  3. In the upper left corner of the page, select the namespace, locate the target workload, and view its status.
                                                                                                                                                                                                                    • If the workload is not ready, you can view pod events to determine the cause. For details, see Viewing Pod Events. You can find the solution to the issue based on the events by referring to Common Pod Issues.
                                                                                                                                                                                                                    • If the workload is processing, wait patiently.
                                                                                                                                                                                                                    • If the workload is running, but it is not accessible, check whether intra-cluster access is normal.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                2. Check whether access within the cluster is normal.
                                                                                                                                                                                                                  Log in to the CCE console or use kubectl to obtain the pod IP address. Then, log in to the node or the pod and run curl or use other methods to manually call the APIs and check whether the expected result is returned.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  If {Container IP address}:{Port number} cannot be accessed, log in to the service container, access 127.0.0.1:{Port number}, and locate the fault.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                3. Check whether the access result meets the expectation.
                                                                                                                                                                                                                  If the workload is accessible within the cluster but the access result is not as expected, check the workload configurations, such as verifying if the image tag and environment variables are correctly configured. 
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                4. Check whether access within the cluster is normal.
                                                                                                                                                                                                                  Log in to the CCE console or use kubectl to obtain the pod IP address. Then, log in to the node or the pod and run curl or use other methods to manually call the APIs and check whether the intra-cluster communication is normal.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  If {Container IP address}:{Port number} is not accessible, log in to the service container, and attempt to access 127.0.0.1:{Port number}.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                5. Check whether the expected results are displayed.
                                                                                                                                                                                                                  If the workload is accessible within the cluster but the expected results are not shown, check the workload configurations, such as verifying if the image tag and environment variables are correctly configured. 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Common Pod Issues
                                                                                                                                                                                                            
@@ -16,7 +16,7 @@
 
                                                                                                                                                                                              		
 
                                                                                                                                                                                              Description
                                                                                                                                                                                              
 
                                                                                                                                                                                              Solution
                                                                                                                                                                                              
+
                                                                                                                                                                                              Reference
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
                                                                                                                                                                                               
 
                                                                                                                                                                                              The pod scheduling failed.
                                                                                                                                                                                              
 
                                                                                                                                                                                              For details, see What Should I Do If Pod Scheduling Fails?
                                                                                                                                                                                              
+
                                                                                                                                                                                              What Should I Do If the Scheduling of a Pod Fails?
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              Pending
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              A storage volume fails to be mounted to a pod.
                                                                                                                                                                                              
 
                                                                                                                                                                                              For details, see What Should I Do If a Storage Volume Cannot Be Mounted or the Mounting Times Out?.
                                                                                                                                                                                              
+
                                                                                                                                                                                              What Should I Do If a Storage Volume Cannot Be Mounted or the Mounting Times Out?
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              FailedPullImage
                                                                                                                                                                                              
@@ -40,7 +40,7 @@
 
                                                                                                                                                                                              The image pull failed.
                                                                                                                                                                                              
 
                                                                                                                                                                                              The image failed to be pulled again.
                                                                                                                                                                                              
 
                                                                                                                                                                                              For details, see What Should I Do If a Pod Fails to Pull the Image?
                                                                                                                                                                                              
+
                                                                                                                                                                                              What Should I Do If a Pod Fails to Pull the Image?
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              CreateContainerError
                                                                                                                                                                                              
@@ -49,35 +49,35 @@
 
                                                                                                                                                                                              The container startup failed.
                                                                                                                                                                                              
 
                                                                                                                                                                                              The container failed to restart.
                                                                                                                                                                                              
 
                                                                                                                                                                                              For details, see What Should I Do If Container Startup Fails?
                                                                                                                                                                                              
+
                                                                                                                                                                                              What Should I Do If Container Startup Fails?
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              Evicted
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              A pod is in the Evicted state, and the pod keeps being evicted.
                                                                                                                                                                                              
 
                                                                                                                                                                                              For details, see What Should I Do If a Pod Fails to Be Evicted?
                                                                                                                                                                                              
+
                                                                                                                                                                                              What Should I Do If a Pod Fails to Be Evicted?
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              Creating
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              A pod is in the Creating state.
                                                                                                                                                                                              
 
                                                                                                                                                                                              For details, see What Should I Do If a Workload Remains in the Creating State?
                                                                                                                                                                                              
+
                                                                                                                                                                                              What Should I Do If a Workload Remains in the Creating State?
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              Terminating
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              A pod is in the Terminating state.
                                                                                                                                                                                              
 
                                                                                                                                                                                              For details, see What Should I Do If a Pod Remains in the Terminating State?
                                                                                                                                                                                              
+
                                                                                                                                                                                              What Should I Do If a Pod Remains in the Terminating State?
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              Stopped
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              A pod is in the Stopped state.
                                                                                                                                                                                              
 
                                                                                                                                                                                              For details, see What Should I Do If a Workload Is Stopped Caused by Pod Deletion?
                                                                                                                                                                                              
+
                                                                                                                                                                                              What Should I Do If a Workload Is Stopped Caused by Pod Deletion?
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
                                                                                                                                                                                               
 
 
                                                                                                                                                                                              
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                              Symptom
                                                                                                                                                                                              
+
                                                                                                                                                                                              Possible Cause
                                                                                                                                                                                              
+
                                                                                                                                                                                              Solution
                                                                                                                                                                                              
+
                                                                                                                                                                                              Mounting an EVS volume to a StatefulSet times out.
                                                                                                                                                                                              
+
                                                                                                                                                                                              The node and the volume are in different AZs, causing a timeout during the mounting process and preventing the volume from being mounted to the workload.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Create a volume in the same AZ as the node and mount the volume to the node.
                                                                                                                                                                                              
+
                                                                                                                                                                                              A pod fails to be created, and an event similar to the following is displayed, indicating that the volume fails to be mounted to the pod is reported.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Multi-Attach error for volume "pvc-62a7a7d9-9dc8-42a2-8366-0f5ef9db5b60" Volume is already used by pod(s) testttt-7b774658cb-lc98h
                                                                                                                                                                                              
+
                                                                                                                                                                                              The number of pods of the Deployment that uses an EVS volume is greater than 1.
                                                                                                                                                                                              
+
                                                                                                                                                                                              If the Deployment uses an EVS volume, there can only be one Deployment pod. If you specify more than two pods for the Deployment, it will still be created. However, if these pods are scheduled on different nodes, some of them will fail to start because the EVS volume they rely on cannot be mounted to those nodes.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Set the number of pods of the Deployment that uses an EVS volume to 1 or use other types of volumes.
                                                                                                                                                                                              
+
                                                                                                                                                                                              A pod fails to be created, and information similar to the following is displayed:
                                                                                                                                                                                              
+
                                                                                                                                                                                              MountVolume.MountDevice failed for volume "pvc-08178474-c58c-4820-a828-14437d46ba6f" : rpc error: code = Internal desc = [09060def-afd0-11ec-9664-fa163eef47d0] /dev/sda has file system, but it is detected to be damaged
                                                                                                                                                                                              
+
                                                                                                                                                                                              The disk file system has been corrupted.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Back up the disk in EVS and restore the file system:
                                                                                                                                                                                              
+
                                                                                                                                                                                              fsck -y {drive letter}
                                                                                                                                                                                              
+
                                                                                                                                                                                              
 
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check Item 2: Whether Multiple Permission Configurations Exist in the Storage Volume
                                                                                                                                                                                              If the volume to be mounted stores too much data and involves permission-related configurations, the file permissions need to be modified one by one, which results in mounting timeout.
                                                                                                                                                                                              
-
                                                                                                                                                                                              Fault Locating
                                                                                                                                                                                              
+
                                                                                                                                                                                              
+
                                                                                                                                                                                              Abnormal SFS Turbo Storage Volume Mounting
                                                                                                                                                                                              
+
                                                                                                                                                                                              
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                              Symptom
                                                                                                                                                                                              
+
                                                                                                                                                                                              Possible Cause
                                                                                                                                                                                              
+
                                                                                                                                                                                              Solution
                                                                                                                                                                                              
+
                                                                                                                                                                                              • In a common container scenario, the pod is in the Processing state, and the pod events include the following information.
                                                                                                                                                                                                MountVolume.SetUp failed for volume {pv name}...
                                                                                                                                                                                                
+
                                                                                                                                                                                              • In a secure container scenario, the pod is in the Abnormal state, and the pod events include the following information:
                                                                                                                                                                                                mount {SFS-Turbo-shared-address} to xxx failed
                                                                                                                                                                                                
+
                                                                                                                                                                                              
+
                                                                                                                                                                                              1. The shared address in the PV is incorrect.
                                                                                                                                                                                              2. The network connection between the node where the pod runs and the SFS Turbo file system to be mounted is disconnected.
                                                                                                                                                                                              
+
                                                                                                                                                                                              1. Check whether the shared address in the PV is correct.
                                                                                                                                                                                                Obtain the YAML file of the PV and check the value of the everest.io/share-export-location field in spec.csi.volumeAttributes. (The correct shared address is the share path of the specified SFS Turbo file system.)
                                                                                                                                                                                                
+
                                                                                                                                                                                                kubectl get pv {pv name} -ojsonpath='{.spec.csi.volumeAttributes.everest\.io\/share-export-location}{"\n"}'
                                                                                                                                                                                                
+
                                                                                                                                                                                                If a sub-path is specified, it must be a valid existing subdirectory in the correct format, for example, 192.168.135.24:/a/b/c.
                                                                                                                                                                                                
+
                                                                                                                                                                                              2. Verify the network connectivity between the node where the pod runs and the SFS Turbo file system to be mounted.
                                                                                                                                                                                                Check whether the SFS Turbo file system can be mounted to a workload:
                                                                                                                                                                                                mount -t nfs -o vers=3,nolock,noresvport {SFS-Turbo-shared-address} /tmp
                                                                                                                                                                                                
+
                                                                                                                                                                                                
+
                                                                                                                                                                                              
+
                                                                                                                                                                                              
+
                                                                                                                                                                                              
+
                                                                                                                                                                                              
+
                                                                                                                                                                                              Storage Volume Mounting Timed Out
                                                                                                                                                                                              If the volume to be mounted stores too much data and involves permission-related configurations, the file permissions need to be modified one by one, which results in mounting timeout.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Fault locating
                                                                                                                                                                                              
 
                                                                                                                                                                                              • Check whether the securityContext field contains runAsuser and fsGroup. securityContext is a Kubernetes field that defines the permission and access control settings of pods or containers.
                                                                                                                                                                                              • Check whether the startup commands contain commands used to obtain or modify file permissions, such as ls, chmod, and chown.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Solution
                                                                                                                                                                                              
 
                                                                                                                                                                                              Determine whether to modify the settings based on your service requirements.
                                                                                                                                                                                              
 
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check Item 3: Whether There Is More Than One Replica for a Deployment with EVS Volumes
                                                                                                                                                                                              Symptom
                                                                                                                                                                                              
-
                                                                                                                                                                                              The pod fails to be created, and an event indicating that the storage fails to be added is reported.
                                                                                                                                                                                              
-
                                                                                                                                                                                              Multi-Attach error for volume "pvc-62a7a7d9-9dc8-42a2-8366-0f5ef9db5b60" Volume is already used by pod(s) testttt-7b774658cb-lc98h
                                                                                                                                                                                              
-
                                                                                                                                                                                              Fault Locating
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check whether the number of replicas of the Deployment is greater than 1.
                                                                                                                                                                                              
-
                                                                                                                                                                                              If the Deployment uses an EVS volume, the number of replicas can only be 1. If you specify more than two pods for the Deployment on the backend, CCE does not restrict the creation of the Deployment. However, if these pods are scheduled to different nodes, some pods cannot be started because the EVS volumes used by the pods cannot be mounted to the nodes.
                                                                                                                                                                                              
-
                                                                                                                                                                                              Solution
                                                                                                                                                                                              
-
                                                                                                                                                                                              Set the number of replicas of the Deployment that uses an EVS volume to 1 or use other volume types.
                                                                                                                                                                                              
-
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check Item 4: Whether the EVS Disk File System Is Damaged
                                                                                                                                                                                              Symptom
                                                                                                                                                                                              
-
                                                                                                                                                                                              The pod fails to be created, and information similar to the following is displayed, indicating that the disk file system is damaged.
                                                                                                                                                                                              
-
                                                                                                                                                                                              MountVolume.MountDevice failed for volume "pvc-08178474-c58c-4820-a828-14437d46ba6f" : rpc error: code = Internal desc = [09060def-afd0-11ec-9664-fa163eef47d0] /dev/sda has file system, but it is detected to be damaged
                                                                                                                                                                                              
-
                                                                                                                                                                                              Solution
                                                                                                                                                                                              
-
                                                                                                                                                                                              Back up the disk in EVS and run the following command to restore the file system:
                                                                                                                                                                                              
-
                                                                                                                                                                                              fsck -y {Drive letter}
                                                                                                                                                                                              
-
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_faq_00201.html b/docs/cce/umn/cce_faq_00201.html
index d83dcaa4d..eaff290c2 100644
--- a/docs/cce/umn/cce_faq_00201.html
+++ b/docs/cce/umn/cce_faq_00201.html
@@ -1,75 +1,76 @@
 
 
 
                                                                                                                                                                                              How Do I Collect Logs of Nodes in a CCE Cluster?
                                                                                                                                                                                              
-
                                                                                                                                                                                              The following tables list log files of CCE nodes.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Paths of Node Logs
                                                                                                                                                                                              The following tables list log files of CCE nodes.
                                                                                                                                                                                              
 
-
                                                                                                                                                                                              Table 1 Node logs
                                                                                                                                                                                              Name
                                                                                                                                                                                              
+
                                                                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                                              Table 1 Node logs
                                                                                                                                                                                              Name
                                                                                                                                                                                              
 
                                                                                                                                                                                              Path
                                                                                                                                                                                              
+
                                                                                                                                                                                              Path
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              kubelet log
                                                                                                                                                                                              
+
                                                                                                                                                                                              kubelet log
                                                                                                                                                                                              
 
                                                                                                                                                                                              • For clusters of v1.21 or later: /var/log/cce/kubernetes/kubelet.log
                                                                                                                                                                                              • For clusters of v1.19 or earlier: /var/paas/sys/log/kubernetes/kubelet.log
                                                                                                                                                                                              
+
                                                                                                                                                                                              • For clusters of v1.21 or later: /var/log/cce/kubernetes/kubelet.log
                                                                                                                                                                                              • For clusters of v1.19 or earlier: /var/paas/sys/log/kubernetes/kubelet.log
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              kube-proxy log
                                                                                                                                                                                              
+
                                                                                                                                                                                              kube-proxy log
                                                                                                                                                                                              
 
                                                                                                                                                                                              • For clusters of v1.21 or later: /var/log/cce/kubernetes/kube-proxy.log
                                                                                                                                                                                              • For clusters of v1.19 or earlier: /var/paas/sys/log/kubernetes/kube-proxy.log
                                                                                                                                                                                              
+
                                                                                                                                                                                              • For clusters of v1.21 or later: /var/log/cce/kubernetes/kube-proxy.log
                                                                                                                                                                                              • For clusters of v1.19 or earlier: /var/paas/sys/log/kubernetes/kube-proxy.log
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              yangtse log (networking)
                                                                                                                                                                                              
+
                                                                                                                                                                                              yangtse log (networking)
                                                                                                                                                                                              
 
                                                                                                                                                                                              • For clusters of v1.21 or later: /var/log/cce/yangtse
                                                                                                                                                                                              • For clusters of v1.19 or earlier: /var/paas/sys/log/yangtse
                                                                                                                                                                                              
+
                                                                                                                                                                                              • For clusters of v1.21 or later: /var/log/cce/yangtse
                                                                                                                                                                                              • For clusters of v1.19 or earlier: /var/paas/sys/log/yangtse
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              canal log
                                                                                                                                                                                              
+
                                                                                                                                                                                              canal log
                                                                                                                                                                                              
 
                                                                                                                                                                                              • For clusters of v1.21 or later: /var/log/cce/canal
                                                                                                                                                                                              • For clusters of v1.19 or earlier: /var/paas/sys/log/canal
                                                                                                                                                                                              
+
                                                                                                                                                                                              • For clusters of v1.21 or later: /var/log/cce/canal
                                                                                                                                                                                              • For clusters of v1.19 or earlier: /var/paas/sys/log/canal
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              System logs
                                                                                                                                                                                              
+
                                                                                                                                                                                              System logs
                                                                                                                                                                                              
 
                                                                                                                                                                                              /var/log/messages
                                                                                                                                                                                              
+
                                                                                                                                                                                              /var/log/messages
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              Container engine Logs
                                                                                                                                                                                              
+
                                                                                                                                                                                              Container engine Logs
                                                                                                                                                                                              
 
                                                                                                                                                                                              • For Docker nodes: /var/lib/docker
                                                                                                                                                                                              • For containerd nodes: /var/log/cce/containerd
                                                                                                                                                                                              
+
                                                                                                                                                                                              • For Docker nodes: /var/lib/docker
                                                                                                                                                                                              • For containerd nodes: /var/log/cce/containerd
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
                                                                                                                                                                                               
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
-
                                                                                                                                                                                              Table 2 Add-on logs
                                                                                                                                                                                              Name
                                                                                                                                                                                              
+
                                                                                                                                                                                              
-
-
-
-
-
-
-
                                                                                                                                                                                              Table 2 Add-on logs
                                                                                                                                                                                              Name
                                                                                                                                                                                              
 
                                                                                                                                                                                              Path
                                                                                                                                                                                              
+
                                                                                                                                                                                              Path
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              everest log
                                                                                                                                                                                              
+
                                                                                                                                                                                              everest log
                                                                                                                                                                                              
 
                                                                                                                                                                                              • For v2.1.41 or later:
                                                                                                                                                                                                • everest-csi-driver: /var/log/cce/kubernetes
                                                                                                                                                                                                • everest-csi-controller: /var/paas/sys/log/kubernetes
                                                                                                                                                                                                
+
                                                                                                                                                                                              • For v2.1.41 or later:
                                                                                                                                                                                                • everest-csi-driver: /var/log/cce/kubernetes
                                                                                                                                                                                                • everest-csi-controller: /var/paas/sys/log/kubernetes
                                                                                                                                                                                                
 
                                                                                                                                                                                              • For version earlier than v2.1.41:
                                                                                                                                                                                                • everest-csi-driver: /var/log/cce/everest-csi-driver
                                                                                                                                                                                                • everest-csi-controller: /var/paas/sys/log/everest-csi-controller
                                                                                                                                                                                                
 
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              npd log
                                                                                                                                                                                              
+
                                                                                                                                                                                              npd log
                                                                                                                                                                                              
 
                                                                                                                                                                                              • For v1.18.16 or later: /var/paas/sys/log/kubernetes
                                                                                                                                                                                              • For versions earlier than v1.18.16: /var/paas/sys/log/cceaddon-npd
                                                                                                                                                                                              
+
                                                                                                                                                                                              • For v1.18.16 or later: /var/paas/sys/log/kubernetes
                                                                                                                                                                                              • For versions earlier than v1.18.16: /var/paas/sys/log/cceaddon-npd
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              cce-hpa-controller log
                                                                                                                                                                                              
+
                                                                                                                                                                                              cce-hpa-controller log
                                                                                                                                                                                              
 
                                                                                                                                                                                              • For v1.3.12 or later: /var/paas/sys/log/kubernetes
                                                                                                                                                                                              • For versions earlier than v1.3.12: /var/paas/sys/log/ccehpa-controller
                                                                                                                                                                                              
+
                                                                                                                                                                                              • For v1.3.12 or later: /var/paas/sys/log/kubernetes
                                                                                                                                                                                              • For versions earlier than v1.3.12: /var/paas/sys/log/ccehpa-controller
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
                                                                                                                                                                                               
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
+
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              Parent topic: Node Running
                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_faq_00202.html b/docs/cce/umn/cce_faq_00202.html
index e054eba21..9fa23bc09 100644
--- a/docs/cce/umn/cce_faq_00202.html
+++ b/docs/cce/umn/cce_faq_00202.html
@@ -1,12 +1,12 @@
 
 
 
                                                                                                                                                                                              How Do I Locate a Workload Networking Fault?
                                                                                                                                                                                              
-
                                                                                                                                                                                              Troubleshooting Process
                                                                                                                                                                                              The issues here are described in order of how likely they are to occur.
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check these causes one by one until you find the cause of the fault.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Troubleshooting
                                                                                                                                                                                              The issues here are described in order of how likely they are to occur.
                                                                                                                                                                                              
+
                                                                                                                                                                                              If the fault persists after you have ruled out one cause, move on to the next one.
                                                                                                                                                                                              
 
 
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check Item 1: Container and Container Port
                                                                                                                                                                                              Log in to the CCE console or use kubectl to query the IP address of the pod. Then, log in to the node or container in the cluster and run the curl command to manually call the API. Check whether the expected result is returned.
                                                                                                                                                                                              
-
                                                                                                                                                                                              If <container IP address>:<port> cannot be accessed, you are advised to log in to the application container and access <127.0.0.1>:<port> to locate the fault.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Check Item 1: Container and Container Port
                                                                                                                                                                                              Log in to the CCE console or use kubectl to obtain the pod IP address. Then, log in to the node or the pod and run curl to manually call the API and check whether the expected result is returned.
                                                                                                                                                                                              
+
                                                                                                                                                                                              If {Container IP address}:{Port number} is not accessible, log in to the service container, and attempt to access 127.0.0.1:{Port number}.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Common issues:
                                                                                                                                                                                              
 
                                                                                                                                                                                              1. The container port is incorrectly configured (the container does not listen to the access port).
                                                                                                                                                                                              2. The URL does not exist (no related path exists in the container).
                                                                                                                                                                                              3. A Service exception (a Service bug in the container) occurs.
                                                                                                                                                                                              4. Check whether the cluster network kernel component is abnormal (container tunnel network model: openswitch kernel component; VPC network model: ipvlan kernel component).
                                                                                                                                                                                              
 
                                                                                                                                                                                              
@@ -16,7 +16,7 @@
 
 
                                                                                                                                                                                              Example:
                                                                                                                                                                                              
 
                                                                                                                                                                                              nodePort: 30637 indicates the exposed node port. targetPort: 80 indicates the exposed pod port. port: 123 is the exposed Service port. LoadBalancer Services also use this port to configure the ELB listener.
                                                                                                                                                                                              
-
                                                                                                                                                                                              
+
                                                                                                                                                                                              
 
                                                                                                                                                                                              After finding the node port (nodePort), access <IP address>:<port> of the node where the container is located and check whether the expected result is returned.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Common issues:
                                                                                                                                                                                              
 
                                                                                                                                                                                              1. The service port is not allowed in the inbound rules of the node.
                                                                                                                                                                                              2. A custom route is incorrectly configured for the node.
                                                                                                                                                                                              3. The label of the pod does not match that of the Service (created using kubectl or API).
                                                                                                                                                                                              
@@ -29,14 +29,14 @@
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              Check Item 4: NAT Gateway + Port
                                                                                                                                                                                              Generally, no EIP is configured for the backend server of NAT. Otherwise, exceptions such as network packet loss may occur.
                                                                                                                                                                                              
 
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check Item 5: Whether the Security Group of the Node Where the Container Is Located Allows Access
                                                                                                                                                                                              Log in to the management console and choose Service List > Networking > Virtual Private Cloud. On the Network console, choose Access Control > Security Groups, locate the security group rule of the CCE cluster, and modify and harden the security group rule.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Check Item 5: Whether the Security Group of the Node Where the Container Is Located Allows Access
                                                                                                                                                                                              Log in to the management console and choose Service List > Networking > Virtual Private Cloud. On the Network console, choose Access Control > Security Groups, locate the security group rule of the CCE cluster, and modify and harden the security group rule.
                                                                                                                                                                                              
 
                                                                                                                                                                                              • CCE cluster:
                                                                                                                                                                                                The security group name of the node is {Cluster name}-cce-node-{Random characters}.
                                                                                                                                                                                                
 
                                                                                                                                                                                              • CCE Turbo cluster:
                                                                                                                                                                                                The security group name of the node is {Cluster name}-cce-node-{Random characters}.
                                                                                                                                                                                                
 
                                                                                                                                                                                                The name of the security group associated with the containers is {Cluster name}-cce-eni-{Random characters}.
                                                                                                                                                                                                
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              Check the following:
                                                                                                                                                                                              
 
                                                                                                                                                                                              • IP address, port, and protocol of an external request to access the workloads in the cluster. They must be allowed in the inbound rule of the cluster security group.
                                                                                                                                                                                              • IP address, port, and protocol of a request sent by a workload to visit external applications outside the cluster. They must be allowed in the outbound rule of the cluster security group.
                                                                                                                                                                                              
-
                                                                                                                                                                                              For details about security group configuration, see How Can I Configure a Security Group Rule in a Cluster?
                                                                                                                                                                                              
+
                                                                                                                                                                                              For details about security group configuration, see How Can I Configure a Security Group Rule for a Cluster?
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_faq_00203.html b/docs/cce/umn/cce_faq_00203.html
index 95e6612c9..248238315 100644
--- a/docs/cce/umn/cce_faq_00203.html
+++ b/docs/cce/umn/cce_faq_00203.html
@@ -4,9 +4,9 @@
 
                                                                                                                                                                                              CCE does not return any error code when you fail to access your applications using a browser. Check your services first.
                                                                                                                                                                                              
 
                                                                                                                                                                                              404 Not Found
                                                                                                                                                                                              
 
                                                                                                                                                                                              If the error code shown in the following figure is returned, it indicates that the ELB cannot find the corresponding forwarding policy. Check the forwarding policies.
                                                                                                                                                                                              
-
                                                                                                                                                                                              Figure 1 404:ALB
                                                                                                                                                                                              
+
                                                                                                                                                                                              Figure 1 404:ALB
                                                                                                                                                                                              
 
                                                                                                                                                                                              If the error code shown in the following figure is returned, it indicates that errors occur on Nginx (your services). In this case, check your services.
                                                                                                                                                                                              
-
                                                                                                                                                                                              Figure 2 404:nginx/1.**.*
                                                                                                                                                                                              
+
                                                                                                                                                                                              Figure 2 404:nginx/1.**.*
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_faq_00204.html b/docs/cce/umn/cce_faq_00204.html
index 0a7f0537a..53edd8bc1 100644
--- a/docs/cce/umn/cce_faq_00204.html
+++ b/docs/cce/umn/cce_faq_00204.html
@@ -2,8 +2,7 @@
 
 
                                                                                                                                                                                              What Should I Do If a Container Fails to Access the Internet?
                                                                                                                                                                                              
 
                                                                                                                                                                                              If a container cannot access the Internet, check whether the node where the container is located can access the Internet. Then check whether the network configuration of the container is correct. For example, check whether the DNS configuration can resolve the domain name.
                                                                                                                                                                                              
-
                                                                                                                                                                                              Check Item 1: Whether the Node Can Access the Internet
                                                                                                                                                                                              1. Log in to the ECS console.
                                                                                                                                                                                              2. Check whether an EIP has been bound to the ECS (node) or whether the ECS has a NAT gateway configured.
                                                                                                                                                                                                The following figure shows that an EIP has been bound. If no EIP is displayed, bind an EIP to the ECS.
                                                                                                                                                                                                
-
                                                                                                                                                                                                Figure 1 Node with an EIP bound
                                                                                                                                                                                                
+
                                                                                                                                                                                                Check Item 1: Whether the Node Can Access the Internet
                                                                                                                                                                                                1. Log in to the ECS console.
                                                                                                                                                                                                2. Check whether an EIP has been bound to the ECS (node) or whether the ECS has a NAT gateway configured.
                                                                                                                                                                                                  If no EIP is displayed, bind an EIP to the ECS.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                
 
                                                                                                                                                                                                
 
                                                                                                                                                                                                Check Item 2: Whether a Network ACL Has Been Configured for the Node
                                                                                                                                                                                                1. Log in to the VPC console.
                                                                                                                                                                                                2. In the navigation pane on the left, choose Access Control > Network ACLs.
                                                                                                                                                                                                3. Check whether a network ACL has been configured for the subnet where the node is located and whether external access is restricted.
                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00205.html b/docs/cce/umn/cce_faq_00205.html
index 53d127cec..a42e96c5c 100644
--- a/docs/cce/umn/cce_faq_00205.html
+++ b/docs/cce/umn/cce_faq_00205.html
@@ -12,6 +12,8 @@
 
                                                                                                                                                                                                3. 
 
                                                                                                                                                                                              3. What Should I Do If a Node Fails to Connect to the Internet (Public Network)?
                                                                                                                                                                                                
 
                                                                                                                                                                                                4. 
+
                                                                                                                                                                                              4. What Could Cause Access Exceptions After Configuring an HTTPS Certificate for a LoadBalancer Ingress?
                                                                                                                                                                                                
+
                                                                                                                                                                                                5. 
 
 
 
                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00209.html b/docs/cce/umn/cce_faq_00209.html
index 707a05a68..29ff1e8f5 100644
--- a/docs/cce/umn/cce_faq_00209.html
+++ b/docs/cce/umn/cce_faq_00209.html
@@ -1,15 +1,15 @@
 
 
 
                                                                                                                                                                                                What Should I Do If a Pod Fails to Be Evicted?
                                                                                                                                                                                                
-
                                                                                                                                                                                                Principle of Eviction
                                                                                                                                                                                                When a node is abnormal, Kubernetes will evict pods on the node to ensure workload availability.
                                                                                                                                                                                                
+
                                                                                                                                                                                                Principle of Eviction
                                                                                                                                                                                                When a node is abnormal, Kubernetes will evict some pods on the node to ensure workload availability.
                                                                                                                                                                                                
 
                                                                                                                                                                                                In Kubernetes, both kube-controller-manager and kubelet can evict pods.
                                                                                                                                                                                                
-
                                                                                                                                                                                                • Eviction implemented by kube-controller-manager
                                                                                                                                                                                                  kube-controller-manager consists of multiple controllers, and eviction is implemented by node controller. node controller periodically checks the status of all nodes. If a node is in the NotReady state for a period of time, all pods on the node will be evicted.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • Eviction implemented by kube-controller-manager
                                                                                                                                                                                                    kube-controller-manager consists of multiple controllers, and eviction is implemented by node controller. Node controller periodically checks the status of all nodes. If a node is in the NotReady state for a period of time, all pods on the node will be evicted.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    kube-controller-manager supports the following startup parameters:
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    • pod-eviction-timeout: indicates an interval when a node is down, after which pods on that node are evicted. The default interval is 5 minutes.
                                                                                                                                                                                                    • node-eviction-rate: indicates the number of nodes to be evicted per second. The default value is 0.1, indicating that pods are evicted from one node every 10 seconds.
                                                                                                                                                                                                    • secondary-node-eviction-rate: specifies a rate at which nodes are evicted in the second grade. If a large number of nodes are down in the cluster, the eviction rate will be reduced to secondary-node-eviction-rate. The default value is 0.01.
                                                                                                                                                                                                    • unhealthy-zone-threshold: specifies a threshold for an AZ to be considered unhealthy. The default value is 0.55, meaning that if the percentage of faulty nodes in an AZ exceeds 55%, the AZ will be considered unhealthy.
                                                                                                                                                                                                    • large-cluster-size-threshold: specifies a threshold for a cluster to be considered large. The parameter defaults to 50. If there are more nodes than this threshold, the cluster is considered as a large one. If there are more than 55% faulty nodes in a cluster, the eviction rate is reduced to 0.01. If the cluster is a small one, the eviction rate is reduced to 0, which means, pods running on the nodes in the cluster will not be evicted.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                  • Eviction implemented by kubelet
                                                                                                                                                                                                    If resources of a node are to be used up, kubelet executes the eviction policy based on the pod priority, resource usage, and resource request. If pods have the same priority, the pod that uses the most resources or requests for the most resources will be evicted first.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    kube-controller-manager evicts all pods on a faulty node, while kubelet evicts some pods on a faulty node. kubelet periodically checks the memory and disk resources of nodes. If the resources are insufficient, it will evict some pods based on the priority. For details about the pod eviction priority, see Pod selection for kubelet eviction.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    There are soft eviction thresholds and hard eviction thresholds.
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    • Soft eviction thresholds: A grace period is configured for node resources. kubelet will reclaim node resources associated with these thresholds if that grace period elapses. If the node resource usage reaches these thresholds but falls below them before the grace period elapses, kubelet will not evict pods on the node.
                                                                                                                                                                                                      You can configure soft eviction thresholds using the following parameters:
                                                                                                                                                                                                      • eviction-soft: indicates a soft eviction threshold. If a node's eviction signal reaches a certain threshold, for example, memory.available<1.5Gi, kubelet will not immediately evict some pods on the node but wait for a grace period configured by eviction-soft-grace-period. If the threshold is reached after the grace period elapses, kubelet will evict some pods on the node.
                                                                                                                                                                                                      • eviction-soft-grace-period: indicates an eviction grace period. If a pod reaches the soft eviction threshold, it will be terminated after the configured grace period elapses. This parameter indicates the time difference for a terminating pod to respond to the threshold being met. The default grace period is 90 seconds.
                                                                                                                                                                                                      • eviction-max-pod-grace-period: indicates the maximum allowed grace period to use when terminating pods in response to a soft eviction threshold being met.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • Soft eviction thresholds: A grace period is configured for node resources. kubelet will reclaim node resources associated with these thresholds if that grace period elapses. If the node resource usage reaches these thresholds but falls below them before the grace period elapses, kubelet will not evict pods on the node.
                                                                                                                                                                                                        You can configure soft eviction thresholds using the following parameters:
                                                                                                                                                                                                        • eviction-soft: indicates a soft eviction threshold. If a node's eviction signal reaches a certain threshold, for example, memory.available<1.5Gi, kubelet will not immediately evict some pods on the node but wait for a grace period configured by eviction-soft-grace-period. If the threshold is reached after the grace period elapses, kubelet will evict some pods on the node.
                                                                                                                                                                                                        • eviction-soft-grace-period: indicates an eviction grace period. If a pod reaches the soft eviction threshold, it will be terminated after the configured grace period elapses. This parameter indicates the time difference for a terminating pod to respond to the threshold being met.
                                                                                                                                                                                                        • eviction-max-pod-grace-period: indicates the maximum allowed grace period to use when terminating pods in response to a soft eviction threshold being met.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      • Hard eviction thresholds: Pods are immediately evicted once these thresholds are reached.
                                                                                                                                                                                                        You can configure hard eviction thresholds using the following parameters:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        eviction-hard: indicates a hard eviction threshold. When the eviction signal of a node reaches a certain threshold, for example, memory.available<1Gi, which means, when the available memory of the node is less than 1 GiB, a pod eviction will be triggered immediately.
                                                                                                                                                                                                        
@@ -20,17 +20,17 @@
 
                                                                                                                                                                                                        • eviction-pressure-transition-period: indicates a period for which the kubelet has to wait before transitioning out of an eviction pressure condition. The default value is 5 minutes. If the time exceeds the threshold, the node is set to DiskPressure or MemoryPressure. Then some pods running on the node will be evicted. This parameter can prevent mistaken eviction decisions when a node is oscillating above and below a soft eviction threshold in some cases.
                                                                                                                                                                                                        • eviction-minimum-reclaim: indicates the minimum number of resources that must be reclaimed in each eviction. This parameter can prevent kubelet from repeatedly evicting pods because only a small number of resources are reclaimed during pod evictions in some cases.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Fault Locating
                                                                                                                                                                                                      If the pods are not evicted when the node is faulty, perform the following steps to locate the fault:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Fault Locating
                                                                                                                                                                                                      If the pods are not evicted when the node is faulty, perform the following operations to locate the fault:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      After the following command is executed, the command output shows that many pods are in the Evicted state.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      kubectl get pods
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check results will be recorded in kubelet logs of the node. You can run the following command to search for the information:
                                                                                                                                                                                                      cat /var/log/cce/kubernetes/kubelet.log | grep -i Evicted -C3
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Troubleshooting Process
                                                                                                                                                                                                      The issues here are described in order of how likely they are to occur.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Troubleshooting
                                                                                                                                                                                                      The issues here are described in order of how likely they are to occur.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check these causes one by one until you find the cause of the fault.
                                                                                                                                                                                                      
 
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Check Item 1: Whether the Node Is Under Resource Pressure
                                                                                                                                                                                                      If a node suffers resource pressure, kubelet will change the node status and add taints to the node. Perform the following steps to check whether the corresponding taint exists on the node:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Check Item 1: Whether the Node Is Under Resource Pressure
                                                                                                                                                                                                      If a node suffers resource pressure, kubelet will change the node status and add taints to the node. Perform the following operations to check whether the corresponding taint exists on the node:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      $ kubectl describe node 192.168.0.37
 Name:               192.168.0.37
 ...
@@ -83,7 +83,7 @@ Taints:             key1=value1:NoSchedule
 
                                                                                                                                                                                                      Check Item 3: Whether the Conditions for Stopping Pod Eviction Are Met
                                                                                                                                                                                                      In a cluster that runs fewer than 50 worker nodes, if the number of faulty nodes accounts for over 55% of the total nodes, the pod eviction will be suspended. In this case, Kubernetes will not attempt to evict the workload on the faulty node. For details, see Rate limits on eviction.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check Item 4: Whether the Allocated Resources of the Pod Are the Same as Those of the Node
                                                                                                                                                                                                      An evicted pod will be frequently scheduled to the original node.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Possible Causes
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Possible cause
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Pods on a node are evicted based on the node resource usage. The evicted pods are scheduled based on the allocated node resources. Eviction and scheduling are based on different rules. Therefore, an evicted container may be scheduled to the original node again.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Properly allocate resources to each container.
                                                                                                                                                                                                      
@@ -95,7 +95,7 @@ Taints:             key1=value1:NoSchedule
 
                                                                                                                                                                                                      If a pod is evicted by kubelet, it would be in the Evicted state. This pod is only used for subsequent fault locating and can be directly deleted.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Run the following command to delete the evicted pods:
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      kubectl get pods <namespace> | grep Evicted | awk '{print $1}' | xargs kubectl delete pod <namespace> 
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      kubectl get pods -n <namespace> | grep Evicted | awk '{print $1}' | xargs kubectl delete pod -n <namespace>  
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      In the preceding command, <namespace> indicates the namespace name. Configure it based on your requirements.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      References
                                                                                                                                                                                                      Kubelet does not delete evicted pods
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00210.html b/docs/cce/umn/cce_faq_00210.html
index f88809308..22334f774 100644
--- a/docs/cce/umn/cce_faq_00210.html
+++ b/docs/cce/umn/cce_faq_00210.html
@@ -11,7 +11,7 @@ aos-controller-545d78bs8d-vm6j9    1/1       Running        3          3d1h
                                                                                                                                                                                                      Running kubectl delete pods <podname> -n <namespace> cannot delete the pods.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      kubectl delete pods aos-apiserver-5f8f5b5585-s9l92 -n aos
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Possible Causes
                                                                                                                                                                                                      The following lists some possible causes:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Possible Cause
                                                                                                                                                                                                      The following lists some possible causes:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • The node that runs a terminating pod is abnormal. When a node is unavailable, CCE migrates pods on the node and sets the pods running on the node to the Terminating state.
                                                                                                                                                                                                        After the node is restored, the pods in the Terminating state will be automatically deleted.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      • A container is unresponsive. If a container within a pod fails to respond to the SIGTERM signal while being terminated, the pod can become stuck in the Terminating state.
                                                                                                                                                                                                      • There are unfinished requests or resource occupation within a pod. If a process within a pod continues to run for an extended period, it may prevent the pod from being terminated and cause it to enter the Terminating state.
                                                                                                                                                                                                      • A pod has finalizers specified. Finalizers are used to clean up resources before they are deleted. If a pod has finalizers specified and the cleanup process is paused or unresponsive, the pod will remain in the Terminating state.
                                                                                                                                                                                                      • A pod has terminationGracePeriodSeconds configured. Once a graceful exit time is set for a pod, it will enter the Terminating state upon termination and be automatically deleted after exiting gracefully.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00218.html b/docs/cce/umn/cce_faq_00218.html
index 7414d2bdb..38f790ef4 100644
--- a/docs/cce/umn/cce_faq_00218.html
+++ b/docs/cce/umn/cce_faq_00218.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                                                      What Should I Do If the Host Cannot Be Found When Files Need to Be Uploaded to OBS During the Access to the CCE Service from a Public Network?
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      When a Service deployed on CCE attempts to upload files to OBS after receiving an access request from an offline machine, an error message is displayed, indicating that the host cannot be found. The following figure shows the error message.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Fault Locating
                                                                                                                                                                                                      After receiving the HTTP request, the Service transfers files to OBS through the proxy.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      If too many files are transferred, a large number of resources are consumed. Currently, the proxy is assigned 128 MiB of memory. According to pressure test results, resource consumption is large, resulting in request failure.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      The test results show that all traffic passes through the proxy. Therefore, if the service volume is large, more resources need to be allocated.
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00224.html b/docs/cce/umn/cce_faq_00224.html
index 374c3f102..c16a39ba9 100644
--- a/docs/cce/umn/cce_faq_00224.html
+++ b/docs/cce/umn/cce_faq_00224.html
@@ -1,16 +1,16 @@
 
 
 
                                                                                                                                                                                                      How Do I Expand the Storage Capacity of a Container?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Application Scenarios
                                                                                                                                                                                                      The default storage size of a container is 10 GiB. If a large volume of data is generated in the container, expand the capacity using the method described in this topic.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Application Scenario
                                                                                                                                                                                                      The default storage size of a container is 10 GiB. If a large volume of data is generated in the container, expand the capacity using the method described in this topic.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                      2. Choose Nodes from the navigation pane.
                                                                                                                                                                                                      3. Click the Nodes tab, locate the row containing the target node, and choose More > Reset Node in the Operation column.
                                                                                                                                                                                                         
                                                                                                                                                                                                        Resetting a node may make the node-specific resources (such as local storage and workloads scheduled to this node) unavailable. Exercise caution when performing this operation to avoid impact on running services.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      4. Reconfigure node parameters.
                                                                                                                                                                                                        If you need to adjust the container storage space, pay attention to the following configurations:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Storage Settings: Click Expand next to the data disk to set the following parameter:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Storage Settings: Click Expand next to the data disk to configure the following parameter:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Space Allocation for Pods: indicates the base size of a pod. It is the maximum size that a workload's pods (including the container images) can grow to in the disk space. Proper settings can prevent pods from taking all the disk space available and avoid service exceptions. It is recommended that the value is less than or equal to 80% of the container engine space. This parameter is related to the node OS and container storage rootfs and is not supported in some scenarios. For details, see Data Disk Space Allocation.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      5. After the node is reset, log in to the node and check whether the container capacity has been expanded. The command output varies with the container storage rootfs.
                                                                                                                                                                                                        • Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys. Run the following command to check whether the container capacity has been expanded:
                                                                                                                                                                                                          docker exec -it container_id /bin/sh or kubectl exec -it container_id /bin/sh
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          df -h
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • After the node is reset, log in to the node and check whether the container capacity has been expanded. The command output varies with the container storage rootfs.
                                                                                                                                                                                                          • Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys. Run the following command to check whether the container capacity has been expanded:
                                                                                                                                                                                                            kubectl exec -it pod_name -- /bin/sh
+df -h
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            If the information similar to the following is displayed, the overlay capacity has been expanded from 10 GiB to 15 GiB.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Filesystem                    Size   Used   Avail   Use%   Mounted on
 overlay                        15G   104K     15G     1%   /
@@ -18,8 +18,8 @@ tmpfs                          64M      0     64M     0%   /dev
 tmpfs                         3.6G      0    3.6G     0%   /sys/fs/cgroup
 /dev/mapper/vgpaas-share       98G   4.0G     89G     5%   /etc/hosts
 ...
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          • Devicemapper: A thin pool is allocated to store image data. Run the following command to check whether the container capacity has been expanded:
                                                                                                                                                                                                            docker exec -it container_id /bin/sh or kubectl exec -it container_id /bin/sh
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            df -h
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          • Device Mapper: A thin pool is allocated to store image data. Run the following command to check whether the container capacity has been expanded:
                                                                                                                                                                                                            kubectl exec -it pod_name -- /bin/sh
+df -h
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            If the information similar to the following is displayed, the thin pool capacity has been expanded from 10 GiB to 15 GiB.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Filesystem                            Size   Used   Avail   Use%   Mounted on
 /dev/mapper/vgpaas-thinpool-snap-84    15G   232M     15G     2%   /
diff --git a/docs/cce/umn/cce_faq_00230.html b/docs/cce/umn/cce_faq_00230.html
index 1a07cc41c..907777dd2 100644
--- a/docs/cce/umn/cce_faq_00230.html
+++ b/docs/cce/umn/cce_faq_00230.html
@@ -6,7 +6,7 @@
 
                                                                                                                                                                                                            Solution
                                                                                                                                                                                                            The reason is that the umask values set in the preceding two startup modes are different. Therefore, the permissions on the created directories are different.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            The umask value is used to set the default permission for a newly created file or directory. If the umask value is too small, group users or other users will have excessive permissions, posing security threats to the system. Therefore, the default umask value for all users is set to 0077. That is, the default permission on directories created by users is 700, and the default permission on files is 600.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            You can add the following content to the startup script to set the permission on the created directory to 700:
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            1. 1. Add umask 0077 to the /etc/bashrc file and all files in /etc/profile.d/. 
                                                                                                                                                                                                            2. Run the following command:
                                                                                                                                                                                                              echo "umask 0077" >> $FILE
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              1. Add umask 0077 to the /etc/bashrc file and all files in /etc/profile.d/.
                                                                                                                                                                                                              2. Run the following command:
                                                                                                                                                                                                                echo "umask 0077" >> $FILE
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                 
                                                                                                                                                                                                                FILE indicates the file name, for example, echo "umask 0077" >> /etc/bashrc.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              3. Set the owner and group of the /etc/bashrc file and all files in /etc/profile.d/ to root.
                                                                                                                                                                                                              4. Run the following command:
                                                                                                                                                                                                                chown root.root $FILE
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00235.html b/docs/cce/umn/cce_faq_00235.html
index bb02cec17..5b9452451 100644
--- a/docs/cce/umn/cce_faq_00235.html
+++ b/docs/cce/umn/cce_faq_00235.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                                                                How Can I Achieve Compatibility Between ExtendPathMode and Kubernetes client-go?
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Application Scenarios
                                                                                                                                                                                                                The Kubernetes pod structure does not contain ExtendPathMode. Therefore, when a user calls the API for creating a pod or deployment by using client-go, the created pod does not contain ExtendPathMode. CCE provides a solution to ensure compatibility with the Kubernetes client-go.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Application Scenario
                                                                                                                                                                                                                The Kubernetes pod structure does not contain ExtendPathMode. Therefore, when a user calls the API for creating a pod or deployment by using client-go, the created pod does not contain ExtendPathMode. CCE provides a solution to ensure compatibility with the Kubernetes client-go.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Solution
                                                                                                                                                                                                                 
                                                                                                                                                                                                                • When creating a pod, you need to add kubernetes.io/extend-path-mode to annotation of the pod.
                                                                                                                                                                                                                • When creating a Deployment, you need to add kubernetes.io/extend-path-mode to kubernetes.io/extend-path-mode in the template.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00260.html b/docs/cce/umn/cce_faq_00260.html
index 253640842..17d5b0192 100644
--- a/docs/cce/umn/cce_faq_00260.html
+++ b/docs/cce/umn/cce_faq_00260.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                                                The kube-scheduler component in Kubernetes is responsible for pod scheduling. For each newly created pod or other unscheduled pods, kube-scheduler selects an optimal node from them to run on. kube-scheduler selects a node for a pod in a 2-step operation: filtering and scoring. In the filtering step, all nodes where it is feasible to schedule the pod are filtered out. In the scoring step, kube-scheduler ranks the remaining nodes to choose the most suitable pod placement. Finally, kube-scheduler schedules the pod to the node with the highest score. If there is more than one node with the equal scores, kube-scheduler selects one of them at random.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                BalancedResourceAllocation is only one of the scoring priorities. Other scoring items may also cause uneven distribution. For details about scheduling, see Kubernetes Scheduler and Scheduling Policies.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                You can configure pod anti-affinity policies to evenly distribute pods onto different nodes.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Example:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                An example is as follows:
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                kind: Deployment
 apiVersion: apps/v1
 metadata:
diff --git a/docs/cce/umn/cce_faq_00263.html b/docs/cce/umn/cce_faq_00263.html
index 15e2ad169..d29fb7f69 100644
--- a/docs/cce/umn/cce_faq_00263.html
+++ b/docs/cce/umn/cce_faq_00263.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                                                Symptom
                                                                                                                                                                                                                The vdb disk of a node is damaged and the node cannot be recovered after reset.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Error Scenarios
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                • On a normal node, delete the LV and VG. The node is unavailable.
                                                                                                                                                                                                                • Reset an abnormal node, and a syntax error is reported. The node is unavailable.
                                                                                                                                                                                                                  The following figure shows the details.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Fault Locating
                                                                                                                                                                                                                If the volume group (VG) on the node is deleted or damaged and cannot be identified, you need to manually restore the VG first to prevent your data disks from being formatted by mistake during the reset.
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00265.html b/docs/cce/umn/cce_faq_00265.html
index 6923490b8..33a4b58dc 100644
--- a/docs/cce/umn/cce_faq_00265.html
+++ b/docs/cce/umn/cce_faq_00265.html
@@ -1,16 +1,16 @@
 
 
-
                                                                                                                                                                                                                How Can I Configure a Security Group Rule in a Cluster?
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                CCE is a universal container platform. Its default security group rules apply to common scenarios. When a cluster is created, a security group is automatically created for the master node and worker node, separately. The security group name of the master node is {Cluster name}-cce-control-{Random ID}, and the security group name of the worker node is {Cluster name}-cce-node-{Random ID}. If a CCE Turbo cluster is used, an additional ENI security group named {Cluster name}-cce-eni-{Random ID} will be created.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                You can modify the security group rules on the VPC console as required. (Log in to the management console, choose Service List > Networking > Virtual Private Cloud. On the page displayed, choose Access Control > Security Groups in the navigation pane, locate the corresponding security groups, and modify their rules.)
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                The default security group rules of the clusters using different networks are as follows:
                                                                                                                                                                                                                
-
-
                                                                                                                                                                                                                 
                                                                                                                                                                                                                • Modifying or deleting security group rules may affect cluster running. Exercise caution when performing this operation. If you need to modify security group rules, do not modify the rules of the port on which CCE running depends.
                                                                                                                                                                                                                • When adding a new security group rule to a cluster, ensure that the new rule does not conflict with the original rules. Otherwise, the original rules may become invalid, affecting the cluster running.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                How Can I Configure a Security Group Rule for a Cluster?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                CCE is a universal container platform. Its default security group rules apply to common scenarios. When a cluster is created, a security group is automatically created for the master nodes and worker nodes, separately. The name of the master node security group is in the format of {Cluster name}-cce-control-{Random ID}, and that of the worker node security group is in the format of {Cluster name}-cce-node-{Random ID}. For a CCE Turbo cluster, an additional ENI security group, with the name following the format of {Cluster name}-cce-eni-{Random ID}, will be created.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                To modify the security group rules, log in to the management console and choose Service List > Networking > Virtual Private Cloud. On the page displayed, choose Access Control > Security Groups in the navigation pane, locate the rpw containing the target security group, and modify the rules.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                You can check the default security group rules of clusters using different network models in:
                                                                                                                                                                                                                
+
+
                                                                                                                                                                                                                 
                                                                                                                                                                                                                • Be careful when modifying or removing security group rules as it could impact the cluster's operation. Avoid modifying the rules for the ports essential to CCE.
                                                                                                                                                                                                                • When adding a security group rule, ensure that this rule does not conflict with the existing rules. If there is a conflict, existing rules may become invalid, affecting cluster running.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Security Group Rules of a Cluster Using a VPC Network
                                                                                                                                                                                                                Security group of worker nodes
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                A security group named {Cluster name}-cce-node-{Random ID} is automatically created for worker nodes in a cluster. For details about the default ports, see Table 1.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Security Group Rules in a Cluster That Uses the VPC Network Model
                                                                                                                                                                                                                Worker node security group
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                A security group, with a name following the format of {Cluster name}-cce-node-{Random ID}, is automatically created for the worker nodes in a cluster. For details about the default ports, see Table 1.
                                                                                                                                                                                                                
 
-
                                                                                                                                                                                                                Table 1 Default ports in the security group for worker nodes that use a VPC network
                                                                                                                                                                                                                Direction
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
@@ -18,9 +18,9 @@
 
-
-
@@ -30,11 +30,11 @@
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -114,10 +114,10 @@
 
                                                                                                                                                                                                                Table 1 Default ports in the security group of the worker nodes in a cluster that uses the VPC network model
                                                                                                                                                                                                                Direction
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Port
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Description
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Modifiable
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification Suggestion
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Modification Suggestion
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Impact After Modification
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
                                                                                                                                                                                                                 
 
                                                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow access between worker nodes and between the worker nodes and master nodes.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow access between the worker nodes and between the worker nodes and the master nodes.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All TCP ports
                                                                                                                                                                                                                
@@ -42,24 +42,24 @@
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All ICMP ports
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Security group of master nodes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Master node security group
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow master nodes to access worker nodes.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow the master nodes to access the worker nodes.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port range: 30000 to 32767
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow access from NodePort.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow access from the NodePort Services.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Yes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification made if necessary
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                These ports must permit requests from VPC, container, and load balancer CIDR blocks.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The ports must allow traffic from the CIDR blocks of the VPC, container, and load balancer.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                UDP port range: 30000 to 32767
                                                                                                                                                                                                                
@@ -69,44 +69,44 @@
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Container CIDR block
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow containers in a cluster to access nodes.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow containers within the cluster to access the nodes.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Security group of worker nodes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Worker node security group
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Access outside the security group of the worker nodes is restricted, but mutual access between instances in the security group of the worker nodes is not restricted.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Restrict access from outside the worker node security group, but the access between pods in the worker node security group.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port 22
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow SSH access to Linux ECSs.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Recommended
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                You are advised to allow access only from fixed IP addresses or IP address ranges.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Outbound rule
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                All
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow traffic on all ports by default. You are advised to retain this setting.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Yes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification made if necessary
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                If you want to harden security by allowing traffic only on specific ports, remember to allow such ports. For details, see Hardening Outbound Rules.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Security group of master nodes
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                A security group named {Cluster name}-cce-control-{Random ID} is automatically created for master nodes in a cluster. For details about the default ports, see Table 2.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Master node security group
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                A security group, with a name following the format of {Cluster name}-cce-control-{Random ID}, is automatically created for the master nodes in a cluster. For details about the default ports, see Table 2.
                                                                                                                                                                                                                
 
-
                                                                                                                                                                                                                Table 2 Default ports in the security group for master nodes that use a VPC network
                                                                                                                                                                                                                Direction
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
@@ -125,9 +125,9 @@
 
-
-
@@ -139,9 +139,9 @@
 
-
-
-
-
-
-
-
@@ -175,45 +175,45 @@
 
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                                                                Table 2 Default ports in the security group of the master nodes in a cluster that uses the VPC network model
                                                                                                                                                                                                                Direction
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Port
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Description
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Modifiable
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification Suggestion
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Modification Suggestion
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Impact After Modification
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
                                                                                                                                                                                                                 
 
                                                                                                                                                                                                                Allow access from kube-apiserver, which provides lifecycle management for Kubernetes resources.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port 5444
                                                                                                                                                                                                                
@@ -153,20 +153,20 @@
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow the network add-on of the worker nodes to access master nodes.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow the network add-on of the worker nodes to access the master nodes.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port 5443
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow kube-apiserver of the master nodes to listen to the worker nodes.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Recommended
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification recommended
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                The port must allow traffic from the CIDR blocks of the VPC, the control plane of the hosted service mesh, and container.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow the storage add-on of worker nodes to access master nodes.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow the storage add-on of the worker nodes to access the master nodes.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Security group of master nodes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Master node security group
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Access outside the security group of the master nodes is restricted, but mutual access between instances in the security group of the master nodes is not restricted.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Restrict access from outside the master node security group, but the access between pods in the master node security group.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Outbound rule
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                All
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow traffic on all ports by default.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
                                                                                                                                                                                                                 
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
-
                                                                                                                                                                                                                Security Group Rules of a Cluster Using a Tunnel Network
                                                                                                                                                                                                                Security group of worker nodes
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                A security group named {Cluster name}-cce-node-{Random ID} is automatically created for worker nodes in a cluster. For details about the default ports, see Table 3.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Security Group Rules in a Cluster That Uses the Tunnel Network Model
                                                                                                                                                                                                                Worker node security group
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                A security group, with a name following the format of {Cluster name}-cce-node-{Random ID}, is automatically created for the worker nodes in a cluster. For details about the default ports, see Table 3.
                                                                                                                                                                                                                
 
-
                                                                                                                                                                                                                Table 3 Default ports in the security group for worker nodes that use a tunnel network
                                                                                                                                                                                                                Direction
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
@@ -221,9 +221,9 @@
 
-
-
@@ -231,33 +231,33 @@
 
-
-
-
-
-
-
-
-
-
-
@@ -267,35 +267,35 @@
 
-
-
-
-
-
-
-
-
-
@@ -303,10 +303,10 @@
 
                                                                                                                                                                                                                Table 3 Default ports in the security group of the worker nodes in a cluster that uses the tunnel network model
                                                                                                                                                                                                                Direction
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Port
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Description
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Modifiable
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification Suggestion
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Modification Suggestion
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Impact After Modification
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
                                                                                                                                                                                                                 
 
                                                                                                                                                                                                                UDP port 4789
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow access between containers.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port 10250
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                CIDR block of master nodes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Master node CIDR block
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow master nodes to access kubelet on worker nodes, for example, by running kubectl exec {pod}.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow the master nodes to access kubelet on the worker nodes to run commands, for example, kubectl exec {pod}.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port range: 30000 to 32767
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow access from NodePort.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow access from the NodePort Services.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Yes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification made if necessary
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                The ports must allow traffic from the CIDR blocks of the VPC, load balancer, and container.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port 22
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow SSH access to Linux ECSs.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Recommended
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                You are advised to allow access only from fixed IP addresses or IP address ranges.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Security group of worker nodes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Worker node security group
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Access outside the security group of the worker nodes is restricted, but mutual access between instances in the security group of the worker nodes is not restricted.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Restrict access from outside the worker node security group, but the access between pods in the worker node security group.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Outbound rule
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                All
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow traffic on all ports by default. You are advised to retain this setting.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Yes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification made if necessary
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                If you want to harden security by allowing traffic only on specific ports, remember to allow such ports. For details, see Hardening Outbound Rules.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Security group of master nodes
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                A security group named {Cluster name}-cce-control-{Random ID} is automatically created for master nodes in a cluster. For details about the default ports, see Table 4.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Master node security group
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                A security group, with a name following the format of {Cluster name}-cce-control-{Random ID}, is automatically created for the master nodes in a cluster. For details about the default ports, see Table 4.
                                                                                                                                                                                                                
 
-
                                                                                                                                                                                                                Table 4 Default ports in the security group for master nodes that use a tunnel network
                                                                                                                                                                                                                Direction
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
@@ -314,9 +314,9 @@
 
-
-
@@ -324,13 +324,13 @@
 
-
-
-
-
-
-
-
-
-
-
@@ -375,45 +375,45 @@
 
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                                                                Table 4 Default ports in the security group of the master nodes in a cluster that uses the tunnel network model
                                                                                                                                                                                                                Direction
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Port
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Description
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Modifiable
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification Suggestion
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Modification Suggestion
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Impact After Modification
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
                                                                                                                                                                                                                 
 
                                                                                                                                                                                                                UDP port 4789
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow access between containers.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port 5444
                                                                                                                                                                                                                
@@ -339,9 +339,9 @@
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow access from kube-apiserver, which provides lifecycle management for Kubernetes resources.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port 5444
                                                                                                                                                                                                                
@@ -353,20 +353,20 @@
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow the network add-on of the worker nodes to access master nodes.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow the network add-on of the worker nodes to access the master nodes.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port 5443
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow kube-apiserver of the master nodes to listen to the worker nodes.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Recommended
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification recommended
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                The port must allow traffic from the CIDR blocks of the VPC, the control plane of the hosted service mesh, and container.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow the storage add-on of worker nodes to access master nodes.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow the storage add-on of the worker nodes to access the master nodes.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Security group of master nodes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Master node security group
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Access outside the security group of the master nodes is restricted, but mutual access between instances in the security group of the master nodes is not restricted.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Restrict access from outside the master node security group, but the access between pods in the master node security group.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Outbound rule
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                All
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow traffic on all ports by default.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
                                                                                                                                                                                                                 
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
-
                                                                                                                                                                                                                Security Group Rules of a CCE Turbo Cluster Using the Cloud Native 2.0 Network
                                                                                                                                                                                                                Security group of worker nodes
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                A security group named {Cluster name}-cce-node-{Random ID} is automatically created for worker nodes in a cluster. For details about the default ports, see Table 5.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Security Group Rules in a CCE Turbo Cluster That Uses the Cloud Native 2.0 Network Model
                                                                                                                                                                                                                Worker node security group
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                A security group, with a name following the format of {Cluster name}-cce-node-{Random ID}, is automatically created for the worker nodes in a cluster. For details about the default ports, see Table 5.
                                                                                                                                                                                                                
 
-
                                                                                                                                                                                                                Table 5 Default ports in the security group for worker nodes
                                                                                                                                                                                                                Direction
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
@@ -421,9 +421,9 @@
 
-
-
@@ -431,22 +431,22 @@
 
-
-
-
-
-
-
-
@@ -456,46 +456,46 @@
 
-
-
-
-
-
-
-
-
-
-
-
-
@@ -503,10 +503,10 @@
 
                                                                                                                                                                                                                Table 5 Default ports in the security group of the worker nodes in a CCE Turbo cluster that uses the Cloud Native 2.0 network model
                                                                                                                                                                                                                Direction
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Port
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Description
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Modifiable
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification Suggestion
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Modification Suggestion
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Impact After Modification
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
                                                                                                                                                                                                                 
 
                                                                                                                                                                                                                TCP port 10250
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                CIDR block of master nodes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Master node CIDR block
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow master nodes to access kubelet on worker nodes, for example, by running kubectl exec {pod}.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow the master nodes to access kubelet on the worker nodes to run commands, for example, kubectl exec {pod}.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port range: 30000 to 32767
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow access from NodePort.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow access from the NodePort Services.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Yes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification made if necessary
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                The ports must allow traffic from the CIDR blocks of the VPC, load balancer, and container.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port 22
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow SSH access to Linux ECSs.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Recommended
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                You are advised to allow access only from fixed IP addresses or IP address ranges.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Security group of worker nodes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Worker node security group
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Access outside the security group of the worker nodes is restricted, but mutual access between instances in the security group of the worker nodes is not restricted.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Restrict access from outside the worker node security group, but the access between pods in the worker node security group.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Container subnet CIDR block
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow containers in a cluster to access nodes.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow containers within the cluster to access the nodes.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Outbound rule
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                All
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow traffic on all ports by default. You are advised to retain this setting.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Yes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification made if necessary
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                If you want to harden security by allowing traffic only on specific ports, remember to allow such ports. For details, see Hardening Outbound Rules.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Security group of master nodes
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                A security group named {Cluster name}-cce-control-{Random ID} is automatically created for master nodes in a cluster. For details about the default ports, see Table 6.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Master node security group
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                A security group, with a name following the format of {Cluster name}-cce-control-{Random ID}, is automatically created for the master nodes in a cluster. For details about the default ports, see Table 6.
                                                                                                                                                                                                                
 
-
                                                                                                                                                                                                                
-
@@ -46,6 +46,13 @@
 
                                                                                                                                                                                                                Max networking scale: 2,000 nodes
                                                                                                                                                                                                                
+
+
+
+
-
diff --git a/docs/cce/umn/cce_productdesc_0002.html b/docs/cce/umn/cce_productdesc_0002.html
index aed3e1e90..64de2ef6d 100644
--- a/docs/cce/umn/cce_productdesc_0002.html
+++ b/docs/cce/umn/cce_productdesc_0002.html
@@ -2,15 +2,15 @@
 
 
                                                                                                                                                                                                                Permissions
                                                                                                                                                                                                                CCE permissions management allows you to assign permissions to IAM users and user groups under your tenant accounts. CCE combines the advantages of IAM and RBAC to provide a variety of authorization methods, including IAM fine-grained/token authorization and cluster-/namespace-scoped authorization.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                CCE permissions are described as follows:
                                                                                                                                                                                                                • Cluster-level permissions: Cluster-level permissions management evolves out of the system policy authorization feature of IAM. IAM users in the same user group have the same permissions. A user group is simply a group of users. By granting cluster permissions to specific user groups, you can enable those users to perform various operations on clusters, including creating or deleting clusters, nodes, node pools, charts, and add-ons. In the meantime, you can restrict other user groups to only view clusters.
                                                                                                                                                                                                                  Cluster-level permissions involve non-Kubernetes native APIs and support fine-grained IAM policies.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  CCE permissions are described as follows:
                                                                                                                                                                                                                  • Cluster-level permissions: Cluster-level permissions management evolves out of the system policy authorization feature of IAM. IAM users in the same user group have the same permissions. A user group is simply a group of users. By granting cluster permissions to specific user groups, you can enable those users to perform various operations on clusters, including creating or deleting clusters, nodes, node pools, charts, and add-ons. In the meantime, you can restrict other user groups to only view clusters.
                                                                                                                                                                                                                    Cluster-level permissions involve non-Kubernetes native APIs and support fine-grained IAM policies.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  • Namespace-level permissions: You can regulate users' or user groups' access to Kubernetes resources, such as workloads, jobs, and Services, in a single namespace based on their Kubernetes RBAC roles. CCE has also been enhanced based on open-source capabilities. It supports RBAC authorization based on IAM user or user group, and RBAC authentication on access to APIs using IAM tokens.
                                                                                                                                                                                                                    Namespace-level permissions involve CCE Kubernetes APIs and are enhanced based on the Kubernetes RBAC capabilities. Namespace-level permissions can be granted to IAM users or user groups for authentication and authorization, but are independent of fine-grained IAM policies. For details, see Using RBAC Authorization.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                   
                                                                                                                                                                                                                  • Cluster-level permissions are configured only for cluster-related resources (such as clusters and nodes). You must also configure namespace permissions to operate Kubernetes resources (such as workloads, jobs, and Services).
                                                                                                                                                                                                                  • After you create a cluster, CCE automatically assigns the cluster-admin permission to you, which means you have full control on all resources in all namespaces in the cluster.
                                                                                                                                                                                                                  • When viewing CCE resources on the console, the resources displayed depend on the namespace permissions. If no namespace permissions are granted, the console will not show you the resources.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Cluster-level Permissions (Assigned by Using IAM System Policies)
                                                                                                                                                                                                                  New IAM users do not have any permissions assigned by default. You need to first add them to one or more groups and then attach policies or roles to these groups. The IAM users then inherit permissions from the groups and can perform specified operations on cloud services based on the permissions they have been assigned.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  CCE is a project-level service deployed for specific regions. To assign CCE permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. If All projects is selected, the permissions will take effect for the user group in all region-specific projects. When accessing CCE, the users need to switch to the authorized region.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  You can grant users permissions by using roles and policies.
                                                                                                                                                                                                                  • Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. This mechanism provides only a limited number of service-level roles for authorization. When using roles to assign permissions, assign other roles on which the permissions depend to take effect. However, roles are not an ideal choice for fine-grained authorization and secure access control.
                                                                                                                                                                                                                  • Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization, meeting requirements for secure access control. For example, you can assign users only the permissions for managing a certain type of clusters and nodes. 
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Cluster-level Permissions (Assigned by Using IAM System Policies)
                                                                                                                                                                                                                  New IAM users do not have any permissions assigned by default. You need to first add them to one or more groups and then attach policies or roles to these groups. They inherit permissions from the groups and can perform specified operations on cloud services based on the permissions they have been assigned.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  CCE is a project-level service deployed for specific regions. When you set Scope to Region-specific projects and select the specified projects in the specified regions, the users only have permissions for CCE in the selected projects. If you select All projects, the users have permissions for CCE in all region-specific projects. When accessing CCE, the users need to switch to the authorized region.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  You can grant users permissions by using roles and policies.
                                                                                                                                                                                                                  • Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. This mechanism provides only a limited number of service-level roles for authorization. Cloud services often depend on each other. When you grant permissions using roles, you also need to attach any existing role dependencies. However, roles are not an ideal choice for fine-grained authorization and secure access control.
                                                                                                                                                                                                                  • Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization, meeting requirements for secure access control. For example, you can assign users only the permissions for managing a certain type of clusters and nodes. 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  Table 1 lists all the system-defined permissions for CCE.
                                                                                                                                                                                                                  
 
@@ -32,7 +32,7 @@
 
 
                                                                                                                                                                                                                
@@ -414,7 +414,7 @@
 
                                                                                                                                                                                                                • Role: defines a set of rules for accessing Kubernetes resources in a namespace.
                                                                                                                                                                                                                • RoleBinding: defines the relationship between users and roles.
                                                                                                                                                                                                                • ClusterRole: defines a set of rules for accessing Kubernetes resources in a cluster (including all namespaces).
                                                                                                                                                                                                                • ClusterRoleBinding: defines the relationship between users and cluster roles.
                                                                                                                                                                                                                Role and ClusterRole specify actions that can be performed on specific resources. RoleBinding and ClusterRoleBinding bind roles to specific users, user groups, or ServiceAccounts. See the following figure.
                                                                                                                                                                                                                Figure 1 Role binding
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                On the CCE console, you can assign permissions to a user or user group to access resources in one or multiple namespaces. By default, the CCE console provides the following ClusterRoles:
                                                                                                                                                                                                                • view (read-only): read-only permission on most resources in all or selected namespaces.
                                                                                                                                                                                                                • edit (development): read and write permissions on most resources in all or selected namespaces. If this ClusterRole is configured for all namespaces, its capability is the same as the O&M permission.
                                                                                                                                                                                                                • admin (O&M): read and write permissions on most resources in all namespaces, and read-only permission on nodes, storage volumes, namespaces, and quota management.
                                                                                                                                                                                                                • cluster-admin (administrator): read and write permissions on all resources in all namespaces.
                                                                                                                                                                                                                • drainage-editor: drain a node.
                                                                                                                                                                                                                • drainage-viewer: view the nodal drainage status but cannot drain a node.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                On the CCE console, you can assign permissions to a user or user group to access resources in one or multiple namespaces. By default, the CCE console provides the following ClusterRoles:
                                                                                                                                                                                                                • view (read-only): read-only permissions on most resources in all or selected namespaces.
                                                                                                                                                                                                                • edit (development): read-write permissions on most resources in all or selected namespaces. If this ClusterRole is configured for all namespaces, its capability is the same as the O&M permission.
                                                                                                                                                                                                                • admin (O&M): read and write permissions on most resources in all namespaces, and read-only permission on nodes, storage volumes, namespaces, and quota management.
                                                                                                                                                                                                                • cluster-admin (administrator): read and write permissions on all resources in all namespaces.
                                                                                                                                                                                                                • drainage-editor: drain a node.
                                                                                                                                                                                                                • drainage-viewer: view the nodal drainage status but cannot drain a node.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                In addition to the preceding typical ClusterRoles, you can define Role and RoleBinding to grant permissions to add, delete, modify, and obtain resources (such as nodes, PVs, and CustomResourceDefinitions) and different resources (such as pods, Deployments, and Services) within specific namespaces. This allows for more precise permission control.
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_productdesc_0003.html b/docs/cce/umn/cce_productdesc_0003.html
index 90dd65f91..2c88a440f 100644
--- a/docs/cce/umn/cce_productdesc_0003.html
+++ b/docs/cce/umn/cce_productdesc_0003.html
@@ -7,7 +7,7 @@
 
                                                                                                                                                                                                                High Performance
                                                                                                                                                                                                                • CCE draws on years of field experience in compute, networking, storage, and heterogeneous infrastructure and provides you high-performance cluster services. You can concurrently launch containers at scale.
                                                                                                                                                                                                                • AI computing is 3x to 5x better with NUMA BMSs and high-speed InfiniBand network cards.
                                                                                                                                                                                                                Highly Available and Secure
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                • HA: Three master nodes in different AZs for your cluster control plane. Multi-active DR for your nodes and workloads. All these ensure service continuity when one of the nodes is down or an AZ gets hit by natural disasters.
                                                                                                                                                                                                                  Figure 1 Achieving cluster HA
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  • HA: Three master nodes in different AZs for your cluster management plane. Multi-active DR for your nodes and workloads. All these ensure service continuity when one of the nodes is down or an AZ gets hit by natural disasters.
                                                                                                                                                                                                                    Figure 1 Achieving cluster HA
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  • Secure: Integrating IAM and Kubernetes RBAC, CCE clusters are under your full control. You can set different RBAC permissions for IAM users on the console.
                                                                                                                                                                                                                    CCE offers secure containers so that each pod runs on a separate micro-VM, has its own OS kernel, and is securely isolated at the virtualization layer.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  Open and Compatible
                                                                                                                                                                                                                  
@@ -63,7 +63,7 @@
 
                                                                                                                                                                                                                  Why Containerization?
                                                                                                                                                                                                                  Docker is written in the Go language designed by Google. It provides operating-system-level virtualization. Linux Control Groups (cgroups), namespaces, and UnionFS (for example, AUFS) isolate each software process. The isolated software processes, which are called containers, are independent from each other and from the host.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  Docker has moved forward to enhance container isolation. Containers have their own file systems. They cannot see each other's processes or network interfaces. This simplifies container creation and management.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  VMs use a hypervisor to virtualize and allocate hardware resources (such as memory, CPU, network, and disk) of a host machine. A complete operating system runs on a VM. Each VM needs to run its own system processes. On the contrary, a container does not require hardware resource virtualization. It runs an application process directly in the host machine OS kernel. No resource overheads are incurred by running system processes. Therefore, Docker is lighter and faster than VMs.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Figure 2 Comparison between Docker containers and VMs
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Figure 2 Comparison between Docker containers and VMs
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  To sum up, Docker containers have many advantages over VMs.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  Resource use
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  Containers have no overheads for virtualizing hardware and running a complete OS. They are faster than VMs in execution and file storage, while having no memory loss.
                                                                                                                                                                                                                  
@@ -97,14 +97,14 @@
 
                                                                                                                                                                                                                
-
-
-
diff --git a/docs/cce/umn/cce_productdesc_0005.html b/docs/cce/umn/cce_productdesc_0005.html
index 30de9b8ed..1ba0cba77 100644
--- a/docs/cce/umn/cce_productdesc_0005.html
+++ b/docs/cce/umn/cce_productdesc_0005.html
@@ -6,49 +6,146 @@
 
                                                                                                                                                                                                              5. CCE underlying resources such as ECS nodes are limited by quota and their inventory. It is possible that only some nodes are created during cluster creation, cluster scaling, or auto scaling.
                                                                                                                                                                                                              6. ECS node specifications: CPU ≥ 2 cores, memory ≥ 4 GiB
                                                                                                                                                                                                              7. To access a CCE cluster through a VPN, ensure that the VPN CIDR block does not conflict with the VPC CIDR block where the cluster resides and the container CIDR block.
                                                                                                                                                                                                              8. Ubuntu 22.04 does not support the tunnel network model.
                                                                                                                                                                                                                9. Networks
                                                                                                                                                                                                                • By default, a NodePort Service is accessed within a VPC. To access a NodePort Service through the Internet, bind an EIP to the node in the cluster beforehand.
                                                                                                                                                                                                                • LoadBalancer Services allow workloads to be accessed from public networks through ELB. This access mode has the following restrictions:
                                                                                                                                                                                                                  • Automatically created load balancers should not be used by other resources. Otherwise, these load balancers cannot be completely deleted.
                                                                                                                                                                                                                  • Do not change the listener name for the load balancer in clusters of v1.15 and earlier. Otherwise, the load balancer cannot be accessed.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                • Constraints on network policies:
                                                                                                                                                                                                                  • Only clusters that use the tunnel network model support network policies. Network policies are classified into the following types:
                                                                                                                                                                                                                    • Ingress: All versions support this type.
                                                                                                                                                                                                                    • Egress: Only the following OSs and cluster versions support egress rules.
-
                                                                                                                                                                                                                Table 6 Default ports in the security group for master nodes
                                                                                                                                                                                                                Direction
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
@@ -514,9 +514,9 @@
 
-
-
@@ -524,42 +524,42 @@
 
-
-
-
-
-
-
-
-
-
-
@@ -568,22 +568,22 @@
 
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                                                                Table 6 Default ports in the security group of the master nodes in a CCE Turbo cluster that uses the Cloud Native 2.0 network model
                                                                                                                                                                                                                Direction
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Port
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Description
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Modifiable
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification Suggestion
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Modification Suggestion
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Impact After Modification
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
                                                                                                                                                                                                                 
 
                                                                                                                                                                                                                TCP port 5444
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow access from kube-apiserver, which provides lifecycle management for Kubernetes resources.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port 5444
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port 9443
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow the network add-on of the worker nodes to access master nodes.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow the network add-on of the worker nodes to access the master nodes.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port 5443
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow kube-apiserver of the master nodes to listen to the worker nodes.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Recommended
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification recommended
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                The port must allow traffic from the CIDR blocks of the VPC, the control plane of the hosted service mesh, and container.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow the storage add-on of worker nodes to access master nodes.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow the storage add-on of the worker nodes to access the master nodes.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Security group of master nodes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Master node security group
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Access outside the security group of the master nodes is restricted, but mutual access between instances in the security group of the master nodes is not restricted.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Restrict access from outside the master node security group, but the access between pods in the master node security group.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All
                                                                                                                                                                                                                
@@ -592,31 +592,31 @@
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow traffic from all source IP addresses in the container subnet CIDR block.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Outbound rule
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                All
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow traffic on all ports by default.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
                                                                                                                                                                                                                 
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Security group of ENI
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                In a CCE Turbo cluster, an additional security group named {Cluster name}-cce-eni-{Random ID} is created. By default, containers in the cluster are bound to this security group. For details about the default ports, see Table 7.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                ENI security group
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                In a CCE Turbo cluster, an additional security group, with the name following the format of {Cluster name}-cce-eni-{Random ID}, is created. By default, containers in the cluster are bound to this security group. For details about the default ports, see Table 7.
                                                                                                                                                                                                                
 
-
                                                                                                                                                                                                                
@@ -59,7 +58,7 @@
 
                                                                                                                                                                                                                This issue can arise in the following scenarios:
                                                                                                                                                                                                                • Scenarios 1: A custom security group is set up for the node pool but gets deleted, so the node pool scale-out fails.
                                                                                                                                                                                                                • Scenarios 2: No custom security group is configured for the node pool and the default security group is deleted, so the node pool scale-out fails.
                                                                                                                                                                                                                Solution:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                • Scenario 1: Update the security group specified by the customSecurityGroups field by calling the API for updating a node pool. 
                                                                                                                                                                                                                • Scenario 2: Log in to the CCE console and change the default node security group  on the Settings page of the cluster. The new node security group must meet the communication rules of the cluster ports. For details, see How Can I Configure a Security Group Rule in a Cluster?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • Scenario 1: Update the security group specified by the customSecurityGroups field by calling the API for updating a node pool. 
                                                                                                                                                                                                                • Scenario 2: Log in to the CCE console and change the default node security group on the Settings page of the cluster. The new node security group must meet the communication rules of the cluster ports. For details, see How Can I Configure a Security Group Rule for a Cluster?
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00438.html b/docs/cce/umn/cce_faq_00438.html
index 68147c451..e322c5769 100644
--- a/docs/cce/umn/cce_faq_00438.html
+++ b/docs/cce/umn/cce_faq_00438.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                                                                Involved Kubernetes resources include:
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                • Namespace-level resources: secret, ConfigMap, Deployment, Service, Role, RoleBinding, lease, ServiceAccount, and job
                                                                                                                                                                                                                • Cluster-level resources: ClusterRole, ClusterRoleBinding, IngressClass, and ValidatingWebhookConfiguration
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Solution
                                                                                                                                                                                                                1. Use kubectl to access a cluster.
                                                                                                                                                                                                                2. Search for related resources.
                                                                                                                                                                                                                  className="nginx"
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  1. Use kubectl to access the cluster.
                                                                                                                                                                                                                  2. Search for related resources.
                                                                                                                                                                                                                    className="nginx"
 namespace="kube-system"
 className=`if [[ ${className} == "nginx" ]]; then echo ""; else echo "-${className}";fi`
 kubectl get -n ${namespace} secret sh.helm.release.v1.cceaddon-nginx-ingress${className}.v1 cceaddon-nginx-ingress${className}-admission 
diff --git a/docs/cce/umn/cce_faq_00440.html b/docs/cce/umn/cce_faq_00440.html
index ec4d99fd4..2b328ae2a 100644
--- a/docs/cce/umn/cce_faq_00440.html
+++ b/docs/cce/umn/cce_faq_00440.html
@@ -37,14 +37,14 @@
 
                                                                                                                                                                                                                
-
-
diff --git a/docs/cce/umn/cce_faq_00446.html b/docs/cce/umn/cce_faq_00446.html
index 36b9f552b..86960ab4f 100644
--- a/docs/cce/umn/cce_faq_00446.html
+++ b/docs/cce/umn/cce_faq_00446.html
@@ -5,8 +5,8 @@
 
                                                                                                                                                                                                                Deleting a pod subnet from a cluster can be risky. It is important to ensure that none of the ENIs currently in use by the cluster belong to the subnet, including those being used by pods and pre-bound to pods.
                                                                                                                                                                                                                Procedure
                                                                                                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                                2. In the navigation pane, choose Settings and click the Network tab.
                                                                                                                                                                                                                3. In the Container Network area, copy the network ID of the subnet. (The default-network is used as an example.)
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                4. Log in to the VPC console. In the navigation pane, choose Virtual Private Cloud > Subnets. In the right pane, obtain the target subnet based on the network ID.
                                                                                                                                                                                                                5. Click the subnet name to access the details page. Click the Summary tab, locate the Resources area, click the number next to Network Interfaces, and view the network interfaces associated with the subnet.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                6. Check the names or descriptions of the network interfaces. If the name or description of a network interface contains the ID of the cluster, it indicates that the network interface is used by the cluster. You can obtain the cluster ID on the Overview page of the CCE console.
                                                                                                                                                                                                                  To delete the subnet ENIs used in the cluster, submit a service ticket.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                7. Log in to the VPC console. In the navigation pane, choose Virtual Private Cloud > Subnets. In the right pane, obtain the target subnet based on the network ID.
                                                                                                                                                                                                                8. Click the subnet name to access the details page. Click the Summary tab, locate the Resources area, click the number next to Network Interfaces, and view the network interfaces associated with the subnet.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                9. Check the names or descriptions of the network interfaces. If the name or description of a network interface contains the ID of the cluster, it indicates that the network interface is used by the cluster. You can obtain the cluster ID on the Overview page of the CCE console.
                                                                                                                                                                                                                  To delete the subnet ENIs used in the cluster, submit a service ticket.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00447.html b/docs/cce/umn/cce_faq_00447.html
index 58c31296a..3f487493f 100644
--- a/docs/cce/umn/cce_faq_00447.html
+++ b/docs/cce/umn/cce_faq_00447.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                                                                When you delete a subnet, CCE does not automatically remove the security group rules associated with the subnet in the default node security group created by CCE. You must manually delete these rules.
                                                                                                                                                                                                                Procedure
                                                                                                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                                2. In the navigation pane, choose Settings and click the Network tab.
                                                                                                                                                                                                                3. In the Container Network area, copy the IPv4 CIDR block of the subnet. (The default-network is used as an example.)
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                4. In the navigation pane, choose Overview. In the Networking Configuration area, click the name of the default node security group.
                                                                                                                                                                                                                5. On the page displayed, click the Inbound Rules tab, locate the row containing the subnet CIDR block based on the source IP address, and find the corresponding security group rule.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                6. In the navigation pane, choose Overview. In the Networking Configuration area, click the name of the default node security group.
                                                                                                                                                                                                                7. On the page displayed, click the Inbound Rules tab, locate the row containing the target subnet CIDR block based on the source IP address, and find the corresponding security group rule.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                8. Click Delete in the Operation column.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00455.html b/docs/cce/umn/cce_faq_00455.html
new file mode 100644
index 000000000..2c3c9221b
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00455.html
@@ -0,0 +1,60 @@
+
+
+
                                                                                                                                                                                                                What Could Cause Access Exceptions After Configuring an HTTPS Certificate for a LoadBalancer Ingress?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If you configure an HTTPS certificate for a LoadBalancer ingress, access may become abnormal if any of the following issues arise. To fix the problem, refer to the causes listed in the table.
                                                                                                                                                                                                                
+
+
                                                                                                                                                                                                                Table 7 Default ports of the ENI security group
                                                                                                                                                                                                                Direction
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
@@ -624,9 +624,9 @@
 
-
-
@@ -636,42 +636,42 @@
 
-
-
-
-
-
-
-
-
-
                                                                                                                                                                                                                Table 7 Default ports of the ENI security group in a CCE Turbo cluster that uses the Cloud Native 2.0 network model
                                                                                                                                                                                                                Direction
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Port
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Description
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Modifiable
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification Suggestion
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Modification Suggestion
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Impact After Modification
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
                                                                                                                                                                                                                 
 
                                                                                                                                                                                                                ENI security group
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow containers in a cluster to access each other.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow containers within the cluster to access each other.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow instances in the cluster VPC to access containers.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow instances in the cluster VPC to access the containers.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Outbound rule
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                All
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All IP addresses (0.0.0.0/0)
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow traffic on all ports by default.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                No
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Modification not recommended
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                N/A
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the configuration is modified, the cluster will not function correctly.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
                                                                                                                                                                                                                 
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
-
                                                                                                                                                                                                                Hardening Outbound Rules
                                                                                                                                                                                                                By default, all security groups created by CCE allow all the outbound traffic. You are advised to retain this configuration. To harden outbound rules, ensure that the ports listed in the following table are enabled.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Hardening Outbound Rules
                                                                                                                                                                                                                By default, all security groups created by CCE allow all the outbound traffic. You are advised to retain this configuration. To harden outbound rules, ensure that the traffic on the ports listed in the following table is allowed.
                                                                                                                                                                                                                
 
-
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00417.html b/docs/cce/umn/cce_faq_00417.html
index 173ed57c7..c390d42e3 100644
--- a/docs/cce/umn/cce_faq_00417.html
+++ b/docs/cce/umn/cce_faq_00417.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                                                                How Do I Configure an Access Policy for a Cluster?
                                                                                                                                                                                                                After the public API Server address is bound to the cluster, modify the security group rules of port 5443 on the master node to harden the access control policy of the cluster.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console. On the Overview page, copy the cluster ID in the Basic Info area.
                                                                                                                                                                                                                2. Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups.
                                                                                                                                                                                                                3. Select Description as the filter criterion and paste the cluster ID to search for the target security group.
                                                                                                                                                                                                                4. Locate the row that contains the security group (starting with {CCE cluster name}-cce-control) of the master node and click Manage Rules in the Operation column.
                                                                                                                                                                                                                5. On the page displayed, locate the row that contains port 5443 and click Modify in the Operation column to modify its inbound rules.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console. On the Overview page, find and copy the cluster ID.
                                                                                                                                                                                                                  2. Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups.
                                                                                                                                                                                                                  3. Select Description as the filter criterion and search for the target security group by cluster ID.
                                                                                                                                                                                                                  4. Locate the row that contains the security group (starting with {CCE cluster name}-cce-control) of the master node and click Manage Rules in the Operation column.
                                                                                                                                                                                                                  5. On the page displayed, locate the row that contains port 5443 and click Modify in the Operation column to modify its inbound rules.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  6. Change the source IP address that can be accessed as required. For example, if the IP address used by the client to access the API Server is 100.*.*.*, you can add an inbound rule for port 5443 and set the source IP address to 100.*.*.*.
                                                                                                                                                                                                                     
                                                                                                                                                                                                                    In addition to the client IP address, the port must allow traffic from the CIDR blocks of the VPC, container, and the control plane of the hosted service mesh to ensure that the API Server can be accessed from within the cluster.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_faq_00418.html b/docs/cce/umn/cce_faq_00418.html
new file mode 100644
index 000000000..c10bc0a19
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00418.html
@@ -0,0 +1,22 @@
+
+
+
                                                                                                                                                                                                                    Why Cannot I Delete a PV or PVC Using the kubectl delete Command?
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    Symptom
                                                                                                                                                                                                                    An existing PV or PVC cannot be deleted by running the kubectl delete command and it remains in the terminating state.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    Possible Cause
                                                                                                                                                                                                                    To prevent data loss caused by mis-deletion of PVs or PVCs, Kubernetes provides a data protection mechanism. A PV or PVC cannot be directly deleted using the kubectl delete command.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    Solution
                                                                                                                                                                                                                    Run the kubectl patch command first to remove the protection mechanism and then delete the PV or PVC.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    If you have run kubectl delete to delete a PV or PVC, the PV or PVC remains in the terminating state. It will be directly deleted after you run the kubectl patch command.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    • Run the following command to delete a PV:
                                                                                                                                                                                                                      kubectl patch pv <pv-name> -p '{"metadata":{"finalizers":null}}'
+kubectl delete pv <pv-name>
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                    • Run the following command to delete a PVC:
                                                                                                                                                                                                                      kubectl patch pvc <pvc-name> -p '{"metadata":{"finalizers":null}}'
+kubectl delete pvc <pvc-name>
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    Parent topic: Storage
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_faq_00429.html b/docs/cce/umn/cce_faq_00429.html
index ff7d64ded..b41121d4c 100644
--- a/docs/cce/umn/cce_faq_00429.html
+++ b/docs/cce/umn/cce_faq_00429.html
@@ -281,7 +281,7 @@
 
                                                                                                                                                                                                                Configuring Resource Quotas for volcano
                                                                                                                                                                                                                After the cluster scale is increased, the resource quotas required by volcano need to be modified based on the cluster scale.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                • If the number of nodes is less than 100, retain the default configuration. The requested CPU is 500m, and the limit is 2000m. The requested memory is 500 MiB, and the limit is 2000 MiB.
                                                                                                                                                                                                                • If the number of nodes is greater than 100, increase the requested CPU by 500m and the requested memory by 1000 MiB each time 100 nodes (10,000 pods) are added. Increase the CPU limit by 1500m and the memory limit by 1000 MiB.
                                                                                                                                                                                                                   
                                                                                                                                                                                                                  Formulas for calculating the requests:
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  • CPU request: Calculate the number of nodes multiplied by the number of pods, perform interpolation search using the product of the number of nodes in the cluster multiplied by the number of pods in Table 4, and round up the request and limit that are closest to the specifications.
                                                                                                                                                                                                                    For example, for 2000 nodes (20,000 pods), the product of the number of nodes multiplied by the number of pods is 40 million, which is close to 700/70,000 in the specification (Number of nodes x Number of pods = 49 million). Set the CPU request to 4000m and the limit to 5500m.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    • CPU request: Calculate the number of nodes multiplied by the number of pods, perform interpolation search using the product of the number of nodes in the cluster multiplied by the number of pods in Table 4, and round up the request and limit which are closest to the specifications.
                                                                                                                                                                                                                      For example, for 2000 nodes (20,000 pods), the product of the number of nodes multiplied by the number of pods is 40 million, which is close to 700/70,000 in the specification (Number of nodes x Number of pods = 49 million). Set the CPU request to 4000m and the limit to 5500m.
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                    • Memory request: Allocate 2.4 GiB of memory to every 1000 nodes and 1 GiB of memory to every 10,000 pods. The memory request is the sum of the two values. (The obtained value may be different from the recommended value in Table 4. You can use either of them.)
                                                                                                                                                                                                                      Memory request = Number of nodes/1000 x 2.4 GiB + Number of pods/10000 x 1 GiB
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                      For example, for 2000 nodes and 20,000 pods, the memory request value is 6.8 GiB (2000/1000 x 2.4 GiB + 20000/10000 x 1 GiB).
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                    
@@ -393,7 +393,7 @@
 
                                                                                                                                                                                                                Table 8 Minimum configurations of outbound security group rules for a worker node
                                                                                                                                                                                                                Port
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
@@ -686,6 +686,13 @@
 
+
+
+
+
-
-
-
@@ -718,42 +725,42 @@
 
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_faq_00266.html b/docs/cce/umn/cce_faq_00266.html
index db5eac106..0d10e9b0c 100644
--- a/docs/cce/umn/cce_faq_00266.html
+++ b/docs/cce/umn/cce_faq_00266.html
@@ -6,7 +6,7 @@
 
                                                                                                                                                                                                                A cluster is one or a group of cloud servers (also known as nodes) in the same VPC. It provides computing resource pools for running containers.
                                                                                                                                                                                                                As shown in Figure 1, a region may consist of multiple VPCs. A VPC consists of one or more subnets. The subnets communicate with each other through a subnet gateway. A cluster is created in a subnet. There are three scenarios:
                                                                                                                                                                                                                • Different clusters are created in different VPCs.
                                                                                                                                                                                                                • Different clusters are created in the same subnet.
                                                                                                                                                                                                                • Different clusters are created in different subnets.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Figure 1 Relationship between clusters, VPCs, and subnets
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Figure 1 Relationship between clusters, VPCs, and subnets
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00280.html b/docs/cce/umn/cce_faq_00280.html
index 5fba9ec13..bd6af4895 100644
--- a/docs/cce/umn/cce_faq_00280.html
+++ b/docs/cce/umn/cce_faq_00280.html
@@ -12,7 +12,7 @@
 
 
                                                                                                                                                                                                              9. How Do I Troubleshoot Problems Occurred When Accepting Nodes into a CCE Cluster?
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                10. 
-
                                                                                                                                                                                                              10. What Should I Do If a Node Fails to Be Accepted Because It Fails to Be Installed?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                              11. What Should I Do If a Node Cannot Be Managed and an Error Message Appears Saying That the Node Failed to Install?
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                12. 
 
 
diff --git a/docs/cce/umn/cce_faq_00281.html b/docs/cce/umn/cce_faq_00281.html
index 8464c8735..0858db409 100644
--- a/docs/cce/umn/cce_faq_00281.html
+++ b/docs/cce/umn/cce_faq_00281.html
@@ -8,7 +8,7 @@
 
 
                                                                                                                                                                                                                
 
 
 
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00286.html b/docs/cce/umn/cce_faq_00286.html
index 51c3be771..55998af52 100644
--- a/docs/cce/umn/cce_faq_00286.html
+++ b/docs/cce/umn/cce_faq_00286.html
@@ -1,11 +1,11 @@
 
 
-
                                                                                                                                                                                                                What Should I Do If a Node Fails to Be Accepted Because It Fails to Be Installed?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                What Should I Do If a Node Cannot Be Managed and an Error Message Appears Saying That the Node Failed to Install?
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Symptom
                                                                                                                                                                                                                A node fails to be accepted into a cluster.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Possible Causes
                                                                                                                                                                                                                Log in to the node and check the /var/paas/sys/log/baseagent/baseagent.log installation log. The following error information is displayed:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Check the  Logical Volume Manager (LVM) settings of the node. It is found that the LVM logical volume is not created in /dev/vdb.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Possible Cause
                                                                                                                                                                                                                Log in to the node and check the /var/paas/sys/log/baseagent/baseagent.log installation log. The following error information is displayed:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check the Logical Volume Manager (LVM) settings of the node. It is found that the LVM logical volume is not created in /dev/vdb.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Solution
                                                                                                                                                                                                                Run the following command to manually create a logical volume:
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                pvcreate /dev/vdb 
diff --git a/docs/cce/umn/cce_faq_00296.html b/docs/cce/umn/cce_faq_00296.html
index 73eb3ec5c..94f2eb246 100644
--- a/docs/cce/umn/cce_faq_00296.html
+++ b/docs/cce/umn/cce_faq_00296.html
@@ -6,7 +6,7 @@
 
                                                                                                                                                                                                                Attached SCSI disk
 task jdb2/xxx blocked for more than 120 seconds.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Example:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Possible Causes
                                                                                                                                                                                                                After a PCI device is hot added to BUS 0, the Linux OS kernel will traverse all the PCI bridges mounted to BUS 0 for multiple times, and these PCI bridges cannot work properly during this period. During this period, if the PCI bridge used by the device is updated, due to a kernel defect, the device considers that the PCI bridge is abnormal, and the device enters a fault mode and cannot work normally. If the front end is writing data into the PCI configuration space for the back end to process disk I/Os, the write operation may be deleted. As a result, the back end cannot receive notifications to process new requests on the I/O ring. Finally, the front-end I/O suspension occurs.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00307.html b/docs/cce/umn/cce_faq_00307.html
index 98fd872f3..9155b90c4 100644
--- a/docs/cce/umn/cce_faq_00307.html
+++ b/docs/cce/umn/cce_faq_00307.html
@@ -1,25 +1,25 @@
 
 
 
                                                                                                                                                                                                                How Do I Fix an Abnormal Container or Node Due to No Thin Pool Disk Space?
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Problem Description
                                                                                                                                                                                                                When the disk space of a thin pool on a node is about to be used up, the following exceptions occasionally occur:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Symptom
                                                                                                                                                                                                                When the disk space of a thin pool on a node is about to be used up, the following exceptions occasionally occur:
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Files or directories fail to be created in the container, the file system in the container is read-only, the node is tainted disk-pressure, or the node is unavailable.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                You can run the docker info command on the node to view the used and remaining thin pool space to locate the fault. The following figure is an example.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Possible Cause
                                                                                                                                                                                                                When Docker device mapper is used, although you can configure the basesize parameter to limit the size of the /home directory of a single container (to 10 GB by default), all containers on the node still share the thin pool of the node for storage. They are not completely isolated. When the sum of the thin pool space used by certain containers reaches the upper limit, other containers cannot run properly.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                In addition, after a file is deleted in the /home directory of the container, the thin pool space occupied by the file is not released immediately. Therefore, even if basesize is set to 10 GB, the thin pool space occupied by files keeps increasing until 10 GB when files are created in the container. The space released after file deletion will be reused only after a while. If the number of service containers on the node multiplied by basesize is greater than the thin pool space size of the node, there is a possibility that the thin pool space has been used up.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Solution
                                                                                                                                                                                                                When the thin pool space of a node is used up, some services can be migrated to other nodes to quickly recover services. But you are advised to use the following solutions to resolve the root cause:
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Solution 1:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Properly plan the service distribution and data plane disk space to avoid the scenario where the number of service containers multiplied by basesize is greater than the thin pool size of the node. To expand the thin pool size, perform the following steps:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                                                                  Only the storage capacity of the EVS disk is expanded. You also need to perform the following steps to expand the capacity of the logical volume and file system.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                                                3. Log in to the target node.
                                                                                                                                                                                                                4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                                                  A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Properly plan the service distribution and data plane disk space to avoid the scenario where the number of service containers multiplied by basesize is greater than the thin pool size of the node. To expand the thin pool size, perform the following operations:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                                                                    Only the storage capacity of EVS disks can be expanded. You need to perform the following operations to expand the capacity of logical volumes and file systems.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  2. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Nodes. In the right pane, click the Nodes tab, locate the row containing the target node, and choose More > Sync Server Data in the Operation column.
                                                                                                                                                                                                                  3. Log in to the target node.
                                                                                                                                                                                                                  4. Run lsblk to view the block device information of the node.
                                                                                                                                                                                                                    A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys.
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    1. Check the disk and partition sizes of the device.
                                                                                                                                                                                                                      # lsblk
+
                                                                                                                                                                                                                      1. Check the disk and partition space of the device.
                                                                                                                                                                                                                        # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 sda                   8:0    0   50G  0 disk 
 └─sda1                8:1    0   50G  0 part /
-sdb                   8:16   0  150G  0 disk      # The data disk has been expanded to 150 GiB, but 50 GiB space is not allocated.
+sdb                   8:16   0  150G  0 disk      # The data disk has been expanded to 150 GiB, but 50 GiB space is free.
 ├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd
 └─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                                        
 
                                                                                                                                                                                                                      2. Expand the disk capacity.
                                                                                                                                                                                                                        Add the new disk capacity to the dockersys logical volume used by the container engine.
                                                                                                                                                                                                                        
@@ -37,7 +37,7 @@ Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                                                      
 old_desc_blocks = 12, new_desc_blocks = 18
 The filesystem on /dev/vgpaas/dockersys is now 36700160 blocks long.
 
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                  5. Check whether the capacity is expanded.
                                                                                                                                                                                                                    # lsblk
+
                                                                                                                                                                                                                  6. Check whether the capacity has been expanded.
                                                                                                                                                                                                                    # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 sda                   8:0    0   50G  0 disk 
 └─sda1                8:1    0   50G  0 part /
@@ -45,22 +45,22 @@ sda                   8:0    0   50G  0 disk
 ├─vgpaas-dockersys  253:0    0   140G  0 lvm  /var/lib/containerd
 └─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  1. Check the disk and partition sizes of the device.
                                                                                                                                                                                                                    # lsblk
+
                                                                                                                                                                                                                    Device Mapper: A thin pool is allocated to store image data.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    1. Check the disk and partition space of the device.
                                                                                                                                                                                                                      # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
 vdb                                   8:16   0  200G  0 disk 
 ├─vgpaas-dockersys                  253:0    0   18G  0 lvm  /var/lib/docker    
 ├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
-│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm                   # Space used by thinpool
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm                   # Space used by thin pool
 │   ...
 ├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
 │ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
 │   ...
 └─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                                      
-
                                                                                                                                                                                                                    2. Expand the disk capacity.
                                                                                                                                                                                                                      Option 1: Add the new disk capacity to the thin pool disk.
                                                                                                                                                                                                                      
-
                                                                                                                                                                                                                      1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where thinpool is located.
                                                                                                                                                                                                                        pvresize /dev/vdb
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      2. Expand the disk capacity.
                                                                                                                                                                                                                        Option 1: Add the new disk capacity to the thin pool.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where thin pool is located.
                                                                                                                                                                                                                          pvresize /dev/vdb
                                                                                                                                                                                                                          
 
                                                                                                                                                                                                                          Information similar to the following is displayed:
                                                                                                                                                                                                                          
 
                                                                                                                                                                                                                          Physical volume "/dev/vdb" changed
 1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                                                          
@@ -68,7 +68,7 @@ vda                                   8:0    0   50G  0 disk
 
                                                                                                                                                                                                                          Information similar to the following is displayed:
                                                                                                                                                                                                                          
 
                                                                                                                                                                                                                          Size of logical volume vgpaas/thinpool changed from <67.00 GiB (23039 extents) to <167.00 GiB (48639 extents).
 Logical volume vgpaas/thinpool successfully resized.
                                                                                                                                                                                                                          
-
                                                                                                                                                                                                                        2. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                                                        3. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the thin pool, the capacity is expanded.
                                                                                                                                                                                                                          # lsblk
+
                                                                                                                                                                                                                        4. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                                                        5. Run the lsblk command to check the disk and partition space of the device and check whether the capacity has been expanded. If the new disk capacity was added to the thin pool, the capacity has been expanded.
                                                                                                                                                                                                                          # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
@@ -96,7 +96,7 @@ Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                                                          
 
                                                                                                                                                                                                                          Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/docker; on-line resizing required
 old_desc_blocks = 3, new_desc_blocks = 15
 The filesystem on /dev/vgpaas/dockersys is now 30932992 blocks long.
                                                                                                                                                                                                                          
-
                                                                                                                                                                                                                        6. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the dockersys, the capacity is expanded.
                                                                                                                                                                                                                          # lsblk
+
                                                                                                                                                                                                                        7. Run the lsblk command to check the disk and partition space of the device and check whether the capacity has been expanded. If the new disk capacity was added to the dockersys, the capacity has been expanded.
                                                                                                                                                                                                                          # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
diff --git a/docs/cce/umn/cce_faq_00311.html b/docs/cce/umn/cce_faq_00311.html
index df4b917c1..0d8bb0e5c 100644
--- a/docs/cce/umn/cce_faq_00311.html
+++ b/docs/cce/umn/cce_faq_00311.html
@@ -6,8 +6,8 @@
 
                                                                                                                                                                                                                        
 
                                                                                                                                                                                                                        Possible Cause
                                                                                                                                                                                                                        This user has no permissions to operate Kubernetes resources.
                                                                                                                                                                                                                        
 
                                                                                                                                                                                                                        
-
                                                                                                                                                                                                                        Solution
                                                                                                                                                                                                                        Assign permissions to the user.
                                                                                                                                                                                                                        
-
                                                                                                                                                                                                                        1. Log in to the CCE console. In the navigation pane, choose Permissions.
                                                                                                                                                                                                                        2. Select a cluster for which you want to add permissions from the drop-down list on the right.
                                                                                                                                                                                                                        3. Click Add Permissions in the upper right corner.
                                                                                                                                                                                                                        4. Confirm the cluster name and select the namespace to assign permissions for. For example, select All namespaces, the target user or user group, and select the permissions.
                                                                                                                                                                                                                           
                                                                                                                                                                                                                          If you do not have IAM permissions, you cannot select users or user groups when configuring permissions for other users or user groups. In this case, you can enter a user ID or user group ID. 
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          Solution
                                                                                                                                                                                                                          To grant the Kubernetes permissions to the user, perform the following operations:
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          1. Log in to the CCE console. In the navigation pane, choose Permissions.
                                                                                                                                                                                                                          2. Select a cluster for which you want to add permissions from the drop-down list on the right.
                                                                                                                                                                                                                          3. Click Add Permission in the upper right corner.
                                                                                                                                                                                                                          4. Confirm the cluster name and select the namespace to assign permissions for. For example, select All namespaces, the target user or user group, and select the permissions.
                                                                                                                                                                                                                             
                                                                                                                                                                                                                            If you do not have IAM permissions, you cannot select users or user groups when configuring permissions for other users or user groups. In this case, you can enter a user ID or user group ID. 
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            Permissions can be customized as required. After selecting Custom for Permission Type, click Add Custom Role on the right of the Custom parameter. In the dialog box displayed, enter a name and select a rule. After the custom rule is created, you can select a value from the Custom drop-down list box.
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            Custom permissions are classified into ClusterRole and Role. Each ClusterRole or Role contains a group of rules that represent related permissions. For details, see Using RBAC Authorization.
                                                                                                                                                                                                                            
diff --git a/docs/cce/umn/cce_faq_00319.html b/docs/cce/umn/cce_faq_00319.html
index c92f7e3a0..4926b8705 100644
--- a/docs/cce/umn/cce_faq_00319.html
+++ b/docs/cce/umn/cce_faq_00319.html
@@ -2,9 +2,9 @@
 
 
                                                                                                                                                                                                                            What Can I Do If a Layer Is Missing During Image Pull?
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            Symptom
                                                                                                                                                                                                                            When containerd is used as the container engine, there is a possibility that the image layer is missing when an image is pulled to a node. As a result, the workload container fails to be created.
                                                                                                                                                                                                                            
-
                                                                                                                                                                                                                            
+
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            
-
                                                                                                                                                                                                                            Possible Causes
                                                                                                                                                                                                                            Docker earlier than v1.10 supports the layer whose mediaType is application/octet-stream. However, containerd does not support application/octet-stream. As a result, the image is not pulled.
                                                                                                                                                                                                                            
+
                                                                                                                                                                                                                            Possible Cause
                                                                                                                                                                                                                            Docker earlier than v1.10 supports the layer whose mediaType is application/octet-stream. However, containerd does not support application/octet-stream. As a result, the image is not pulled.
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            Solution
                                                                                                                                                                                                                            You can use either of the following methods to solve this problem:
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            • Use Docker v1.11 or later to repackage the image.
                                                                                                                                                                                                                            • Manually pull the image.
                                                                                                                                                                                                                              1. Log in to the node.
                                                                                                                                                                                                                              2. Run the following command to pull the image:
                                                                                                                                                                                                                                ctr -n k8s.io images pull --user u:p images
                                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00321.html b/docs/cce/umn/cce_faq_00321.html
index 33b474e9e..c137a6040 100644
--- a/docs/cce/umn/cce_faq_00321.html
+++ b/docs/cce/umn/cce_faq_00321.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            Possible Causes
                                                                                                                                                                                                                            "Error from server (ServiceUnavailable)" indicates that the cluster is not connected. In this case, you need to check whether the network between kubectl and the master node in the cluster is normal.
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            
-
                                                                                                                                                                                                                            Solution
                                                                                                                                                                                                                            • If the kubectl command is executed outside the cluster, check whether the cluster is bound to an EIP. If yes, download the kubeconfig file and run the kubectl command again.
                                                                                                                                                                                                                            • If the kubectl command is executed on a node in the cluster, check the security group of the node and check whether the TCP/UDP communication between the worker node and master node is allowed. For details about the security group, see How Can I Configure a Security Group Rule in a Cluster?.
                                                                                                                                                                                                                            
+
                                                                                                                                                                                                                            Solution
                                                                                                                                                                                                                            • If the kubectl command is executed outside the cluster, check whether the cluster is bound to an EIP. If yes, download the kubeconfig file and run the kubectl command again.
                                                                                                                                                                                                                            • If the kubectl command is executed on a node in the cluster, check the security group of the node and check whether the TCP/UDP communication between the worker node and master node is allowed. For details about security groups, see How Can I Configure a Security Group Rule for a Cluster?
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            
diff --git a/docs/cce/umn/cce_faq_00322.html b/docs/cce/umn/cce_faq_00322.html
index fe13a2bbe..07a590e55 100644
--- a/docs/cce/umn/cce_faq_00322.html
+++ b/docs/cce/umn/cce_faq_00322.html
@@ -4,22 +4,22 @@
 
                                                                                                                                                                                                                            Symptom
                                                                                                                                                                                                                            When an add-on fails to be installed, the error message "The release name is already exist" is returned.
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            
-
                                                                                                                                                                                                                            Possible Causes
                                                                                                                                                                                                                            The add-on release record remains in the Kubernetes cluster. Generally, it is because the cluster etcd has backed up and restored the add-on, or the add-on fails to be installed or deleted.
                                                                                                                                                                                                                            
+
                                                                                                                                                                                                                            Possible Cause
                                                                                                                                                                                                                            The add-on release record remains in the Kubernetes cluster. Generally, it is because the cluster etcd has backed up and restored the add-on, or the add-on fails to be installed or deleted.
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            Solution
                                                                                                                                                                                                                            Use kubectl to connect to the cluster and manually clear the Secret and ConfigMap corresponding to the add-on release. The following uses autoscaler add-on release as an example.
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            
 
                                                                                                                                                                                                                            1. Connect to the cluster using kubectl, and run the following command to view the Secret list of add-on releases:
                                                                                                                                                                                                                              kubectl get secret -A |grep cceaddon
                                                                                                                                                                                                                              
-
                                                                                                                                                                                                                              
+
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                              The Secret name of an add-on release is in the format of sh.helm.release.v1.cceaddon-{add-on name}.v*. If there are multiple release versions, you can delete their Secrets at the same time.
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                            2. Run the release secret command to delete the Secrets.
                                                                                                                                                                                                                              Example:
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                              kubectl delete secret sh.helm.release.v1.cceaddon-autoscaler.v1 sh.helm.release.v1.cceaddon-autoscaler.v2 -nkube-system
                                                                                                                                                                                                                              
-
                                                                                                                                                                                                                              
+
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                            3. If the add-on is created when Helm v2 is used, CCE automatically bumps the v2 release in ConfigMaps to v3 release in Secrets when viewing the add-ons and their details. The v2 release in the original ConfigMap is not deleted. Run the following command to view the ConfigMap list of add-on releases:
                                                                                                                                                                                                                              kubectl get configmap -A | grep cceaddon
                                                                                                                                                                                                                              
-
                                                                                                                                                                                                                              
+
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                              The ConfigMap name of an add-on release is in the format of cceaddon-{add-on name}.v*. If there are multiple release versions, you can delete their ConfigMaps at the same time.
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                            4. Run the release configmap command to delete the ConfigMaps.
                                                                                                                                                                                                                              Example:
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                              kubectl delete configmap cceaddon-autoscaler.v1 cceaddon-autoscaler.v2 -nkube-system
                                                                                                                                                                                                                              
-
                                                                                                                                                                                                                              
+
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                               
                                                                                                                                                                                                                              Deleting resources in kube-system is a high-risk operation. Ensure that the command is correct before running it to prevent resources from being deleted by mistake.
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                            5. On the CCE console, install the add-on and then uninstall it. Ensure that the residual add-on resources are cleared. After the uninstallation is complete, install the add-on again.
                                                                                                                                                                                                                               
                                                                                                                                                                                                                              During the initial installation of the add-on, it is possible to encounter abnormal behavior caused by residual resources from a previous add-on release. This is a normal occurrence. In such cases, you can resolve the issue by uninstalling the add-on from the console. This will ensure that any remaining resources are cleared, allowing for a proper installation of the add-on again.
                                                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_faq_00325.html b/docs/cce/umn/cce_faq_00325.html
index 0b6a5f2ec..416bfe0c9 100644
--- a/docs/cce/umn/cce_faq_00325.html
+++ b/docs/cce/umn/cce_faq_00325.html
@@ -2,11 +2,11 @@
 
 
                                                                                                                                                                                                                              What Should I Do If a Namespace Fails to Be Deleted Due to an APIService Object Access Failure?
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                              Symptom
                                                                                                                                                                                                                              The namespace remains in the Deleting state. The error message "DiscoveryFailed" is displayed in status in the YAML file.
                                                                                                                                                                                                                              
-
                                                                                                                                                                                                                              
+
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                              In the preceding figure, the full error message is "Discovery failed for some groups, 1 failing: unable to retrieve the complete list of server APIs: metrics.k8s.io/v1beta1: the server is currently unable to handle the request".
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                              This indicates that the namespace deletion is blocked when kube-apiserver accesses the APIService resource object of the metrics.k8s.io/v1beta1 API.
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                              
-
                                                                                                                                                                                                                              Possible Causes
                                                                                                                                                                                                                              If an APIService object exists in the cluster, deleting the namespace will first access the APIService object. If the access fails, the namespace deletion will be blocked. In addition to the APIService objects created by users, add-ons like metrics-server and prometheus in the CCE cluster automatically create APIService objects.
                                                                                                                                                                                                                              
+
                                                                                                                                                                                                                              Possible Cause
                                                                                                                                                                                                                              If an APIService object exists in the cluster, deleting the namespace will first access the APIService object. If the access fails, the namespace deletion will be blocked. In addition to the APIService objects created by users, add-ons like metrics-server and prometheus in the CCE cluster automatically create APIService objects.
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                               
                                                                                                                                                                                                                              For details, see https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/.
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_faq_00326.html b/docs/cce/umn/cce_faq_00326.html
index cc20b1083..cf65390e3 100644
--- a/docs/cce/umn/cce_faq_00326.html
+++ b/docs/cce/umn/cce_faq_00326.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                                                              You can run the kubectl drain command to safely evict all pods from a node.
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                               
                                                                                                                                                                                                                              By default, the kubectl drain command retains some system pods, for example, everest-csi-driver.
                                                                                                                                                                                                                              
 
                                                                                                                                                                                                                              
-
                                                                                                                                                                                                                              1. Use kubectl to connect to the cluster.
                                                                                                                                                                                                                              2. Check the nodes in the cluster.
                                                                                                                                                                                                                                kubectl get node
                                                                                                                                                                                                                                
+
                                                                                                                                                                                                                                1. Use kubectl to access the cluster.
                                                                                                                                                                                                                                2. Check the nodes in the cluster.
                                                                                                                                                                                                                                  kubectl get node
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                3. Select a node and view all pods on the node.
                                                                                                                                                                                                                                  kubectl get pod --all-namespaces -owide --field-selector spec.nodeName=192.168.0.160
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                  The pods on the node before eviction are as follows:
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                  NAMESPACE     NAME                                      READY   STATUS    RESTARTS   AGE     IP              NODE            NOMINATED NODE   READINESS GATES
diff --git a/docs/cce/umn/cce_faq_00394.html b/docs/cce/umn/cce_faq_00394.html
index 1181c3b2f..79bbc2aeb 100644
--- a/docs/cce/umn/cce_faq_00394.html
+++ b/docs/cce/umn/cce_faq_00394.html
@@ -5,15 +5,15 @@
 
                                                                                                                                                                                                                                  Symptom
                                                                                                                                                                                                                                  The cluster cannot be deleted, and the following error information is displayed:
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                  Expected HTTP response code [200 202 204 404] when accessing [DELETE https://vpc.***.com/v2.0/security-groups/46311976-7743-4c7c-8249-ccd293bcae91], but got 409 instead {"code":"VPC.0602","message":"{\"NeutronError\":{\"message\": \"Security Group 46311976-7743-4c7c-8249-ccd293bcae91 in use.\",\"type\":\"SecurityGroupInUse\",\"detail\":\"\"}}"}
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  Possible Causes
                                                                                                                                                                                                                                  The cluster's security group has undeleted resources, preventing its deletion and causing the creation of the cluster to fail.
                                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                                  Possible Cause
                                                                                                                                                                                                                                  The cluster's security group has undeleted resources, preventing its deletion and causing the creation of the cluster to fail.
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                  Procedure
                                                                                                                                                                                                                                  1. Copy the resource ID in the error information, go to the Security Groups page of the VPC console, and obtain security groups by ID.
                                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                                  2. Click the security group to view its details, and click the Associated Instances tab.
                                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                                    Obtain other resources associated with the security group, such as servers, ENIs, and sub-ENIs. You can delete residual resources. The sub ENIs will be automatically deleted.
                                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                                    Obtain other resources associated with the security group, such as ENIs, sub-ENIs, and servers. You can delete the residual resources. The sub-ENIs will be automatically deleted.
                                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                                  3. For a residual ENI, go to the Network Interfaces page and delete the ENI obtained in the previous step.
                                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                                  4. For a residual ENI, go to the Network Interfaces page and delete the ENI obtained in the previous step.
                                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                                  5. Go to the Security Groups page to confirm that the security group is not associated with any instance. Then, go to the CCE console to delete the cluster.
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_faq_00397.html b/docs/cce/umn/cce_faq_00397.html
index a6811aa93..05f978b30 100644
--- a/docs/cce/umn/cce_faq_00397.html
+++ b/docs/cce/umn/cce_faq_00397.html
@@ -14,6 +14,8 @@
 
                                                                                                                                                                                                                                  4. 
 
                                                                                                                                                                                                                                4. Can I Use kubectl If the Cluster Management Permissions Are Not Configured?
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                  5. 
+
                                                                                                                                                                                                                                5. What Is an OBS Global Access Key and How Do I Check Whether a Global Access Key Is Used in a Cluster?
                                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                                  6. 
 
 
 
                                                                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_faq_00398.html b/docs/cce/umn/cce_faq_00398.html
index 706b7c496..679b33937 100644
--- a/docs/cce/umn/cce_faq_00398.html
+++ b/docs/cce/umn/cce_faq_00398.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                                                                  Namespace permissions and cluster management permissions are independent and complementary to each other.
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                  • Namespace permissions: apply to clusters and are used to manage operations on cluster resources (such as creating workloads).
                                                                                                                                                                                                                                  • Cluster management (IAM) permissions: apply to cloud services and used to manage CCE clusters and peripheral resources (such as VPC, ELB, and ECS).
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                  Administrators of the IAM Admin user group can grant cluster management permissions (such as CCE Administrator and CCE FullAccess) to IAM users or grant namespace permissions on a cluster on the CCE console. However, the permissions you have on the CCE console are determined by the IAM system policy. If the cluster management permissions are not configured, you do not have the permissions for accessing the CCE console.
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  If you only run kubectl commands to work on cluster resources, you only need to obtain the kubeconfig file with the namespace permissions. For details, see Can I Use kubectl If the Cluster Management Permissions Are Not Configured?. Note that information leakage may occur when you use the kubeconfig file.
                                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                                  If you only run kubectl commands to work on cluster resources, you only need to obtain the kubeconfig file with the namespace permissions. For details, see Can I Use kubectl If the Cluster Management Permissions Are Not Configured? Note that information leakage may occur when you use the kubeconfig file.
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_faq_00402.html b/docs/cce/umn/cce_faq_00402.html
index 4443dd1f9..2a7bfcdcf 100644
--- a/docs/cce/umn/cce_faq_00402.html
+++ b/docs/cce/umn/cce_faq_00402.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                                                                  Overview
                                                                                                                                                                                                                                  This section describes how to locate and rectify the fault if you fail to upgrade an add-on during the CCE cluster upgrade.
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  Procedure
                                                                                                                                                                                                                                  1. If the add-on fails to be upgraded, try again first. If the retry fails, perform the following steps to rectify the fault.
                                                                                                                                                                                                                                  2. If a failure message is displayed on the upgrade page, go to the Add-ons page to view the add-on status. For an abnormal add-on, click the add-on name to view details.
                                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                                    Procedure
                                                                                                                                                                                                                                    1. If the add-on fails to be upgraded, try again first. If the retry fails, perform the following operations to rectify the fault.
                                                                                                                                                                                                                                    2. If a failure message is displayed on the upgrade page, go to the Add-ons page to view the add-on status. For an abnormal add-on, click the add-on name to view details.
                                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                                    3. On the pod details page, click View Events in the Operation column of the abnormal pod.
                                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                                    4. Rectify the fault based on the exception information. For example, delete the pod that is not started or restart it.
                                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                                    5. After the processing is successful, the add-on status changes to Running. Ensure that all add-ons are in the Running status.
                                                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00404.html b/docs/cce/umn/cce_faq_00404.html
new file mode 100644
index 000000000..ad19d35f9
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00404.html
@@ -0,0 +1,313 @@
+
+
+
                                                                                                                                                                                                                                      How Can I Locate Faults Using an Exit Code?
                                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                                      When a container fails to be started or terminated, the exit code is recorded by Kubernetes events to report the cause. This section describes how to locate faults using an exit code.
                                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                                      Viewing an Exit Code
                                                                                                                                                                                                                                      You can use kubectl to connect to the cluster and run the following command to check the pod:
                                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                                      kubectl describe pod {pod name}
                                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                                      In the command output, the Exit Code field indicates the status code of the last program exit. If the value is not 0, the program exits abnormally. You can further analyze the cause through this code.
                                                                                                                                                                                                                                      Containers: 
+  container-1: 
+    Container ID: ... 
+    Image: ... 
+    Image ID: ... 
+    Ports: ... 
+    Host Ports: ... 
+    Args: ... 
+    State: Running    
+      Started: Sat, 28 Jan 2023 09:06:53 +0000 
+    Last State: Terminated    
+      Reason: Error    
+      Exit Code: 255    
+      Started: Sat, 28 Jan 2023 09:01:33 +0000    
+      Finished: Sat, 28 Jan 2023 09:05:11 +0000 
+    Ready: True 
+    Restart Count: 1
                                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                                      Description
                                                                                                                                                                                                                                      The exit code ranges from 0 to 255.
                                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                                      • If the exit code is 0, the container exits normally.
                                                                                                                                                                                                                                      • Generally, if the abnormal exit is caused by the program, the exit code ranges from 1 to 128. In special scenarios, the exit code ranges from 129 to 255.
                                                                                                                                                                                                                                      • When a program exits due to external interrupts, the exit code ranges from 129 to 255. When the operating system sends an interrupt signal to the program, the exist code is the interrupt signal value plus 128. For example, if the interrupt signal value of SIGKILL is 9, the exit status code is 137 (9 + 128).
                                                                                                                                                                                                                                      • If the exist code is not in the range of 0 to 255, for example, exit(-1), the exit code is automatically converted to a value that is within this range.
                                                                                                                                                                                                                                        If the exist code is a positive number, the conversion formula is as follows:
                                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                                        code % 256
                                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                                        If the exit code is a negative number, the conversion formula is as follows:
                                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                                        256 - (|code| % 256)
                                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                                      For details, see Exit Codes With Special Meanings.
                                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                                      Common Exit Codes
                                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                Table 8 Minimum configurations of outbound security group rules for the worker nodes
                                                                                                                                                                                                                Port
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allowed CIDR
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow traffic on the port for domain name resolution.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                UDP port 5353
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Container CIDR block
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow traffic on the port for CoreDNS domain name resolution.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                UDP port 4789 (required only by clusters that use the tunnel networks)
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                All IP addresses
                                                                                                                                                                                                                
@@ -695,21 +702,21 @@
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port 5443
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                CIDR block of master nodes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Master node CIDR block
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow kube-apiserver of the master nodes to listen to the worker nodes.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port 5444
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                CIDR blocks of the VPC and container
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                CIDR blocks of the VPC and containers
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Allow access from kube-apiserver, which provides lifecycle management for Kubernetes resources.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port 6443
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                CIDR block of master nodes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Master node CIDR block
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                None
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow the storage add-on of worker nodes to access master nodes.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow the storage add-on of the worker nodes to access the master nodes.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                TCP port 9443
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow the network add-on of the worker nodes to access master nodes.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow the network add-on of the worker nodes to access the master nodes.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                All ports
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                198.19.128.0/17
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow worker nodes to access the VPC Endpoint (VPCEP) service.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow access to VPC Endpoint (VPCEP).
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                UDP port 123
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                UDP port 123
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                100.126.0.0/16
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                100.125.0.0/16
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow worker nodes to access the internal NTP server.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow the worker nodes to access the internal NTP server.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                TCP port 443
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                TCP port 443
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                100.126.0.0/16
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                100.125.0.0/16
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow worker nodes to access OBS over internal networks to pull the installation package.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow the worker nodes to access OBS over internal networks to pull the installation package.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                TCP port 6443
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                TCP port 6443
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                100.126.0.0/16
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                100.125.0.0/16
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Allow worker nodes to report that the worker nodes are installed.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Allow the worker nodes to report that the worker nodes have been installed.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
 
 
 
                                                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                Table 1 Common exit codes
                                                                                                                                                                                                                Exit Code
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Name
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Description
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Normal exit
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The container exits normally. This status code does not always indicate that an exception occurs. When there is no process in the container, it may also be displayed.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                1
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Common program error
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                There are many causes for this exception, most of which are caused by the program. You need to further locate the cause through container logs. For example, this error occurs when an x86 image is running on an Arm node.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                125
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The container is not running.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The possible causes are as follows:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • An undefined flag is used in the command, for example, docker run --abcd.
                                                                                                                                                                                                                • The user-defined command in the image has insufficient permissions on the local host.
                                                                                                                                                                                                                • The container engine is incompatible with the host OS or hardware.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                126
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Command calling error
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The command called in the image cannot be executed. For example, the file permission is insufficient or the file cannot be executed.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                127
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The file or directory cannot be found.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The file or directory specified in the image cannot be found.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                128
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Invalid exit parameter
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The container exits but no valid exit code is provided. There are multiple possible causes. You need to further locate the cause. For example, an application running on the containerd node attempts to call the docker command.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                137
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Immediate termination (SIGKILL)
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The program is terminated by the SIGKILL signal. The common causes are as follows:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • The memory usage of the container in the pod reaches the resource limit. For example, OOM causes cgroup to forcibly stop the container.
                                                                                                                                                                                                                • If OOM occurs, the kernel of the node stops some processes to release the memory. As a result, the container may be terminated.
                                                                                                                                                                                                                • If the container health check fails, kubelet stops the container.
                                                                                                                                                                                                                • Other external processes, such as malicious scripts, forcibly stop the container.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                139
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Segmentation error (SIGSEGV)
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The container receives the SIGSEGV signal from the OS because the container attempts to access an unauthorized memory location.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                143
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Graceful termination (SIGTERM)
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The container is correctly closed as instructed by the host. Generally, this exit code 143 does not require troubleshooting.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                255
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The exit code is out of range.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The container exit code is out of range. For example, exit(-1) may be used for abnormal exit, and -1 is automatically converted to 255.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Further troubleshooting is required.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
+
                                                                                                                                                                                                                Linux Standard Interrupt Signals
                                                                                                                                                                                                                You can run the kill -l command to view the signals and corresponding values in the Linux OS.
                                                                                                                                                                                                                
+
+
                                                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                Table 2 Common Linux standard interrupt signals
                                                                                                                                                                                                                Signal
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Value
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Action
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Commit
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGHUP
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                1
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Term
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Sent when the user terminal connection (normal or abnormal) ends.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGINT
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                2
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Term
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Program termination signal, which is sent by the terminal by pressing Ctrl+C.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGQUIT
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                3
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Core
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Similar to SIGINT, the exit command is sent by the terminal. Generally, the exit command is controlled by pressing Ctrl+\.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGILL
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                4
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Core
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Invalid instruction, usually because an error occurs in the executable file.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGABRT
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                6
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Core
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Signal generated when the abort function is invoked. The process ends abnormally.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGFPE
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                8
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Core
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                A floating-point arithmetic error occurs. Other arithmetic errors such as divisor 0 also occur.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGKILL
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                9
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Term
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Any process is terminated.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGSEGV
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                11
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Core
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Attempt to access an unauthorized memory location.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGPIPE
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                13
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Term
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The pipe is disconnected.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGALRM
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                14
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Term
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Indicates clock timing.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGTERM
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                15
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Term
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Process end signal, which is usually the normal exit of the program.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGUSR1
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                10
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Term
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                This is a user-defined signal in applications.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGUSR2
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                12
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Term
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                This is a user-defined signal in applications.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGCHLD
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                17
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Ign
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                This signal is generated when a subprocess ends or is interrupted.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGCONT
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                18
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Cont
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Resume a stopped process.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGSTOP
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                19
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Stop
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Suspend the execution of a process.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGTSTP
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                20
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Stop
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Stop a process.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGTTIN
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                21
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Stop
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The background process reads the input value from the terminal.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SIGTTOU
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                22
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Stop
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The background process reads the output value from the terminal.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
+
+
diff --git a/docs/cce/umn/cce_faq_00409.html b/docs/cce/umn/cce_faq_00409.html
index 70a979bd4..30425cb8d 100644
--- a/docs/cce/umn/cce_faq_00409.html
+++ b/docs/cce/umn/cce_faq_00409.html
@@ -34,7 +34,7 @@
 
                                                                                                                                                                                                                 NOTE: 
                                                                                                                                                                                                                This issue has been resolved in Linux kernel 5.9. Since Kubernetes 1.22, kube-proxy does not modify the net.ipv4.vs.conn_reuse_mode parameter of nodes that use the kernel 5.9 or later. For details, see Don't set sysctl net.ipv4.vs.conn_reuse_mode for kernels >=5.9.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
-
                                                                                                                                                                                                                If the IPVS service forwarding mode is used in CCE clusters of 1.19.16-r0 or later, the value of net.ipv4.vs.conn_reuse_mode varies with the kernel versions of node OSs.
                                                                                                                                                                                                                • For a node running EulerOS 2.5, if the kernel version is earlier than 4.1, kube-proxy will keep net.ipv4.vs.conn_reuse_mode at 1. This results in Problem 2, which is, there is a 1-second latency in the high-concurrency scenarios.
                                                                                                                                                                                                                • For a node running EulerOS 2.9, if the kernel version is too early, kube-proxy will set net.ipv4.vs.conn_reuse_mode to 0. This results in Problem 1. To resolve this problem, upgrade the kernel version. For details, see Rectification Plan.
                                                                                                                                                                                                                • For a node running HCE OS 2.0 or Ubuntu 22.04, if the kernel version is later than 5.9, the problem has been resolved.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the IPVS service forwarding mode is used in CCE clusters of 1.19.16-r0 or later, the value of net.ipv4.vs.conn_reuse_mode varies with the kernel versions of node OSs.
                                                                                                                                                                                                                • For a node running EulerOS 2.5, the kernel version is earlier than 4.1. The value of net.ipv4.vs.conn_reuse_mode is 1. This results in Problem 2: There is a 1-second latency in the high-concurrency scenarios.
                                                                                                                                                                                                                • For a node running EulerOS 2.9, the kernel version is too early. kube-proxy will set net.ipv4.vs.conn_reuse_mode to 0. This results in Problem 1. To resolve this problem, upgrade the kernel version. For details, see Rectification Plan.
                                                                                                                                                                                                                • For a node running HCE OS 2.0 or Ubuntu 22.04, the kernel version is later than 5.9. The problem has been resolved.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Configuring Resource Quotas for Other Add-ons
                                                                                                                                                                                                                Resource quotas of other add-ons may also be insufficient due to cluster scale expansion. If, for example, the CPU or memory usage of the add-on pods increases and even OOM occurs, modify the resource quotas as required.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                For example, the resources occupied by the kube-prometheus-stack add-on are related to the number of pods in the cluster. If the cluster scale is expanded, the number of pods may also grow. In this case, increase the resource quotas of the prometheus pods.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                For example, the resources occupied by the Cloud Native Cluster Monitoring add-on are related to the number of pods in the cluster. If the cluster scale is expanded, the number of pods may also grow. In this case, increase the resource quotas of the add-on pods.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00432.html b/docs/cce/umn/cce_faq_00432.html
index dc2009696..4920ec40f 100644
--- a/docs/cce/umn/cce_faq_00432.html
+++ b/docs/cce/umn/cce_faq_00432.html
@@ -30,8 +30,7 @@
 
                                                                                                                                                                                                                Security group [*****] not found
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                This issue can arise in the following scenarios:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                A custom security group is set up for the node pool but gets deleted, so the node pool scale-out fails.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                No custom security group is configured for the node pool and the default security group is deleted, so the node pool scale-out fails.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • A custom security group is set up for the node pool but gets deleted, so the node pool scale-out fails.
                                                                                                                                                                                                                • No custom security group is configured for the node pool and the default security group is deleted, so the node pool scale-out fails.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                The Security Group Specified by the Node Pool Deleted
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
 
 
 
 
                                                                                                                                                                                                                The ECS group does not exist (ServerGroupNotExists).
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                The ECS group to which the node pool belongs is not present. This may be because you manually deleted the ECS group.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                1. Log in to the CCE console. In the navigation pane, choose Nodes, click the Node Pools tab, and click the name of the target node pool. Click the Overview tab, click Expand, and check the ECS group to which the node pool belongs.
                                                                                                                                                                                                                2. Log in to the ECS console. In the navigation pane, choose Elastic Cloud Server > ECS Group and see if the target ECS group is present.
                                                                                                                                                                                                                3. If the ECS group is not present, log in to the CCE console. In the navigation pane, choose Nodes, click the Node Pools tab, locate the row containing the target node pool, and click Update. In the Advanced Settings area, unbind or change the ECS group.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                1. Log in to the CCE console. In the navigation pane, choose Nodes, click the Node Pools tab, and click the name of the target node pool. Click the Overview tab, click Expand, and check the ECS group to which the node pool belongs.
                                                                                                                                                                                                                2. Log in to the ECS console. In the navigation pane, choose Elastic Cloud Server > ECS Group and see if the target ECS group is present.
                                                                                                                                                                                                                3. If the ECS group is not present, log in to the CCE console. In the navigation pane, choose Nodes, click the Node Pools tab, locate the row containing the target node pool, and click Update. In the Advanced Settings area, unbind or change the ECS group.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                InstanceAboveServerGroup
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                The number of ECSs in the ECS group exceeds the upper limit.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                1. Log in to the CCE console. In the navigation pane, choose Nodes, click the Node Pools tab, and click the name of the target node pool. Click the Overview tab, click Expand, and check the ECS group to which the node pool belongs.
                                                                                                                                                                                                                2. Log in to the ECS console, choose Elastic Cloud Server > ECS Group in the navigation pane, and check the quota of the target ECS group.
                                                                                                                                                                                                                3. If the quota is insufficient, log in to the CCE console. In the navigation pane, choose Nodes, click the Node Pools tab, locate the row containing the target node pool, and click Update. In the Advanced Settings area, unbind or change the ECS group.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                1. Log in to the CCE console. In the navigation pane, choose Nodes, click the Node Pools tab, and click the name of the target node pool. Click the Overview tab, click Expand, and check the ECS group to which the node pool belongs.
                                                                                                                                                                                                                2. Log in to the ECS console, choose Elastic Cloud Server > ECS Group in the navigation pane, and check the quota of the target ECS group.
                                                                                                                                                                                                                3. If the quota is insufficient, log in to the CCE console. In the navigation pane, choose Nodes, click the Node Pools tab, locate the row containing the target node pool, and click Update. In the Advanced Settings area, unbind or change the ECS group.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
 
 
 
 
 
 
                                                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                Cause
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Symptom
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Solution
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The certificate has expired.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The error similar to the following is displayed when the curl command is executed:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SSL certificate problem: certificate has expired
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Replace the certificate in a timely manner.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                An unmatched HTTPS certificate chain is used by a client to verify the HTTPS certificate configured for the LoadBalancer ingress.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The error similar to the following is displayed when the curl command is executed:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SSL certificate problem: unable to get local issuer certificate
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Ensure that the HTTPS certificate chain on the client matches the certificate configured for the LoadBalancer ingress.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                No domain name is specified when a certificate is created.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The error similar to the following is displayed when the curl command is executed:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SSL: unable to obtain common name from peer certificate
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Specify a domain name when creating a certificate.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The domain name to be accessed is different from the domain name of the HTTPS certificate.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The error similar to the following is displayed when the curl command is executed:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SSL: certificate subject name 'example.com' does not match target host name 'test.com'
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Configure a certificate that matches the domain name for the ingress.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                 
                                                                                                                                                                                                                You can run the following command to check the certificate information, such as expiration time and domain name. ca.crt specifies the certificate path.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                openssl x509 -in ca.crt -subject -noout -text
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Updating a Certificate
                                                                                                                                                                                                                • To update a TLS certificate, modify the secret where the certificate is imported to on CCE. The TLS certificate is imported to a secret first. CCE then automatically handles the certificate configurations on the ELB console and gives a name to the certificate (started with k8s_plb_default). This certificate, which is generated by CCE, cannot be modified or deleted from the ELB console.
                                                                                                                                                                                                                • To update a certificate created on the ELB console, modify the certificate on the ELB console. There is no need to manually set up the cluster secret.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: Network Exception Troubleshooting
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_faq_00460.html b/docs/cce/umn/cce_faq_00460.html
index 4996d035b..677ed6831 100644
--- a/docs/cce/umn/cce_faq_00460.html
+++ b/docs/cce/umn/cce_faq_00460.html
@@ -2,9 +2,8 @@
 
 
                                                                                                                                                                                                                How Can I Determine Which Ingress the Listener Settings Have Been Applied To?
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                With CCE, you can associate multiple ingresses with a single load balancer listener and establish various forwarding policies. Listener configuration parameters are stored in annotations, which means that a listener can have different configuration parameters on different ingresses. This section describes how to determine which ingress the listener settings are applied to. It covers:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                • Obtaining the first ingress
                                                                                                                                                                                                                • Configuring and updating a listener certificate
                                                                                                                                                                                                                • Impacts of deleting the first ingress on listener settings and configuration synchronization
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Obtaining the First Ingress
                                                                                                                                                                                                                Listener parameters can be configured for all ingresses associated with the same listener, so CCE uses the listener annotation configurations (excluding SNI certificates) from the earliest created ingress (the first ingress). The first ingress is determined by sorting the metadata.createTimestamp fields of the ingresses in ascending order.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                • The first ingress information is written into annotations in clusters of v1.21.15-r0, v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, v1.29.1-r0, and later. You can check kubernetes.io/elb.listener-master-ingress in the annotations of the existing ingresses.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Determining Which Ingress the Listener Settings Have Been Applied To
                                                                                                                                                                                                                  Listener parameters can be configured for all ingresses associated with the same listener, so CCE uses the listener annotation configurations (excluding SNI certificates) from the earliest created ingress (the first ingress). The first ingress is determined by sorting the metadata.createTimestamp fields of the ingresses in ascending order.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  • The first ingress information is written into annotations in clusters of v1.21.15-r0, v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, v1.29.1-r0, and later. You can check kubernetes.io/elb.listener-master-ingress in the annotations of the existing ingresses.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  • To get the first ingress in clusters earlier than v1.21.15-r0, v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, and v1.29.1-r0, use the kubectl command to obtain the ingresses associated with the same load balancer listener, sort these ingresses in ascending order, based on their creation time, and check the first one.
                                                                                                                                                                                                                    The query command is as follows: (Replace the load balancer ID and port number as needed.)
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    elb_id=${1}
 elb_port=${2}
@@ -17,11 +16,12 @@ ingress-third    test        be56202a-c2cb-40d5-900e-d7a007a4b054   443       &l
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  Configuring and Updating a Listener Certificate
                                                                                                                                                                                                                  You can configure an ingress certificate in a cluster using either of the following methods:
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  • Use a TLS certificate, keep it as a secret, and manage it on CCE. TLS certificates are configured using the spec.tls fields in ingresses. They will be automatically created, updated, or deleted via the ELB console.
                                                                                                                                                                                                                  • Use a certificate created in the ELB service. The certificate content is maintained on the ELB console. Such certificates are configured in the annotation fields in ingresses.
                                                                                                                                                                                                                    ELB server certificates are also maintained on the ELB console, so you do not need to import the certificate content to CCE secrets. This allows for unified cross-namespace configuration. It is recommended that you use ELB server certificates to configure the certificates for ingresses.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    • Use a TLS certificate, keep it as a secret, and manage it on CCE. TLS certificates are configured using the spec.tls fields in ingresses. They will be automatically created, updated, or deleted via the ELB console.
                                                                                                                                                                                                                    • Use a certificate created in the ELB service. The certificate content is maintained on the ELB console. Such certificates are configured in the annotation fields in ingresses.
                                                                                                                                                                                                                      ELB server certificates are also maintained on the ELB console, so you do not need to import the certificate content to CCE secrets. This allows for unified cross-namespace configuration. It is recommended that you use ELB server certificates to configure the certificates for ingresses.
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                      ELB server certificates are supported in clusters of versions v1.19.16-r2, v1.21.5-r0, and v1.23.3-r0.
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    To update the listener server certificate created by an ingress using a TLS certificate, follow these steps:
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    1. Check the command in Obtaining the First Ingress and obtain all ingresses associated with the same listener.
                                                                                                                                                                                                                      Name             Namespace   elbID                                  elbPort   elbPorts
+
                                                                                                                                                                                                                      1. Check the command in Determining Which Ingress the Listener Settings Have Been Applied To and obtain all ingresses associated with the same listener.
                                                                                                                                                                                                                        The command output is as follows:
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        Name             Namespace   elbID                                  elbPort   elbPorts
 ingress-first    default     be56202a-c2cb-40d5-900e-d7a007a4b054   443       <none>
 ingress-second   default     be56202a-c2cb-40d5-900e-d7a007a4b054   443       <none>
 ingress-third    test        be56202a-c2cb-40d5-900e-d7a007a4b054   443       <none>
                                                                                                                                                                                                                        
@@ -38,16 +38,17 @@ spec:
         - 'example.com'
       secretName: default-ns-secret-2
 ...
                                                                                                                                                                                                                      
-
                                                                                                                                                                                                                    2. Update the configurations of default-ns-secrert-1 and default-ns-secret-2 in the first ingress.
                                                                                                                                                                                                                    3. After the key is updated, log in to the network console. In the navigation pane, choose Elastic Load Balance > Certificates. In the right pane, check whether the server certificate has been updated based on the update time.
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                • Update the configurations of default-ns-secret-1 and default-ns-secret-2 in the first ingress.
                                                                                                                                                                                                                • After the key is updated, log in to the network console. In the navigation pane, choose Elastic Load Balance > Certificates. In the right pane, check whether the server certificate has been updated based on the update time.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                To update the listener server certificate created by an ingress using an ELB certificate, follow these steps:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                1. On the ELB console, obtain the ID of the server certificate used by the load balancer listener.
                                                                                                                                                                                                                  1. Log in to the network console. In the navigation pane, choose Elastic Load Balance > Load Balancers. In the right pane, click the name of the target load balancer.
                                                                                                                                                                                                                  2. Click the Listeners tab and click the name of the target listener to go to the details page.
                                                                                                                                                                                                                  3. On the Summary tab, obtain the server certificate ID.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                2. In the navigation pane, choose Elastic Load Balance > Certificates, search for the certificate based on the obtained server certificate ID, locate the row containing the target certificate, and click Modify in the Operation column.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                1. On the ELB console, obtain the ID of the server certificate used by the load balancer listener.
                                                                                                                                                                                                                  1. Log in to the network console. In the navigation pane, choose Elastic Load Balance > Load Balancers. In the right pane, click the name of the target load balancer.
                                                                                                                                                                                                                  2. Click the Listeners tab and click the name of the target listener to go to the details page.
                                                                                                                                                                                                                  3. On the Summary tab, obtain the server certificate ID.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                2. In the navigation pane, choose Elastic Load Balance > Certificates, search for the certificate based on the obtained server certificate ID, locate the row containing the target certificate, and click Modify in the Operation column.
                                                                                                                                                                                                                
+
 
                                                                                                                                                                                                                Impacts of Deleting the First Ingress on Listener Settings
                                                                                                                                                                                                                Listener settings only apply to the first ingress configuration (excluding SNI certificates). If the first ingress is deleted, the earliest created ingress in use becomes the new first ingress, and the listener settings will be updated accordingly. This means that if the listener settings of the old and new first ingresses are different, there may be unexpected updates on the ELB console. To avoid this, check if the listener configuration of the ingress that will become the new first ingress is the same as the one for the original first ingress, or otherwise meets your expectations.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                • You can synchronize the listener settings on the console. The procedure is as follows:
                                                                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                                  2. In the navigation pane, choose Services, click the Ingresses tab, and choose More > Update in the Operation column.
                                                                                                                                                                                                                  3. Click Synchronize to automatically synchronize the server certificate. This option is available when the listener settings of the ingress are inconsistent with those of the load balancer.
                                                                                                                                                                                                                     
                                                                                                                                                                                                                    If you synchronize a server certificate and an SNI certificate, and the current ingress is using a TLS key, the certificate will be replaced with an ELB server certificate. If the cluster version is earlier than v1.19.16-r2, v1.21.5-r0, v1.23.3-r0 and does not support ELB server certificates, you need to manually synchronize the configurations using YAML.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  4. Click OK to apply the modification.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                • You can manually synchronize the listener settings using YAML. The procedure is as follows:
                                                                                                                                                                                                                  1. Check the command in Obtaining the First Ingress and obtain all ingresses associated with the same listener.
                                                                                                                                                                                                                    Name             Namespace   elbID                                  elbPort   elbPorts
+
                                                                                                                                                                                                                  2. You can manually synchronize the listener settings using YAML. The procedure is as follows:
                                                                                                                                                                                                                    1. Check the command in Determining Which Ingress the Listener Settings Have Been Applied To and obtain all ingresses associated with the same listener.
                                                                                                                                                                                                                      The command output is as follows:
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Name             Namespace   elbID                                  elbPort   elbPorts
 ingress-first    default     be56202a-c2cb-40d5-900e-d7a007a4b054   443       <none>
 ingress-second   default     be56202a-c2cb-40d5-900e-d7a007a4b054   443       <none>
 ingress-third    test        be56202a-c2cb-40d5-900e-d7a007a4b054   443       <none>
                                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00468.html b/docs/cce/umn/cce_faq_00468.html
new file mode 100644
index 000000000..e4430e4b2
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00468.html
@@ -0,0 +1,486 @@
+
+
+
                                                                                                                                                                                                                      How Can I Locate a Fault That Occurs with a Node?
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Fault Locating
                                                                                                                                                                                                                      CCE allows you to locate a node fault using the CCE Node Problem Detector add-on (Locating a Node Fault Using the CCE Node Problem Detector Add-on). You can also refer to Locating a Node Fault by Performing a Self-Check to locate the fault.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      If the fault persists, submit a service ticket.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Locating a Node Fault Using the CCE Node Problem Detector Add-on
                                                                                                                                                                                                                      CCE provides an add-on called CCE Node Problem Detector for you to locate faults occurred with nodes. In 1.16.0 and later versions of this add-on, a large number of check items have been added. They allow you to detect the exceptions of resources and components on nodes and locate the faults.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      It is strongly recommended that you install this add-on or upgrade it to version 1.16.0 or later.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      With this add-on, if an exception occurs with a node, you can view the abnormal metrics on the console.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      You can also view the events reported by the add-on in node events and locate the faults based on the events.
                                                                                                                                                                                                                      
+
+
                                                                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                      Table 1 Fault events
                                                                                                                                                                                                                      Event
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Description
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      OOMKilling
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check whether OOM events occurred and are reported.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Handling suggestions: Check Item 1: Whether the Node Is Overloaded
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      TaskHung
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check whether taskHung events occurred and are reported.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      KernelOops
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check the kernel null pointer panic errors.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      ConntrackFull
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check whether the conntrack table is full.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      FrequentKubeletRestart
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check whether kubelet restarts frequently.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      FrequentDockerRestart
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check whether Docker restarts frequently.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      FrequentContainerdRestart
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check whether containerd restarts frequently.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      CRIProblem
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check the CRI components.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      KUBELETProblem
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check the kubelet.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      NTPProblem
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check the NTP service.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      PIDProblem
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check whether PIDs are sufficient.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      FDProblem
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check whether file handles are sufficient.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      MemoryProblem
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check whether the overall node memory is sufficient.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      CNIProblem
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check the CNI components.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      KUBEPROXYProblem
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check the kube-proxy.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      ReadonlyFilesystem
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check whether the Remount root filesystem read-only error occurred in the system kernel.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Possible cause: The data disks were detached from the ECS by mistake, or the VDB disk of the node has been deleted.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Handling suggestions:
                                                                                                                                                                                                                      
+
+
                                                                                                                                                                                                                      DiskReadonly
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check whether the system disk, Docker disk, and kubelet disk are read-only.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Possible cause: The data disks were detached from the ECS by mistake, or the VDB disk of the node has been deleted.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Handling suggestions:
                                                                                                                                                                                                                      
+
+
                                                                                                                                                                                                                      DiskProblem
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check the disk usage and whether the key logical disk is properly attached to the node.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check the usage of the system disk, Docker disk, and kubelet disk, and check whether the Docker and kubelet disks are properly attached to the ECS.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      PIDPressure
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check whether PIDs are sufficient.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Handling suggestions: If there are not enough PIDs available, adjust the upper limit of PIDs as needed.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      MemoryPressure
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check whether the allocable memory for the containers is sufficient.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      DiskPressure
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check the usage of kubelet and Docker disks and inodes.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Handling suggestions: Expand the capacity of the data disks.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Locating a Node Fault by Performing a Self-Check
                                                                                                                                                                                                                      Figure 1 Performing a self-check
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      1. Log in to the CCE console.
                                                                                                                                                                                                                      2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Nodes tab.
                                                                                                                                                                                                                      3. Locate the row containing the target node, choose More > View YAML in the Operation column, and check the Status field of the node.
                                                                                                                                                                                                                        The node is in the NotReady state.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        • Check the node status and verify whether the value of PIDPressure, DiskPressure, or MemoryPressure becomes True. If any of them becomes True, you can find the appropriate solution based on the exception keyword.
                                                                                                                                                                                                                        • Check the key components on the node and the logs of these components. The key components on a node include a kubelet and the node runtime (Docker or containerd). For details, see Checking Key Components of the Node.
                                                                                                                                                                                                                          • Check the kubelet.
                                                                                                                                                                                                                            Check whether the kubelet and its logs are normal. If there is an exception, see Abnormal kubelet.
                                                                                                                                                                                                                            
+
                                                                                                                                                                                                                          • Check the runtime (Docker or containerd).
                                                                                                                                                                                                                            • Check the runtime of the node. If you are not sure whether the runtime is Docker or containerd, log in to the CCE console and view the runtime of the node.
                                                                                                                                                                                                                            • If there is an exception, see Abnormal Runtime.
                                                                                                                                                                                                                            
+
                                                                                                                                                                                                                          • Check the NTP.
                                                                                                                                                                                                                            • Check whether the NTP, its logs, and the configurations are normal.
                                                                                                                                                                                                                            • If there is an exception, see Abnormal NTP.
                                                                                                                                                                                                                            
+
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                        • Check the node monitoring data and see whether the CPU, memory, and network resources of the node are normal. If there is an exception, rectify the fault by referring to Memory Pressure.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        The node is in the Unknown state.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        • Log in to the ECS console and check whether the node is present in the ECS list.
                                                                                                                                                                                                                        • Check whether the node is running properly.
                                                                                                                                                                                                                        • Check the key components on the node and the logs of these components. The key components on a node include a kubelet and the node runtime (Docker or containerd). For details, see Checking Key Components of the Node.
                                                                                                                                                                                                                          • Check the kubelet.
                                                                                                                                                                                                                            • Check whether the kubelet and its logs are normal. If there is an exception, see Abnormal kubelet.
                                                                                                                                                                                                                            
+
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                        • Check the network connectivity of the node.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Common Problems and Troubleshooting Methods
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Checking a Node
                                                                                                                                                                                                                      1. Log in to the CCE console.
                                                                                                                                                                                                                      2. Click the name of the target cluster to access the cluster console.
                                                                                                                                                                                                                      3. In the navigation pane, choose Nodes. In the right pane, click the Nodes tab, locate the row containing the unavailable node, and view its status. (If NPD 1.6.10 or a later version is installed in the cluster, you will see a message indicating that the metrics for the unavailable node are abnormal. In this case, you can move the cursor to the upper part to view the specific problem. If the add-on is not installed, you can rectify the fault by referring to the check items.)
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Checking the Node Monitoring Data
                                                                                                                                                                                                                      1. Log in to the CCE console.
                                                                                                                                                                                                                      2. Click the name of the target cluster to access the cluster console.
                                                                                                                                                                                                                      3. In the navigation pane, choose Nodes. In the right pane, click the Nodes tab, locate the row containing the abnormal node, and click Monitor in the Operation column.
                                                                                                                                                                                                                        On the top of the displayed page, click More Monitoring Data to go to the AOM console and view historical monitoring records. If the CPU or memory usage of the node is too high, it can lead to high network latency or trigger system OOM, causing the node to be marked as unavailable.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Checking the Node Events
                                                                                                                                                                                                                      1. Log in to the CCE console.
                                                                                                                                                                                                                      2. Click the name of the target cluster to access the cluster console.
                                                                                                                                                                                                                      3. In the navigation pane, choose Nodes. In the right pane, click the Nodes tab, locate the row containing the abnormal node, click View Events in the Operation column, and check whether any abnormal event is reported. (The NPD add-on must be installed.)
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Verifying Whether the ECS Has Been Deleted or Is Faulty
                                                                                                                                                                                                                      1. Log in to the CCE console, click the name of the target cluster to access the cluster console, and view the name of the unavailable node.
                                                                                                                                                                                                                      2. Log in to the ECS console, search for the node, and check the ECS status.
                                                                                                                                                                                                                        • If the ECS has been deleted, go back to the CCE console, delete the node from the node list, and create another one.
                                                                                                                                                                                                                        • If the ECS is stopped or frozen, restore it first. It takes about 3 minutes to restore the node.
                                                                                                                                                                                                                        • If the ECS is faulty, restart it to rectify the fault.
                                                                                                                                                                                                                        • If the ECS is available, rectify the fault by referring to Checking Key Components of the Node.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Verifying Whether the ECS Can Be Logged In
                                                                                                                                                                                                                      1. Log in to the ECS console.
                                                                                                                                                                                                                      2. Check whether the node name displayed on the ECS console is the same as that on the VM and whether the password or key can be used to log in to the node.
                                                                                                                                                                                                                        If the node names are inconsistent and the password or key cannot be used to log in to the node, Cloud-Init problems occurred when the ECS was created. In this case, you can restart the node and then submit a service ticket to the ECS personnel to locate the root cause.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Checking the Node Security Group
                                                                                                                                                                                                                      • The node security group was changed.
                                                                                                                                                                                                                        1. Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups and find the master node security group of the cluster.
                                                                                                                                                                                                                        2. Search for the name of the security group that contains the cluster name and -cce-control-. The name of a master node security group is in the format of cluster-name-cce-control-random-ID.
                                                                                                                                                                                                                        3. Check whether the security group rules have been changed. For details about security groups, see How Can I Configure a Security Group Rule for a Cluster?
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      • The node security group rules must contain a policy that allows the communication between the master nodes and the worker nodes.
                                                                                                                                                                                                                        • Check whether such a security group policy is present.
                                                                                                                                                                                                                        • When adding a node to the cluster, add the security group rules listed in Table 2 to the cluster-name-cce-control-random-ID security group to ensure the availability of the added node. This is necessary if a secondary CIDR block is added to the VPC of the node subnet and the subnet is in the secondary CIDR block. However, if a secondary CIDR block has already been added to the VPC during cluster creation, this step is not required.
                                                                                                                                                                                                                        • For details about security groups, see How Can I Configure a Security Group Rule for a Cluster?
+
                                                                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                          Table 2 Security group rules to be added
                                                                                                                                                                                                                          Protocol and Port
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          Type
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          Source IP Address
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          TCP port 8445
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          IPv4
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          The new secondary CIDR block where the subnet is in
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          TCP port 9443
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          IPv4
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          The new secondary CIDR block where the subnet is in
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          TCP port 5444
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          IPv4
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          The new secondary CIDR block where the subnet is in
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Checking the Disks Attached to the Node
                                                                                                                                                                                                                      • By default, a 100-GiB data disk is attached to a node for runtime purposes. You have the option to attach additional data disks to the node if needed. If the data disk is detached or damaged, the runtime becomes abnormal and the node becomes unavailable.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • You need to check whether the data disks of the node are detached from it. If they are, you are advised to create a node and delete the unavailable node. (To minimize risks, you are not advised to perform operations on the CCE nodes through the ECS console.)
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Checking Key Components of the Node
                                                                                                                                                                                                                      kubelet
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • Check the kubelet.
                                                                                                                                                                                                                        Log in to the target node, run the following command on it, and check the kubelet:
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        systemctl status kubelet
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        The following shows an example of the expected output.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • View the kubelet logs.
                                                                                                                                                                                                                        Log in to the target node, run the following command on it, and check the kubelet:
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        journalctl -u kubelet
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Runtime
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • Docker
                                                                                                                                                                                                                        • Check the Docker runtime.
                                                                                                                                                                                                                          Log in to the target node, run the following command on it, and check the Docker process:
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          systemctl status docker
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          The following shows an example of the expected output.
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        • View the Docker logs.
                                                                                                                                                                                                                          Log in to the target node, run the following command on it, and check the Docker logs:
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          journalctl -u docker
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      • containerd
                                                                                                                                                                                                                        • Check the containerd runtime.
                                                                                                                                                                                                                          Log in to the target node, run the following command on it, and check the containerd process:
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          systemctl status containerd
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          The following shows an example of the expected output.
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        • View the containerd logs.
                                                                                                                                                                                                                          Log in to the target node, run the following command on it, and check the containerd logs:
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          journalctl -u containerd
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      • NTP
                                                                                                                                                                                                                        • Check whether the NTP is normal.
                                                                                                                                                                                                                          Log in to the target node, run the following command on it, and check the chronyd process:
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          systemctl status chronyd
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          The following shows an example of the expected output.
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        • View the NTP logs.
                                                                                                                                                                                                                          Log in to the target node, run the following command on it, and check the NTP logs:
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          journalctl -u chronyd
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Verifying Whether the Node DNS Address Is Properly Configured
                                                                                                                                                                                                                      • Log in to the target node and check whether any domain name resolution failure is recorded in /var/log/cloud-init-output.log:
                                                                                                                                                                                                                        cat /var/log/cloud-init-output.log | grep resolv
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        If information similar to the following is displayed, the domain name cannot be resolved:
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        Could not resolve host: xxx ; Unknown error
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      • Ping the domain name that cannot be resolved on the node:
                                                                                                                                                                                                                        ping xxx
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        If the domain name cannot be pinged, the DNS cannot resolve the IP address. You need to verify if the DNS address in the /etc/resolv.conf file matches the configuration on the VPC subnet. In most cases, the DNS address in the file is improperly configured, leading to the inability to resolve domain names.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Common Issues and Solutions
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      PID Pressure
                                                                                                                                                                                                                      Possible cause
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      The pods on the node are using up a large number of PIDs, causing a shortage of available PIDs on the node. By default, CCE reserves 10% of the available PIDs for pods.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      If the number of available PIDs on a node is lower than the specified value of pid.available, the PIDPressure of the node will be set to True, resulting in the eviction of pods running on that node. For details about node eviction, see Node-pressure Eviction.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Solution
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      1. Check the maximum number of PIDs on the node and the processes that use the most PIDs:
                                                                                                                                                                                                                        sysctl kernel.pid_max # Check the maximum number of PIDs.
+ps -eLf|awk '{print $2}' | sort -rn| head -n 1 #: Check the processes that use the most PIDs on the node.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      2. Check the top five processes that use the most PIDs:
                                                                                                                                                                                                                        ps -elT | awk '{print $4}' | sort | uniq -c | sort -k1 -g | tail -5
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        The following shows an example of the expected output:
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        17 1211619
+18 3739112
+18 5299
+24 964
+25 3739756
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        The first column shows the number of PIDs used by each process, while the second column displays the current process IDs. You can locate the process and associated pods with the given process ID, analyze the reason for excessive PID usage, and optimize the relevant code accordingly.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      3. Reduce the load of the node.
                                                                                                                                                                                                                      4. To restart the node, go to the ECS console and restart it. (Be cautious when restarting the node because it may cause interruptions to your services.)
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Memory Pressure
                                                                                                                                                                                                                      Possible cause
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      The pods on the node are using up a large amount of memory, causing a shortage of available memory on the node. By default, the available memory of a CCE node is 100 MiB.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • If the number of available memory resources on a node is lower than the specified value of memory.available, the MemoryPressure of the node will be set to True, resulting in the eviction of pods running on that node. For details about node eviction, see Node-pressure Eviction.
                                                                                                                                                                                                                      • If the memory of a node is not enough, the following message will show:
                                                                                                                                                                                                                        • The value of MemoryPressure becomes True.
                                                                                                                                                                                                                        • When some pods on the node are evicted:
                                                                                                                                                                                                                          • You can see "The node was low on resource: memory" in the events of the evicted pods.
                                                                                                                                                                                                                          • You can see "attempting to reclaim memory" in the node events.
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                        • The system OOM may behave abnormally. If such an error occurs, you can see "System OOM" in the node events.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Solution
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • Check the node memory usage through the node monitoring data, identify the time when the exception occurs, and verify if there is any memory leak in the processes on the node. For details, see Checking the Node Monitoring Data.
                                                                                                                                                                                                                      • Reduce the load of the node.
                                                                                                                                                                                                                      • To restart the node, go to the ECS console and restart it. (Be cautious when restarting the node because it may cause interruptions to your services.)
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Disk Pressure
                                                                                                                                                                                                                      Possible cause
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      The root file system, image file system, or container file system on the node is consuming excessive disk space and inodes, surpassing the eviction threshold. This leads to the nodefs.available, nodefs.inodesFree, imagefs.available, or imagefs.inodesFree metric met the eviction threshold, causing disk pressure. The table below shows the default values for these parameters.
+
                                                                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                      Parameter
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Description
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Default Value
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      nodefs.available
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Percentage of the available capacity in the file system used by kubelet.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      10%
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      nodefs.inodesFree
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Percentage of available inodes in the file system used by kubelet.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      5%
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      imagefs.available
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Percentage of the available capacity in the file system used by container runtimes to store resources such as images.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      10%
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      imagefs.inodesFree
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Percentage of available inodes in the file system used by container runtimes to store resources such as images.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      5%
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • If the available disk space on the node is less than the value of imagefs.available, the value of DiskPressure of the node becomes True.
                                                                                                                                                                                                                      • If the available disk space is less than the value of nodefs.available, all pods on the node will be evicted. For details about node eviction, see Node-pressure Eviction.
                                                                                                                                                                                                                      • If the disk space on the node is insufficient, the following message will show:
                                                                                                                                                                                                                        • The value of DiskPressure becomes True.
                                                                                                                                                                                                                        • If the disk space remains insufficient to meet the healthy threshold (defaulted at 80%) even after the image reclaim policy is triggered, you can see "failed to garbage collect required amount of images" in the node events.
                                                                                                                                                                                                                        • When some pods on the node are evicted:
                                                                                                                                                                                                                          • You can see "The node was low on resource: [DiskPressure]" in the events of the evicted pods.
                                                                                                                                                                                                                          • You can see "attempting to reclaim ephemeral-storage" or "attempting to reclaim nodefs" in the node events.
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Solution
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • View the node disk usage through the node monitoring data, identify the time when the exception occurs, and check if processes on the node are consuming excessive disk space. For details, see Checking the Node Monitoring Data.
                                                                                                                                                                                                                      • If a large number of files are not deleted from the node disks, delete these files.
                                                                                                                                                                                                                      • Restrict the ephemeral-storage configurations of the pods based on service requirements.
                                                                                                                                                                                                                      • Use cloud storage services instead of hostPath volumes.
                                                                                                                                                                                                                      • Expand the capacity of the node disks. 
                                                                                                                                                                                                                      • Reduce the load of the node.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Abnormal kubelet
                                                                                                                                                                                                                      Possible cause
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      The kubelet process is not functioning properly or the kubelet configuration is improper. Typically, CCE has set up health checks for kubelet as a default configuration. There is a greater chance of startup failure if the configuration is incorrect.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      kubelet is inactive.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Solution
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      1. Log in to the abnormal node and restart kubelet: (Restarting kubelet does not affect the running containers.)
                                                                                                                                                                                                                        systemctl restart kubelet
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      2. Check whether the kubelet status becomes normal:
                                                                                                                                                                                                                        systemctl status kubelet
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      3. If the kubelet status is still abnormal after the restart, log in to the node and view the kubelet logs:
                                                                                                                                                                                                                        journalctl -u kubelet
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        • If there are error messages in the logs, find the cause by looking for specific keywords associated with the error.
                                                                                                                                                                                                                        • If there is an issue with the kubelet configuration, find the node pool that the node belongs to, click Manage in the Operation column, and make changes to the kubelet configuration.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Abnormal Runtime
                                                                                                                                                                                                                      Possible cause
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      The Docker or containerd configuration or process is not functioning properly.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • Docker
                                                                                                                                                                                                                        • Docker is inactive.
                                                                                                                                                                                                                        • Docker is active and running, but the node is experiencing issues and not functioning properly, resulting in abnormal behavior. In this case, the docker ps or docker exec command fails to be executed.
                                                                                                                                                                                                                        • The value of RuntimeOffline of the node becomes True.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      • containerd
                                                                                                                                                                                                                        • containerd is inactive.
                                                                                                                                                                                                                        • The value of RuntimeOffline of the node becomes True.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Solution
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      1. Log in to the abnormal node.
                                                                                                                                                                                                                      2. Restart the runtime:
                                                                                                                                                                                                                        # Docker
+systemctl restart docker
+# Containerd
+systemctl restart containerd
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      3. After the command is executed, check whether the running status is normal.
                                                                                                                                                                                                                        # Docker
+systemctl status docker
+# Containerd
+systemctl status containerd
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      4. If the component status is still abnormal after the restart, check the component logs:
                                                                                                                                                                                                                        # Docker
+journalctl -u docker
+# containerd
+journalctl -u containerd
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Abnormal NTP
                                                                                                                                                                                                                      Possible cause
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      The NTP process is abnormal.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • chronyd is inactive.
                                                                                                                                                                                                                      • The value of NTPProblem becomes True.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Solution
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      1. Log in to the abnormal node and restart chronyd:
                                                                                                                                                                                                                        systemctl restart chronyd
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      2. After the restart, check whether the chronyd status becomes normal:
                                                                                                                                                                                                                        systemctl status chronyd
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      3. If the chronyd status is still abnormal after the restart, log in to the node and view the chronyd logs:
                                                                                                                                                                                                                        journalctl -u chronyd
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Abnormal Node Restart
                                                                                                                                                                                                                      Possible cause
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      The node is experiencing abnormal load.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      During the restart, the node is in the NotReady state.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Solution
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      1. Check the time when the node was restarted:
                                                                                                                                                                                                                        last reboot
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        The following shows an example of the expected output.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      2. View the node monitoring data and locate the abnormal resource based on the restart time of the node. For details, see Checking the Node Monitoring Data.
                                                                                                                                                                                                                      3. Check the kernel logs and locate the fault based on the restart time.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Abnormal Node Network
                                                                                                                                                                                                                      Possible cause
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      The node is experiencing abnormal running status, incorrect security group configuration, or excessive network load.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • The node cannot be logged in to.
                                                                                                                                                                                                                      • The node is in the Unknown state.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Solution
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • If you cannot log in to the node, take the following steps to locate the fault:
+
                                                                                                                                                                                                                      • If the network load of the node is too high, perform the following operations:
                                                                                                                                                                                                                        • View the node networking through the node monitoring data and check whether the pods on the node are consuming excessive network bandwidth.
                                                                                                                                                                                                                        • Use network policies to control network traffic of the pods on the node. 
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Abnormal PLEG
                                                                                                                                                                                                                      Possible cause
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      The pod lifecycle event generator (PLEG) records different events in the lifecycle of a pod, such as the pod startup and termination. The error "PLEG is not healthy" is usually due to abnormal runtime processes on the node or issues with the systemd version on the node.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • The node is in the NotReady state.
                                                                                                                                                                                                                      • You can see the following information in the kubelet logs:
                                                                                                                                                                                                                        skipping pod synchronization - PLEG is not healthy: pleg was last seen active 3m17.028393648s ago; threshold is 3m0s.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Solution
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • Restart Docker or containerd and kubelet in sequence and then check whether the node is restored.
                                                                                                                                                                                                                      • If the node is not restored after the restart of the key components, restart the node. (Be cautious when restarting the node because it may cause interruptions to your services.)
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Node Overloaded
                                                                                                                                                                                                                      Possible cause
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      The node resources are not enough for pod scheduling.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      If there are not enough scheduling resources available on the node, pod scheduling will fail and the following error information will be displayed: (Only errors related to common resources are listed.)
                                                                                                                                                                                                                      • Insufficient CPUs in a cluster: 0/2 nodes are available: 2 Insufficient cpu
                                                                                                                                                                                                                      • Insufficient memory in a cluster: 0/2 nodes are available: 2 Insufficient memory
                                                                                                                                                                                                                      • Insufficient temporary storage space in a cluster: 0/2 nodes are available: 2 Insufficient ephemeral-storage
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      The scheduler determines that node resources are insufficient using the following calculation methods:
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • Whether the CPUs of a node are insufficient: Total CPUs requested by a pod > (Total allocatable CPUs on the node - Total CPUs that have been allocated to the pods on the node)
                                                                                                                                                                                                                      • Whether the memory of a node is insufficient: Total memory requested by a > (Total allocatable memory on the node - Total memory that has been allocated to the pods on the node)
                                                                                                                                                                                                                      • Whether the temporary storage space of a node is insufficient: Temporary storage space requested by a pod > (Total allocatable temporary storage space on the node - Total temporary storage space that has been allocated to the pods on the node)
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      If the total resources requested by the pod exceed the allocatable resources on the node (after subtracting the allocated resources to the pods on the node), the pod will not be scheduled on that node.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check the resource allocation details on the node:
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      kubectl describe node $nodeName
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Pay attention to the resource allocation in the command output:
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Allocatable:
+  cpu:                1930m
+  ephemeral-storage:  94576560382
+  hugepages-1Gi:      0
+  hugepages-2Mi:      0
+  localssd:           0
+  localvolume:        0
+  memory:             2511096Ki
+pods:               20
+Allocated resources:
+  (Total limits may be over 100 percent, i.e., overcommitted.)
+  Resource           Requests      Limits
+  --------           --------      ------
+  cpu                1255m (65%)   4600m (238%)
+  memory             1945Mi (79%)  3876Mi (158%)
+  ephemeral-storage  0 (0%)        0 (0%)
+  hugepages-1Gi      0 (0%)        0 (0%)
+  hugepages-2Mi      0 (0%)        0 (0%)
+  localssd           0             0
+  localvolume        0             0
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Specifically:
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • Allocatable: specifies the total number of allocatable resources like CPUs, memory, and temporary storage on a node.
                                                                                                                                                                                                                      • Allocated resources: specifies the total number of resources like CPUs, memory, and temporary storage that have been allocated to the pods on a node.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Solution
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      If the resources on a node are not enough for pod scheduling, reduce the node load through either of the following ways:
                                                                                                                                                                                                                      • Delete unnecessary pods.
                                                                                                                                                                                                                      • Restrict the resource configurations of pods based on service requirements.
                                                                                                                                                                                                                      • Add more nodes to the cluster.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Restricted Node Scheduling with the node.kubernetes.io/route-unreachable Taint
                                                                                                                                                                                                                      Possible cause
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      The network infrastructure's route tables allow the container networks in a cluster that uses the VPC network model to be accessible. A newly created CCE node has network isolation support. If the node network is not functioning properly, the system will automatically add the node.kubernetes.io/route-unreachable taint to the node and remove it once the network is ready. If the node.kubernetes.io/route-unreachable taint remains for an extended period, it indicates abnormal network connectivity for the node.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      A newly created node is restricted for scheduling for a long time.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Solution
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      1. If there are other normal nodes in the cluster, run the ping command to check the network connectivity between containers on different nodes.
                                                                                                                                                                                                                        Create a container for testing. In the following example, {node_ip} indicates the IP address of the abnormal node.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        kind: Pod
+apiVersion: v1
+metadata:
+  name: nginx
+  namespace: default
+spec:
+  containers:
+    - name: container-1
+      image: nginx:latest
+      imagePullPolicy: IfNotPresent
+  imagePullSecrets:
+    - name: default-secret
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: kubernetes.io/hostname
+                operator: In
+                values:
+                  - {node_ip}
+  schedulerName: default-scheduler
+  tolerations:
+    - key: node.kubernetes.io/route-unreachabe
+      operator: Exists
+      effect: NoSchedule
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        After the container is started, log in to another normal node and ping the IP address of the container. If the communication is abnormal, go to the next step.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      2. On the Route Tables page of the VPC console, check whether the node route has been added, whether the next hop type is cloud container, and whether the next hop is the node name. If the node route is present in the route table but the node is still unable to connect to the network, it suggests a potential problem with the underlying network. In such situations, submit a service ticket to the networking team for assistance.
                                                                                                                                                                                                                      3. If the fault persists, submit a service ticket to CCE for troubleshooting.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Node Unavailable Due to OOM
                                                                                                                                                                                                                      Possible cause
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Many containers are scheduled onto a node, using up all its resources and causing an OOM issue. This issue is primarily seen on nodes running the Docker container engine.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      If a node in the cluster is assigned too many containers, the node OS might crash, rendering the node unavailable. You may see the information similar to the following after logging in to the node with VNC.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Check the node events:
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      kubectl describe node {nodeName}
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Pay attention to the abnormal node events in the output.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Solution
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      If the resources on a node are not enough for pod scheduling, reduce the node load through either of the following ways:
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • Reset the faulty node.
                                                                                                                                                                                                                      • Delete unnecessary pods.
                                                                                                                                                                                                                      • Restrict the resource configurations of pods based on service requirements.
                                                                                                                                                                                                                      • Add more nodes to the cluster.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Parent topic: Node
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_faq_00484.html b/docs/cce/umn/cce_faq_00484.html
new file mode 100644
index 000000000..d14f81995
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00484.html
@@ -0,0 +1,29 @@
+
+
+
                                                                                                                                                                                                                      What Is an OBS Global Access Key and How Do I Check Whether a Global Access Key Is Used in a Cluster?
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      When creating an OBS PVC in a CCE cluster, you need to select an access key (AK/SK). OBS access keys are classified into the following types:
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • (Recommended) Custom access key: When a custom access key is used, the YAML file of the PVC contains the csi.storage.k8s.io/node-publish-secret-namespace and csi.storage.k8s.io/node-publish-secret-name annotations, which specify the secret namespace and secret name for storing keys in the cluster, respectively.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      • (Not recommended and supported only by existing users who have uploaded files) Global access key: When a global access key is used, the YAML file of the PVC does not contain the csi.storage.k8s.io/node-publish-secret-namespace and csi.storage.k8s.io/node-publish-secret-name annotations, and the secret of the global access key is fixed in the kube-system namespace and named paas.longaksk.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                         
                                                                                                                                                                                                                        The global access secret (paas.longaksk) is used by project. Once a global access secret is used, it is automatically created for each cluster within the same project. However, this can lead to security and management complexities. Therefore, it is not recommended that you use global access secrets.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        If you do not need to use the global access key, you can disable it in Settings of the cluster. After the operation, CCE deletes the global access key paas.longaksk from the kube-system namespace. If you need to use this function later, you can enable it again in the settings.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Checking Whether a Global Access Key Is Used in a Cluster
                                                                                                                                                                                                                      • Using the console
                                                                                                                                                                                                                        In the navigation pane, choose Storage. In the right pane, select all namespaces, click the PersistentVolumeClaims (PVCs) tab, add a filter Storage Settings: obs, and view the results in the Storage Settings column.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        If the access key is empty, the global access key is used. If the access key is not empty, a custom access key is used.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      • Using kubectl
                                                                                                                                                                                                                        kubectl get pvc --all-namespaces -o=custom-columns=Name:'metadata.name',Namespace:'metadata.namespace',secretName:'metadata.annotations.csi\.storage\.k8s\.io\/node-publish-secret-name' | grep \<none\>
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        You can use the command above to find out which PVC in the cluster is using the global access key. The first column in the command output shows the PVC name, and the second column indicates the namespace where the PVC is located.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        obs-test     default     <none>
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                        If the command output is blank, it means no PVC is using the global access key in the cluster.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Parent topic: Permissions
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_faq_00487.html b/docs/cce/umn/cce_faq_00487.html
new file mode 100644
index 000000000..3ddd8a59d
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00487.html
@@ -0,0 +1,29 @@
+
+
+
                                                                                                                                                                                                                      How Do I Troubleshoot a Pod Exit Caused by a Node Label Update?
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                                      After a workload pod is scheduled on a node based on the node labels, any changes to the labels or kubelet restarts due to configuration changes lead to a fault. About 30 seconds after the kubelet restart, you may notice a Predicate NodeAffinity failed event in the workload status. Additionally, the pod status changed to Completed, and a new pod will be scheduled on an appropriate node. If there are no nodes that match the specified label required by the pod, the pod scheduling will fail.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Possible Cause
                                                                                                                                                                                                                      Once a workload pod is configured with label affinity, it will only be scheduled to a node with that label. If the node label is changed after the pod is scheduled on the node, the pod will still run on the node. However, if kubelet is restarted, it will verify if the pod affinity policy matches the node label. If it is not, kubelet will mark the pod as Completed. Then, it will create a pod and schedule it.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      The main issue here stems from Kubernetes' native mechanism. To maintain pod stability, you are advised to match the label of a pod with the label of the node where the pod runs. This prevents the pod from being terminated during affinity policy checks when kubelet restarts, or a new pod from encountering issues with scheduling due to mismatched affinity policies and node labels after creation.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Solution
                                                                                                                                                                                                                      • When you only need to add a new Kubernetes label to a node or node pool, avoid removing any existing Kubernetes labels from it. This ensures that the affinity policies remain unchanged so that the existing pods can continue running on the node.
                                                                                                                                                                                                                      • If you need to change or delete a Kubernetes label on a node or node pool, but the new label does not align with the affinity policies of the pods running on the node, take the following steps to verify if there are pods with affinity scheduling configured on the node: (If no check is done, there may be a problem with pod scheduling when kubelet restarts.)
                                                                                                                                                                                                                        1. Check whether an affinity policy has been configured for the workloads on a node.
                                                                                                                                                                                                                          • If the node is in the default node pool (DefaultPool), run the following command and replace <node-IP-address> with the actual one:
                                                                                                                                                                                                                            nodeIP='<node-IP-address>' && kubectl get pod --all-namespaces -o=custom-columns=nodeIP:'status.hostIP',nodeAffinity:'spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms' | sed '1d' | grep $nodeIP | awk '{print substr($0, index($0,$2))}' | grep matchExpressions | uniq
                                                                                                                                                                                                                            
+
                                                                                                                                                                                                                            • If the command output is empty, it indicates that there is no affinity policy configured for any workload on the node, so the workload pods will not be rescheduled because of a new node label.
                                                                                                                                                                                                                            • If the command output is not empty, it means there is an affinity policy configured for some workloads on the node. The following shows an example, and it indicates that there is a tag1=value1 label configured for some workloads.
                                                                                                                                                                                                                              
+
                                                                                                                                                                                                                            
+
                                                                                                                                                                                                                          • If the node is in a custom node pool, run the following command and replace <node-pool-name> with the actual one:
                                                                                                                                                                                                                            nodeIPs=$(kubectl get nodes -l cce.cloud.com/cce-nodepool=<node-pool-name> -o=custom-columns=IP:'metadata.annotations.alpha\.kubernetes\.io\/provided-node-ip' | sed '1d' | tr '\n' '|' | sed 's/|$//') && kubectl get pod --all-namespaces -o=custom-columns=nodeIP:'status.hostIP',nodeAffinity:'spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms' | sed '1d' | grep -E $nodeIPs | awk '{print substr($0, index($0,$2))}' | grep matchExpressions | uniq
                                                                                                                                                                                                                            
+
                                                                                                                                                                                                                            • If the command output is empty, it indicates that there is no affinity policy configured for any workload in the node pool, so the workload pods will not be rescheduled because of a new node label.
                                                                                                                                                                                                                            • If the command output is not empty, it means there is an affinity policy configured for some workloads in the node pool. The following shows an example, and it indicates that there is a tag1=value1 label configured for some workloads.
                                                                                                                                                                                                                              
+
                                                                                                                                                                                                                            
+
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                        2. Get all workloads that are associated with the affinity policy. The value of affinity-policy is the one obtained in the previous step.
                                                                                                                                                                                                                          match='affinity-policy' && kubectl get deployment,statefulset,daemonset,job,cronjob --all-namespaces -o=custom-columns=kind:'kind',name:'metadata.namespace',namespace:'metadata.name',nodeAffinity:'spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms' | grep -F "$match" | awk '{print "kind:" $1 ",namespace:" $2 ",name:" $3}' 
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          As shown in the following figure, the workloads with the tag1=value1 label are displayed.
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                        3. Evaluate the impact of the workload restart on services before changing any label on the node or node pool.
                                                                                                                                                                                                                          You can also modify the affinity policy of a workload to schedule it to other nodes and change the node label after the workload pod runs properly.
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Parent topic: Scheduling Policies
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_productdesc_0001.html b/docs/cce/umn/cce_productdesc_0001.html
index 5d07494f7..08cb5a8b2 100644
--- a/docs/cce/umn/cce_productdesc_0001.html
+++ b/docs/cce/umn/cce_productdesc_0001.html
@@ -1,8 +1,8 @@
 
 
 
                                                                                                                                                                                                                      What Is CCE?
                                                                                                                                                                                                                      
-
                                                                                                                                                                                                                      Cloud Container Engine (CCE) is a Kubernetes cluster hosting service for enterprises. It manages the enter lifecycle of containerized applications and delivers scalable, high-performance solutions for deploying and managing cloud native applications.
                                                                                                                                                                                                                      
-
                                                                                                                                                                                                                      Why CCE?
                                                                                                                                                                                                                      CCE is a one-stop platform integrating compute (ECS), networking (VPC, EIP, and ELB), storage (EVS, OBS, and SFS), and many other services. Multi-AZ, multi-region disaster recovery (DR) ensures high availability (HA) of Kubernetes clusters.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Cloud Container Engine (CCE) is a Kubernetes cluster hosting service for enterprises. It manages the entire lifecycle of containerized applications and delivers scalable, high-performance solutions for deploying and managing cloud native applications.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Why CCE?
                                                                                                                                                                                                                      CCE is a one-stop platform integrating compute (ECS), networking (VPC, EIP, and ELB), storage (EVS, SFS, and OBS), and many other services. Multi-AZ, multi-region disaster recovery (DR) ensures high availability (HA) of Kubernetes clusters.
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                      For more information, see Product Advantages and Application Scenarios.
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                      CCE Cluster Types
                                                                                                                                                                                                                      There are multiple types of CCE clusters.
                                                                                                                                                                                                                      
@@ -35,7 +35,7 @@
 
                                                                                                                                                                                                                For users who have higher requirements on performance, resource utilization, and full-scenario coverage
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Specification difference
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Specification difference
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Network model
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
 
                                                                                                                                                                                                                hostPort
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Supported
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Not supported
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Network performance
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                The container network is overlaid with the VPC network, causing certain performance loss.
                                                                                                                                                                                                                
@@ -60,7 +67,7 @@
 
                                                                                                                                                                                                                Pods can be associated with security groups for isolation. This isolation policy, based on security groups, ensures consistent security isolation both within and outside of a cluster.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Security isolation
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Container resource isolation
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                cgroups are used to isolate common containers.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Users granted permissions of this policy must also be granted permissions of the following policies:
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Global service project: OBS Buckets Viewer and OBS Administrator
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Region-specific projects: Tenant Guest, Server Administrator, ELB Administrator, SFS Administrator, SWR Admin, and APM FullAccess
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Region-specific projects: Tenant Guest, Server Administrator, ELB Administrator, SFS Administrator, SWR Admin, and APM FullAccess
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                 NOTE: 
                                                                                                                                                                                                                • If you are assigned with both CCE Administrator and NAT Gateway Administrator permissions, you can use NAT Gateway functions for clusters.
                                                                                                                                                                                                                • If an IAM user is required to grant cluster namespace permissions to other users or user groups, the user must have the IAM read-only permission.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
 
 
 
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Disk capacity
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                MB
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                MiB
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                GB
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                GiB
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Performance
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Near-native performance
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Near-native
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Weak
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
 
                                                                                                                                                                                                                OS
                                                                                                                                                                                                                
+
                                                                                                                                                                                                              12. The table below shows the relationships between network policies and cluster types.
+
                                                                                                                                                                                                                
-
-
+
+
+
+
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                Cluster Type
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Cluster Version
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                CCE Standard Cluster
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Verified Kernel Version
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                CCE Turbo Cluster
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Network Model
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Tunnel
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Cloud Native Network 2.0
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                EulerOS 2.9
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                NetworkPolicy
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                v1.23 or later
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Enabled by default
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                4.18.0-147.5.1.6.h541.eulerosv2r9.x86_64
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                4.18.0-147.5.1.6.h998.eulerosv2r9.x86_64
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Disabled by default (To use network policies, enable DataPlane V2 when creating a cluster.)
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                HCE OS 2.0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Data plane implementation
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                v1.25 or later
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                OpenvSwitch
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                5.10.0-60.18.0.50.r865_35.hce2.x86_64
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                5.10.0-182.0.0.95.r1941_123.hce2.x86_64
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                eBPF
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Cluster version for inbound rules
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                All versions
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                v1.27.16-r10, v1.28.15-r0, v1.29.10-r0, v1.30.6-r0, or later
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Cluster version for outbound rules
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                v1.23 and later
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Selector for inbound rules
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                namespaceSelector
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                podSelector
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                namespaceSelector
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                podSelector
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                IPBlock
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Selector for outbound rules
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                namespaceSelector
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                podSelector
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                IPBlock
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Supported OS
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                EulerOS
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                HCE 2.0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                HCE OS 2.0
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                IPv6 network policies
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Not supported
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Supported
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Secure containers
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Not supported
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Not supported
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                IPBlock scope
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Not limited
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The CIDR blocks and node IP addresses in the container CIDR block cannot be configured.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Limit ClusterIP access through workload labels
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Not supported
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Supported
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Limit the internal cloud server CIDR block of 100.125.0.0/16
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Supported
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Not supported
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                SCTP
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Not supported
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Not supported
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Always allow access to pods on a node from other nodes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Supported
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Supported
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Configure EndPort in network policies
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Not supported
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Not supported
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
                                                                                                                                                                                                                 
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                13. 
-
                                                                                                                                                                                                              13. Network isolation is not supported for IPv6 addresses.
                                                                                                                                                                                                              14. If you upgrade a CCE cluster to a version that supports egress rules in in-place mode, the rules will not work because the node OS is not upgraded. In this case, reset the node.
                                                                                                                                                                                                                15. 
+
                                                                                                                                                                                                                 
                                                                                                                                                                                                                • CCE DataPlane V2 is released with restrictions. To use this feature, submit a service ticket to CCE.
                                                                                                                                                                                                                • Secure containers (such as Kata as the container runtime) are not supported by network policies.
                                                                                                                                                                                                                • If you upgrade a CCE standard cluster with a tunnel network to a version that supports egress rules in in-place mode, the rules will not work because the node OS is not upgraded. In this case, reset the node.
                                                                                                                                                                                                                • When a network policy is enabled for a cluster that uses a tunnel network, the source IP address of a pod accessing the CIDR block of a Service will be recorded in the optional field of the reported IP address data. This enables the configuration of network policy rules on the destination pod, taking into account the source IP address of the pod.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
 
 
 
                                                                                                                                                                                                                Storage Volumes
                                                                                                                                                                                                                • Constraints on EVS volumes:
                                                                                                                                                                                                                  • EVS disks cannot be attached across AZs and cannot be used by multiple workloads, multiple pods of the same workload, or multiple tasks. Data sharing of a shared disk is not supported between nodes in a CCE cluster. If an EVS disk is attached to multiple nodes, I/O conflicts and data cache conflicts may occur. Therefore, select only one pod when creating a Deployment that uses EVS disks.
                                                                                                                                                                                                                  • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS volumes mounted, the existing pods cannot be read or written when a new pod is scheduled to another node.
                                                                                                                                                                                                                    For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS volumes mounted, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                • Constraints on SFS volumes:
                                                                                                                                                                                                                  • Multiple PVs can use the same SFS or SFS Turbo file system with the following restrictions:
                                                                                                                                                                                                                    • Do not mount the PVCs/PVs that use the same underlying SFS or SFS Turbo volume to one pod. This will lead to a pod startup failure because not all PVCs can be mounted to the pod due to the same volumeHandle value.
                                                                                                                                                                                                                    • The persistentVolumeReclaimPolicy parameter in the PVs must be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                                                                                                                                    • When the underlying volume is repeatedly used, enable isolation and protection for ReadWriteMany at the application layer to prevent data overwriting and loss.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  • Constraints on SFS volumes:
                                                                                                                                                                                                                    • Multiple PVs can use the same SFS or SFS Turbo file system with the following restrictions:
                                                                                                                                                                                                                      • Do not mount multiple PVCs or PVs that use the same underlying SFS or SFS Turbo volume to a single pod. Doing so will cause pod startup failures, as not all PVCs can be mounted due to identical volumeHandle value.
                                                                                                                                                                                                                      • The persistentVolumeReclaimPolicy parameter in the PVs must be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                                                                                                                                      • When the underlying volume is repeatedly used, enable isolation and protection for ReadWriteMany at the application layer to prevent data overwriting and loss.
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    • SFS volumes are available only in certain regions.
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                  • Constraints on OBS volumes:
                                                                                                                                                                                                                    • If OBS volumes are used, the owner group and permission of the mount point cannot be modified.
                                                                                                                                                                                                                    • Every time an OBS volume is mounted to a workload through a PVC, a resident process is created in the backend. When a workload uses too many OBS volumes or reads and writes a large number of object storage files, resident processes will consume a significant amount of memory. To ensure stable running of the workload, make sure that the number of OBS volumes used does not exceed the requested memory. For example, if the workload requests for 4 GiB of memory, the number of OBS volumes should be no more than 4.
                                                                                                                                                                                                                    • Kata containers do not support OBS volumes.
                                                                                                                                                                                                                    • Hard links are not supported when common buckets are mounted.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  • Constraints on OBS volumes:
                                                                                                                                                                                                                    • If OBS volumes are used, the owner group and permission of the mount point cannot be modified.
                                                                                                                                                                                                                    • Every time an OBS volume is mounted to a workload through a PVC, a resident process is created in the backend. When a workload uses too many OBS volumes or reads and writes a large number of object storage files, resident processes will consume a significant amount of memory. To ensure stable running of the workload, make sure that the number of OBS volumes used does not exceed the requested memory. For example, if the workload requests for 4 GiB of memory, the number of OBS volumes should be no more than 4.
                                                                                                                                                                                                                    • Secure containers do not support OBS volumes.
                                                                                                                                                                                                                    • Hard links are not supported when common buckets are mounted.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  • Constraints on local PVs:
                                                                                                                                                                                                                    • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                                                                                                                    • Removing, deleting, resetting, or scaling in a node will cause the PVC/PV data of the local PV associated with the node to be lost, which cannot be restored or used again. In these scenarios, the pod that uses the local PV is evicted from the node. A new pod will be created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.
                                                                                                                                                                                                                    • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                                                                                                    • A local PV cannot be mounted to multiple workloads or jobs at the same time.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  • Constraints on local EVs:
                                                                                                                                                                                                                    • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
                                                                                                                                                                                                                    • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                                                                                                    • Ensure that the /var/lib/kubelet/pods/ directory is not mounted to the pod on the node. Otherwise, the pod, mounted with such volumes, may fail to be deleted.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  • Constraints on snapshots and backups:
                                                                                                                                                                                                                    • The snapshot function is available only for clusters of v1.15 or later and requires the CSI-based Everest add-on.
                                                                                                                                                                                                                    • The subtype (common I/O, high I/O, or ultra-high I/O), disk mode (VBD or SCSI), data encryption, sharing status, and capacity of an EVS disk created from a snapshot must be the same as those of the disk associated with the snapshot. These attributes cannot be modified after being checked or configured.
                                                                                                                                                                                                                    • Snapshots can be created only for EVS disks that are available or in use, and a maximum of seven snapshots can be created for a single EVS disk.
                                                                                                                                                                                                                    • Snapshots can be created only for PVCs created using the storage class (whose name starts with csi) provided by the Everest add-on. Snapshots cannot be created for PVCs created using the FlexVolume storage class whose name is ssd, sas, or sata.
                                                                                                                                                                                                                    • Snapshot data of encrypted disks is stored encrypted, and that of non-encrypted disks is stored non-encrypted.
                                                                                                                                                                                                                    • A PVC of the xfs file system type can generate snapshots. The file system of the disk associated with the PVC created using these snapshots remains xfs.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  • Constraints on LVM:
                                                                                                                                                                                                                    The default backup configuration that is stored in the /etc/lvm/lvm.conf path for the node LVM has been changed. Once the CCE Container Storage (Everest) add-on (version ≥ 2.4.98) is installed, archive logs will only be kept for one day to avoid filling up disk space with historical metadata from numerous LVM operations.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Add-ons
                                                                                                                                                                                                                CCE uses Helm charts to deploy add-ons. To modify or upgrade an add-on, perform operations on the Add-ons page or use open add-on management APIs. Do not directly modify add-on resources on the backend. Otherwise, add-on exceptions or other unexpected problems may occur.
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_productdesc_0007.html b/docs/cce/umn/cce_productdesc_0007.html
index 9ce4e1366..4fba78f3f 100644
--- a/docs/cce/umn/cce_productdesc_0007.html
+++ b/docs/cce/umn/cce_productdesc_0007.html
@@ -2,8 +2,8 @@
 
 
                                                                                                                                                                                                                Containerized Application Management
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Application Scenarios
                                                                                                                                                                                                                CCE clusters enable the management of both x86 and Arm resources. With CCE, you can effortlessly create Kubernetes clusters, deploy containerized applications, and effectively manage and maintain them.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                • Containerized web applications: CCE clusters interconnect with middleware such as GaussDB and Redis and support HA DR, auto scaling, public network release, and gray upgrade, helping you quickly deploy web service applications.
                                                                                                                                                                                                                • Middleware deployment platform: CCE clusters can be used as middleware deployment platforms to implement stateful applications with StatefulSets and PVCs. In addition, load balancers can be used to expose middleware services.
                                                                                                                                                                                                                • Jobs and cron jobs: Job and cron job applications can be containerized to reduce the dependency on the host system. Global resource scheduling secures the resource usage during task running and improves the overall resource usage in the cluster.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Figure 1 CCE cluster
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • Containerized web applications: CCE clusters interconnect with middleware and support HA DR, auto scaling, public network release, and gray upgrade, helping you quickly deploy web service applications.
                                                                                                                                                                                                                • Middleware deployment platform: CCE clusters can be used as middleware deployment platforms to implement stateful applications with StatefulSets and PVCs. In addition, load balancers can be used to expose middleware services.
                                                                                                                                                                                                                • Jobs and cron jobs: Job and cron job applications can be containerized to reduce the dependency on the host system. Global resource scheduling secures the resource usage during task running and improves the overall resource usage in the cluster.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Figure 1 CCE cluster
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Benefits
                                                                                                                                                                                                                Containerization requires less resources to deploy application. Services are not uninterrupted during upgrades.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
@@ -11,7 +11,7 @@
 
                                                                                                                                                                                                              15. Application upgrade
                                                                                                                                                                                                                Upgrades your apps in replace or rolling mode (by proportion or by number of pods), or rolls back the upgrades.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              16. Auto scaling
                                                                                                                                                                                                                Auto scales your nodes and workloads according to the policies you set.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                17. 
-
                                                                                                                                                                                                                Figure 2 Workload
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Figure 2 Workload
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_productdesc_0008.html b/docs/cce/umn/cce_productdesc_0008.html
index 585963da8..71eadf3fc 100644
--- a/docs/cce/umn/cce_productdesc_0008.html
+++ b/docs/cce/umn/cce_productdesc_0008.html
@@ -1,8 +1,8 @@
 
 
 
                                                                                                                                                                                                                Related Services
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                CCE needs to be interconnected with the following cloud services. It requires permissions to access these cloud services.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Figure 1 Relationships between CCE and other services
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                CCE needs to be interconnected with the following cloud services. It requires permissions to access these cloud services.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Figure 1 Relationships between CCE and other services
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Relationships Between CCE and Other Services
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_productdesc_0017.html b/docs/cce/umn/cce_productdesc_0017.html
index b00a378f7..4621c45c9 100644
--- a/docs/cce/umn/cce_productdesc_0017.html
+++ b/docs/cce/umn/cce_productdesc_0017.html
@@ -1,7 +1,7 @@
 
                                                                                                                                                                                                                DevOps and CI/CD
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Application Scenario
                                                                                                                                                                                                                You may receive a lot feedback and requirements for your apps or services. You may want to boost user experience with new features. Continuous integration (CI) and delivery (CD) can help. CI/CD automates builds, tests, and merges, making app delivery faster.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Application Scenarios
                                                                                                                                                                                                                You may receive a lot feedback and requirements for your apps or services. You may want to boost user experience with new features. Continuous integration (CI) and delivery (CD) can help. CI/CD automates builds, tests, and merges, making app delivery faster.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Benefits
                                                                                                                                                                                                                CCE works with SWR to support DevOps and CI/CD. A pipeline automates coding, image build, grayscale release, and deployment based on code sources. Existing CI/CD systems can connect to CCE to containerize legacy applications.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
@@ -11,7 +11,7 @@
 
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Related Services
                                                                                                                                                                                                                Software Repository for Container (SWR), Object Storage Service (OBS), Virtual Private Network (VPN)
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Figure 1 How DevOps works
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Figure 1 How DevOps works
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_productdesc_0018.html b/docs/cce/umn/cce_productdesc_0018.html
index d3bd97b26..3c91943d3 100644
--- a/docs/cce/umn/cce_productdesc_0018.html
+++ b/docs/cce/umn/cce_productdesc_0018.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                                                                Hybrid Cloud
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Application Scenarios
                                                                                                                                                                                                                • Multi-cloud deployment and disaster recovery
                                                                                                                                                                                                                  Running apps in containers on different clouds can ensure high availability. When a cloud is down, other clouds respond and serve.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Application Scenarios
                                                                                                                                                                                                                  • Multi-cloud deployment and disaster recovery
                                                                                                                                                                                                                    To ensure high service availability, services need to be deployed on container services of multiple clouds. When a cloud is faulty, the unified traffic distribution mechanism automatically switches service traffic to other clouds.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  • Traffic distribution and auto scaling
                                                                                                                                                                                                                    Large organizations often span cloud facilities in different regions. They need to communicate and auto scale — start small and then scale as system load grows. CCE takes care of these for you, cutting the costs of maintaining facilities.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  • Migration to the cloud and local database hosting
                                                                                                                                                                                                                    Industries like finance and security have a top concern on data protection. They want to run critical systems in local IDCs while moving others to the cloud. They also expect one unified dashboard to manage all systems.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  • Environment decoupling
                                                                                                                                                                                                                    To ensure IP security, you can decouple development from production. Set up one on the cloud and the other in the local IDC.
                                                                                                                                                                                                                    
@@ -16,7 +16,7 @@
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  Related Services
                                                                                                                                                                                                                  Elastic Cloud Server (ECS), Virtual Private Network (VPN), SoftWare Repository for Container (SWR)
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Figure 1 How hybrid cloud works
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Figure 1 How hybrid cloud works
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_productdesc_0021.html b/docs/cce/umn/cce_productdesc_0021.html
index f9d62581d..740905683 100644
--- a/docs/cce/umn/cce_productdesc_0021.html
+++ b/docs/cce/umn/cce_productdesc_0021.html
@@ -11,7 +11,7 @@
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  Related Services
                                                                                                                                                                                                                  Add-ons: autoscaler and cce-hpa-controller
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  • Auto scaling for workloads: CronHPA (CronHorizontalPodAutoscaler) + HPA (Horizontal Pod Autoscaling)
                                                                                                                                                                                                                  • Auto scaling for clusters: CA (Cluster AutoScaling)
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Figure 1 How auto scaling works
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Figure 1 How auto scaling works
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_qs_0000.html b/docs/cce/umn/cce_qs_0000.html
index 9c113500d..8a082bc8c 100644
--- a/docs/cce/umn/cce_qs_0000.html
+++ b/docs/cce/umn/cce_qs_0000.html
@@ -10,7 +10,7 @@
 
 
                                                                                                                                                                                                              17. Creating a Kubernetes Cluster
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                18. 
-
                                                                                                                                                                                                              18. Creating a Deployment (Nginx)
                                                                                                                                                                                                                
+
                                                                                                                                                                                                              19. Deploying a Deployment (Nginx)
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                20. 
 
                                                                                                                                                                                                              20. Deploying WordPress and MySQL That Depend on Each Other
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                21. 
diff --git a/docs/cce/umn/cce_qs_0001.html b/docs/cce/umn/cce_qs_0001.html
index bfaef4567..f2b27d1e8 100644
--- a/docs/cce/umn/cce_qs_0001.html
+++ b/docs/cce/umn/cce_qs_0001.html
@@ -3,18 +3,18 @@
 
                                                                                                                                                                                                                Introduction
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                This section describes how to use Cloud Container Engine (CCE) and provides frequently asked questions (FAQs) to help you quickly get started with CCE.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Procedure
                                                                                                                                                                                                                Complete the following tasks to get started with CCE.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Figure 1 Procedure for getting started with CCE
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                1. Register an account and grant permissions to IAM users.
                                                                                                                                                                                                                  An account has the permissions to use CCE. However, IAM users created by an account do not have permissions. You need to manually grant the permissions to IAM users..
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Figure 1 Procedure for getting started with CCE
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  1. Register an account and grant permissions to IAM users.
                                                                                                                                                                                                                    An account has the permissions to use CCE. However, IAM users created by the account do not have permissions. You need to manually grant the permissions to IAM users.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  2. Create a cluster.
                                                                                                                                                                                                                    For details on how to create a Kubernetes cluster, see Creating a Kubernetes Cluster.
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                  3. Create a workload from an image or chart.
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                  4. View workload status and logs. Upgrade, scale, and monitor the workload.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                2. Deploy a workload (application).
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                3. View workload status and logs. Upgrade, scale, and monitor the workload.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                FAQs
                                                                                                                                                                                                                1. Is CCE suitable for users who are not familiar with Kubernetes?
                                                                                                                                                                                                                  Yes. The CCE console is easy-to-use, and the Getting Started guide helps you quickly understand and use CCE.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                2. Is CCE suitable for users who have little experience in building images?
                                                                                                                                                                                                                  Yes. CCE not only helps store your own images in My Images but also allows you to create containerized applications using open source images. For details, see Creating a Deployment (Nginx).
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                3. How do I create a workload using CCE?
                                                                                                                                                                                                                  To create a workload, you need to create a cluster first. For details on how to create a workload, see Creating a Deployment (Nginx).
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                4. Is CCE suitable for users who have little experience in building images?
                                                                                                                                                                                                                  Yes. CCE not only helps store your own images in My Images but also allows you to create containerized applications using open source images. For details, see Deploying a Deployment (Nginx).
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                5. How do I create a workload using CCE?
                                                                                                                                                                                                                  To create a workload, you need to create a cluster first. For details on how to create a workload, see Deploying a Deployment (Nginx).
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                6. How do I create a workload accessible to public networks?
                                                                                                                                                                                                                  CCE provides different workload access types to address diverse scenarios. 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                7. How can I allow multiple workloads in the same cluster to access each other?
                                                                                                                                                                                                                  You can create a service of the ClusterIP type. The ClusterIP Services allow workloads in the same cluster to access each other using their cluster-internal domain names.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Cluster-internal domain names are in the format of <A custom service name>.<The workload's namespace>.svc.cluster.local:<Port number>. For example, nginx.default.svc.cluster.local:80.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Cluster-internal domain names are in the format of <Custom service name>.<Workload's namespace>.svc.cluster.local:<Port number>. For example, nginx.default.svc.cluster.local:80.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_qs_0003.html b/docs/cce/umn/cce_qs_0003.html
index 9242cff5a..05527742e 100644
--- a/docs/cce/umn/cce_qs_0003.html
+++ b/docs/cce/umn/cce_qs_0003.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                                                                Creating a Deployment (Nginx)
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Deploying a Deployment (Nginx)
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                You can use images to quickly create a single-pod workload that can be accessed from public networks. This section describes how to use CCE to quickly deploy an Nginx application and manage its lifecycle.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Prerequisites
                                                                                                                                                                                                                You have created a CCE cluster that contains a node with 4 vCPUs and 8 GiB memory. The node is bound with an EIP.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                A cluster is a logical group of cloud servers that run workloads. Each cloud server is a node in the cluster.
                                                                                                                                                                                                                
@@ -10,22 +10,20 @@
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                This section uses the Nginx application as an example to describe how to create a workload. The creation takes about 5 minutes.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                After Nginx is created, you can access the Nginx web page.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Figure 1 Accessed the Nginx web page
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Figure 1 Nginx web page accessed
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Creating Nginx on the CCE Console
                                                                                                                                                                                                                The following is the procedure for creating a containerized workload from a container image.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                1. Log in to the CCE console.
                                                                                                                                                                                                                2. Click the name of the target cluster to access the cluster console.
                                                                                                                                                                                                                3. In the navigation pane, choose Workloads. Then, click Create Workload.
                                                                                                                                                                                                                4. Configure the following parameters and retain the default value for other parameters:
                                                                                                                                                                                                                  Basic Info
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                                                                                                  2. Click the name of the target cluster to access the cluster console.
                                                                                                                                                                                                                  3. In the navigation pane, choose Workloads. In the right pane, click Create Workload in the upper right corner.
                                                                                                                                                                                                                  4. Configure the following parameters and retain the default value for other parameters:
                                                                                                                                                                                                                    Basic Info
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    • Workload Type: Select Deployment.
                                                                                                                                                                                                                    • Workload Name: Set it to nginx.
                                                                                                                                                                                                                    • Namespace: Select default.
                                                                                                                                                                                                                    • Pods: Set the quantity of pods to 1.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    Container Settings
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    Enter nginx:latest in the Image Name text box.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    Service Settings
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    Click the plus sign (+) to create a Service for accessing the workload from an external network. This example shows how to create a LoadBalancer. Configure the following parameters in the window that slides out from the right:
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    • Service Name: Enter nginx. The name of the Service is exposed to external networks.
                                                                                                                                                                                                                    • Service Type: Select LoadBalancer.
                                                                                                                                                                                                                    • Service Affinity: Retain the default value.
                                                                                                                                                                                                                    • Load Balancer: If a load balancer is available, select an existing load balancer. If not, select Auto create to create one.
                                                                                                                                                                                                                    • Ports:
                                                                                                                                                                                                                      • Protocol: Select TCP.
                                                                                                                                                                                                                      • Service Port: Set this parameter to 8080, which is mapped to the container port.
                                                                                                                                                                                                                      • Container Port: port on which the application listens. For containers created using the nginx image, set this parameter to 80. For other applications, set this parameter to the port of the application.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • Service Name: Enter nginx. The name of the Service is exposed to external networks.
                                                                                                                                                                                                                      • Service Type: Select LoadBalancer.
                                                                                                                                                                                                                      • Service Affinity: Retain the default value.
                                                                                                                                                                                                                      • Load Balancer: If a load balancer is available, select the existing load balancer. If not, select Auto create to create one.
                                                                                                                                                                                                                      • Ports:
                                                                                                                                                                                                                        • Protocol: Select TCP.
                                                                                                                                                                                                                        • Service Port: In this example, set this parameter to 8080. Load balancer will use this port to create a listener to provide an entry for external traffic.
                                                                                                                                                                                                                        • Container Port: listening port of the application. In this example, this parameter is set to 80. If another application is used, the container port must be the same as the listening port provided by the application.
                                                                                                                                                                                                                        
 
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                    • Click Create Workload.
                                                                                                                                                                                                                      Wait until the workload is created.
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                      The created Deployment will be displayed on the Deployments tab.
                                                                                                                                                                                                                      
-
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Accessing Nginx
                                                                                                                                                                                                                1. Obtain the external access address of Nginx.
                                                                                                                                                                                                                  Click the Nginx workload name to enter its details page. On the page displayed, click the Access Mode tab, view the IP address of Nginx. The public IP address is the external access address.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                2. Enter the external access address in the address box of a browser. The following shows the welcome page if you successfully access the workload.
                                                                                                                                                                                                                  Figure 2 Accessing Nginx
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                3. Obtain the external access address of Nginx.
                                                                                                                                                                                                                  Click the Nginx workload name to enter its details page. On the page displayed, click the Access Mode tab, view the IP address of Nginx. The public IP address is the external access address.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                4. Enter External access address:Service port in the address box of the browser to access the application. The Service port is configured in Ports.
                                                                                                                                                                                                                  Figure 2 Accessing Nginx
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_qs_0004.html b/docs/cce/umn/cce_qs_0004.html
index a00ccc187..a0cae755f 100644
--- a/docs/cce/umn/cce_qs_0004.html
+++ b/docs/cce/umn/cce_qs_0004.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                                                                Creating a MySQL Workload
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Step 1: Deploying MySQL
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                WordPress must be used together with MySQL. WordPress runs the content management program while MySQL serves as a database to store data.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Prerequisites
                                                                                                                                                                                                                You have created a CCE cluster that contains a node with 4 vCPUs and 8 GiB memory. For details on how to create a cluster, see Creating a Kubernetes Cluster.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
@@ -14,12 +14,12 @@ rm -rf /var/lib/mysql/lost+found;docker-entrypoint.sh mysqld;
 
                                                                                                                                                                                                              21. Click Data Storage, click Add Volume, select VolumeClaimTemplate (VTC) from the drop-down list, and add an EVS disk for MySQL.
                                                                                                                                                                                                                Click Create PVC and configure the following parameters (Keep default for other parameters):
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                • PVC Type: Select EVS.
                                                                                                                                                                                                                • PVC Name: Enter a name, for example, mysql.
                                                                                                                                                                                                                • Creation Mode: Only Dynamically provision is supported.
                                                                                                                                                                                                                • Storage Classes: The default value is csi-disk.
                                                                                                                                                                                                                • AZ: Select an AZ. The EVS disk can only be attached to nodes in the same AZ. After an EVS disk is created, the AZ where the disk locates cannot be changed.
                                                                                                                                                                                                                • Disk Type: Select a proper type as required.
                                                                                                                                                                                                                • Capacity (GiB): Enter the capacity as required. The default value is 10 GiB.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Click Create and enter the path for mounting the storage volume to the container. The default path used by MySQL is /var/lib/mysql.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                              22. In the Headless Service Parameters area, configure a headless Service.
                                                                                                                                                                                                                A headless Service needs to be configured for the StatefulSet networking. The headless Service generates DNS name for each pod for accessing a specific StatefulSet pod. For a replicated MySQL database, the headless Service needs to be used to read and write the MySQL primary server, and copies existing data from other running replicas. In this example, there is only one pod running in the MySQL workload. Therefore, the headless Service is not used. In this case, enter 3306 for both the Service port and container port. For details about the replicated MySQL examples, see Run a Replicated Stateful Application.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                              23. In the Headless Service Parameters area, configure a headless Service.
                                                                                                                                                                                                                A headless Service needs to be configured for networking between StatefulSet pods. It generates a domain name for each pod to access a specific StatefulSet pod. For a MySQL database that has master/slave relationship and multiple replicas, a headless Service is needed to read and write data from and into one MySQL database server (known as a source) and copy the data to other replicas. In this example, there is only one pod running in the MySQL workload. Therefore, the headless Service is not used. In this case, enter 3306 for both the Service port and container port. For details about the replicated MySQL examples, see Run a Replicated Stateful Application.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              24. In the Service Settings area, click the plus sign (+) and create a Service for accessing MySQL from WordPress.
                                                                                                                                                                                                                Select ClusterIP for Service Type, enter mysqlin the Service Name text box, set both the Container Port and Service Port to 3306, and click OK.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                The default access port in the MySQL image is 3306. In this example, both the container port and Service port are set to 3306 for convenience. The access port can be changed to another port.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                In this way, the MySQL workload can be accessed through {Service name}:{Access port} (for example, mysql:3306) from within the cluster.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                In this way, the MySQL workload can be accessed through {Service name}:{Access port}, for example, mysql:3306, from within the cluster.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              25. Click Create Workload.
                                                                                                                                                                                                                Wait until the workload is created.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                The created Deployment will be displayed on the StatefulSets tab.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The created workload will be displayed on the StatefulSets tab.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                26. 
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_qs_0005.html b/docs/cce/umn/cce_qs_0005.html
index 6795d10c4..6f538a948 100644
--- a/docs/cce/umn/cce_qs_0005.html
+++ b/docs/cce/umn/cce_qs_0005.html
@@ -1,20 +1,20 @@
 
 
-
                                                                                                                                                                                                                Creating a WordPress Workload
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Step 2: Deploying WordPress
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                WordPress was originally a blog platform based on PHP and MySQL. It is gradually evolved into a content management system. You can set up your own blog website on any server that supports PHP and MySQL.  Thousands of plug-ins and countless theme templates are available for WordPress and easy to install.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                This section describes how to create a public WordPress website from images.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Prerequisites
                                                                                                                                                                                                                • You have created a CCE cluster that contains a node with 4 vCPUs and 8 GiB memory. For details on how to create a cluster, see Creating a Kubernetes Cluster.
                                                                                                                                                                                                                • The MySQL database has been created by following the instructions in Creating a MySQL Workload. In this example, WordPress data is stored in the MySQL database.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Prerequisites
                                                                                                                                                                                                                • You have created a CCE cluster that contains a node with 4 vCPUs and 8 GiB memory. For details on how to create a cluster, see Creating a Kubernetes Cluster.
                                                                                                                                                                                                                • The MySQL database has been created by following the instructions in Step 1: Deploying MySQL. In this example, WordPress data is stored in the MySQL database.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Operations on the Console
                                                                                                                                                                                                                1. Log in to the CCE console.
                                                                                                                                                                                                                2. Click the name of the target cluster to access the cluster console.
                                                                                                                                                                                                                3. In the navigation pane, choose Workloads. Then, click Create Workload.
                                                                                                                                                                                                                4. Configure parameters as promoted.
                                                                                                                                                                                                                  Basic Info
                                                                                                                                                                                                                  • Workload Type: Select Deployment.
                                                                                                                                                                                                                  • Workload Name: Enter wordpress in the text box.
                                                                                                                                                                                                                  • Namespace: Select default.
                                                                                                                                                                                                                  • Pods: Set this parameter to 2 in this example.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Operations on the Console
                                                                                                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                                                                                                  2. Click the name of the target cluster to access the cluster console.
                                                                                                                                                                                                                  3. In the navigation pane, choose Workloads. In the right pane, click Create Workload in the upper right corner.
                                                                                                                                                                                                                  4. Configure parameters as promoted.
                                                                                                                                                                                                                    Basic Info
                                                                                                                                                                                                                    • Workload Type: Select Deployment.
                                                                                                                                                                                                                    • Workload Name: Enter wordpress in the text box.
                                                                                                                                                                                                                    • Namespace: Select default.
                                                                                                                                                                                                                    • Pods: Set this parameter to 2 in this example.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    Container Settings
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    Enter wordpress:php7.3 in the Image Name text box.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    Add environment variables.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    WordPress will get the information about the MySQL database with the following variables.
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    • WORDPRESS_DB_HOST: address for accessing the database, which can be found in the Service (on the Services tab page) of the MySQL workload. You can use the internal domain name mysql.default.svc.cluster.local:3306 to access the database, or use only mysql:3306 omitting .default.svc.cluster.local.
                                                                                                                                                                                                                    • WORDPRESS_DB_USER: username for accessing the database. The value must be the same as that of MYSQL_USER in Creating a MySQL Workload, which is used to access MySQL.
                                                                                                                                                                                                                    • WORDPRESS_DB_PASSWORD: password for accessing the database. The value must be the same as that of MYSQL_PASSWORD in Creating a MySQL Workload.
                                                                                                                                                                                                                    • WORDPRESS_DB_NAME: name of the database to be accessed. The value must be the same as that of MYSQL_DATABASE in Creating a MySQL Workload.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    • WORDPRESS_DB_HOST: address for accessing the database, which can be found in the Service (on the Services tab page) of the MySQL workload. You can use the internal domain name mysql.default.svc.cluster.local:3306 to access the database, or use only mysql:3306 omitting .default.svc.cluster.local.
                                                                                                                                                                                                                    • WORDPRESS_DB_USER: username for accessing the database. The value must be the same as that of MYSQL_USER in Step 1: Deploying MySQL, which is used to access MySQL.
                                                                                                                                                                                                                    • WORDPRESS_DB_PASSWORD: password for accessing the database. The value must be the same as that of MYSQL_PASSWORD in Step 1: Deploying MySQL.
                                                                                                                                                                                                                    • WORDPRESS_DB_NAME: name of the database to be accessed. The value must be the same as that of MYSQL_DATABASE in Step 1: Deploying MySQL.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    Service Settings
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    Click the plus sign (+) to create a Service for accessing the workload from an external network. This example shows how to create a LoadBalancer. Configure the following parameters in the window that slides out from the right:
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    • Service Name: name of the Service exposed to external networks. In this example, the Service name is wordpress.
                                                                                                                                                                                                                    • Service Type: Select LoadBalancer.
                                                                                                                                                                                                                    • Service Affinity: Retain the default value.
                                                                                                                                                                                                                    • Load Balancer: If a load balancer is available, select an existing load balancer. If not, click Create Load Balancer to create one on the ELB console.
                                                                                                                                                                                                                    • Ports:
                                                                                                                                                                                                                      • Protocol: Select TCP.
                                                                                                                                                                                                                      • Service Port: Set this parameter to 80, which is mapped to the container port.
                                                                                                                                                                                                                      • Container Port: port on which the application listens. For containers created using the wordpress image, set this parameter to 80. For other applications, set this parameter to the port of the application.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • Service Name: name of the Service exposed to external networks. In this example, the Service name is wordpress.
                                                                                                                                                                                                                      • Service Type: Select LoadBalancer.
                                                                                                                                                                                                                      • Service Affinity: Retain the default value.
                                                                                                                                                                                                                      • Load Balancer: If a load balancer is available, select the existing load balancer. If not, click Create Load Balancer to create one on the ELB console.
                                                                                                                                                                                                                      • Ports:
                                                                                                                                                                                                                        • Protocol: Select TCP.
                                                                                                                                                                                                                        • Service Port: Set this parameter to 80, which is mapped to the container port.
                                                                                                                                                                                                                        • Container Port: port on which the application listens. For containers created using the wordpress image, set this parameter to 80. For other applications, set this parameter to the port of the application.
                                                                                                                                                                                                                        
 
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                    • Click Create Workload.
                                                                                                                                                                                                                      Wait until the workload is created.
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                      The created Deployment will be displayed on the Deployments tab.
                                                                                                                                                                                                                      
@@ -22,12 +22,12 @@
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  Accessing WordPress
                                                                                                                                                                                                                  1. Obtain the external access address of WordPress.
                                                                                                                                                                                                                    Click the wordpress workload name to enter its details page. On the page displayed, click the Access Mode tab, view the IP address of WordPress. The public IP address is the external access address.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  2. Enter the external access address in the address box of a browser to access WordPress.
                                                                                                                                                                                                                    The following figure shows the accessed WordPress page.
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    Figure 1 WordPress
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    Figure 2 WordPress
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    Figure 1 WordPress
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    Figure 2 WordPress
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Deleting Resources
                                                                                                                                                                                                                  Until now, you have completed all the Getting Started walkthroughs and have understood how to use CCE. Fees are incurred while nodes are running. If you will continue the CCE walkthroughs, retain the clusters. If the clusters used in the walkthroughs are no longer in use, perform the following steps to delete them:
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                                                                                                  2. In the navigation pane, choose Clusters.
                                                                                                                                                                                                                  3. Click  next to the cluster to be deleted, select Delete Cluster, and confirm the information as prompted.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Deleting Resources
                                                                                                                                                                                                                  Until now, you have completed all the Getting Started walkthroughs and have understood how to use CCE. If you will continue the CCE walkthroughs, retain the cluster. If the cluster used in the walkthroughs is no longer in use, take the following steps to delete them:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                                                                                                  2. In the navigation pane, choose Clusters.
                                                                                                                                                                                                                  3. Click  next to the cluster to be deleted, select Delete Cluster, and confirm the information as prompted.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_qs_0006.html b/docs/cce/umn/cce_qs_0006.html
index 54d09259a..bc56eaf3e 100644
--- a/docs/cce/umn/cce_qs_0006.html
+++ b/docs/cce/umn/cce_qs_0006.html
@@ -20,7 +20,7 @@
 
                                                                                                                                                                                                                  (Optional) Creating a VPC
                                                                                                                                                                                                                  A VPC provides an isolated, configurable, and manageable virtual network for CCE clusters.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  Before creating the first cluster, ensure that a VPC has been created. 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  If you already have a VPC available, skip this step.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  1. Log in to the management console.
                                                                                                                                                                                                                  2. Click  in the upper left corner and select a region and a project.
                                                                                                                                                                                                                  3. Under Networking, click Virtual Private Cloud.
                                                                                                                                                                                                                  4. Click Create VPC.
                                                                                                                                                                                                                  5. On the Create VPC page, configure parameters as prompted.
                                                                                                                                                                                                                    A default subnet will be created together with a VPC. You can click Add Subnet to create more subnets for the VPC.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    1. Log in to the management console.
                                                                                                                                                                                                                    2. Click  in the upper left corner and select a region and a project.
                                                                                                                                                                                                                    3. Under Networking, click Virtual Private Cloud.
                                                                                                                                                                                                                    4. Click Create VPC.
                                                                                                                                                                                                                    5. On the Create VPC page, configure parameters as prompted.
                                                                                                                                                                                                                      A default subnet will be created together with a VPC. You can click Add Subnet to create more subnets for the VPC.
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                    6. Click Create Now.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  (Optional) Creating a Key Pair
                                                                                                                                                                                                                  The cloud platform uses public key cryptography to protect the login information of your CCE nodes. Passwords or key pairs are used for identity authentication during remote login to nodes.
                                                                                                                                                                                                                  
@@ -29,7 +29,7 @@
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  Creating a Key Pair on the Management Console
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  If you have no key pair, create one on the management console. The procedure is as follows:
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  1. Log in to the management console.
                                                                                                                                                                                                                  2. Click  in the upper left corner and select a region and a project.
                                                                                                                                                                                                                  3. Under Compute, click Elastic Cloud Server.
                                                                                                                                                                                                                  4. In the navigation pane, choose Key Pair.
                                                                                                                                                                                                                  5. On the displayed page, click Create Key Pair.
                                                                                                                                                                                                                  6. Enter the key pair name and click OK.
                                                                                                                                                                                                                  7. A key pair name consists KeyPair and four random digits. You can enter an easy-to-remember name, for example, KeyPair-xxxx_ecs.
                                                                                                                                                                                                                  8. Manually or automatically download the private key file. The file name is a specified key pair name with a suffix of .pem. Securely store the private key file. In the dialog box displayed, click OK.
                                                                                                                                                                                                                     
                                                                                                                                                                                                                    The private key file can be downloaded only once. Keep it secure. When creating an ECS, provide the name of your desired key pair. Each time you SSH into the ECS, provide the private key.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    1. Log in to the management console.
                                                                                                                                                                                                                    2. Click  in the upper left corner and select a region and a project.
                                                                                                                                                                                                                    3. Under Compute, click Elastic Cloud Server.
                                                                                                                                                                                                                    4. In the navigation pane, choose Key Pair.
                                                                                                                                                                                                                    5. On the displayed page, click Create Key Pair.
                                                                                                                                                                                                                    6. Enter the key pair name and click OK.
                                                                                                                                                                                                                    7. Enter an easy-to-remember name for the key pair. The name of a key pair is in the format of KeyPair-{Four random digits}, for example, KeyPair-xxxx_ecs.
                                                                                                                                                                                                                    8. Manually or automatically download the private key file. The file name is a specified key pair name with a suffix of .pem. Securely store the private key file. In the dialog box displayed, click OK.
                                                                                                                                                                                                                       
                                                                                                                                                                                                                      The private key file can be downloaded only once. Keep it secure. When creating an ECS, specify the name of your preferred key pair. Use the private key each time you SSH into the ECS.
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_qs_0007.html b/docs/cce/umn/cce_qs_0007.html
index f47d94d59..cd7689b79 100644
--- a/docs/cce/umn/cce_qs_0007.html
+++ b/docs/cce/umn/cce_qs_0007.html
@@ -6,9 +6,9 @@
 
 
diff --git a/docs/cce/umn/cce_qs_0008.html b/docs/cce/umn/cce_qs_0008.html
index a473125ab..265f3eee1 100644
--- a/docs/cce/umn/cce_qs_0008.html
+++ b/docs/cce/umn/cce_qs_0008.html
@@ -3,8 +3,8 @@
 
                                                                                                                                                                                                                    Creating a Kubernetes Cluster
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    Context
                                                                                                                                                                                                                    This section describes how to quickly create a CCE cluster. In this example, the default or simple configurations are in use.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    Creating a Cluster
                                                                                                                                                                                                                    1. Log in to the CCE console.
                                                                                                                                                                                                                      • If you have no clusters, click Create CCE Standard Cluster on the wizard page.
                                                                                                                                                                                                                      • If your have CCE clusters, choose Clusters in the navigation pane, click Create Cluster and select the CCE standard cluster.
                                                                                                                                                                                                                      
-
                                                                                                                                                                                                                    2. On the page displayed, configure parameters following instructions.
                                                                                                                                                                                                                      In this example, a majority of parameters retain default values. Only mandatory parameters are described. For details, see Table 1.
+
                                                                                                                                                                                                                      Creating a Cluster
                                                                                                                                                                                                                      1. Log in to the CCE console.
                                                                                                                                                                                                                        • If you have no clusters, click Create Cluster on the wizard page.
                                                                                                                                                                                                                        • If you have CCE clusters, choose Clusters in the navigation pane, click Create Cluster and select the CCE standard cluster.
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      2. On the Create Cluster page, configure parameters following instructions.
                                                                                                                                                                                                                        In this example, a majority of parameters retain default values. Only mandatory parameters are described. For details, see Table 1.
 
                                                                                                                                                                                                                Table 1 Relationships between CCE and other services
                                                                                                                                                                                                                Service
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
 
                                                                                                                                                                                                                
-
-
-
+
+
+
                                                                                                                                                                                                                Table 1 Parameters for creating a cluster
                                                                                                                                                                                                                Parameter
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                Description
                                                                                                                                                                                                                
@@ -43,10 +43,9 @@
 
                                                                                                                                                                                                                If no VPC is available, click Create VPC to create one. After the VPC is created, click the refresh icon.
                                                                                                                                                                                                                
 
 
                                                                                                                                                                                                                *Subnet
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                *Master Node Subnet
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Select a subnet for worker nodes.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                If no subnet is available, click Create Subnet. This configuration cannot be modified after the cluster is created.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Subnet where master nodes of the cluster are located.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                *Container CIDR Block
                                                                                                                                                                                                                
@@ -55,7 +54,12 @@
 
                                                                                                                                                                                                                Retain the default value.
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                *Service CIDR Block
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                * Pod IP Addresses Reserved for Each Node
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The number of container IP addresses that can be allocated to each node (alpha.cce/fixPoolMask) when creating a cluster. This parameter determines the maximum number of pods that can be created on each node.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                *IPv4 Service CIDR Block
                                                                                                                                                                                                                
                                                                                                                                                                                                                 		
 
                                                                                                                                                                                                                CIDR block for Services used by containers in the same cluster to access each other. The value determines the maximum number of Services you can create. The value cannot be changed after creation.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Retain the default value.
                                                                                                                                                                                                                
@@ -65,22 +69,79 @@
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                              26. Click Next: Select Add-on. On the page displayed, select the add-ons to be installed during cluster creation.
                                                                                                                                                                                                              27. Click Next: Add-on Configuration.
                                                                                                                                                                                                              28. Click Next: Confirm configuration. After confirming the information, click Submit.
                                                                                                                                                                                                                It takes about 6 to 10 minutes to create a cluster.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                              29. Click Next: Select Add-on. On the page displayed, select the add-ons to be installed during cluster creation.
                                                                                                                                                                                                              30. Click Next: Configure Add-on. Retain the default settings.
                                                                                                                                                                                                              31. Click Next: Confirm configuration, confirm the displayed cluster resource list, and click Submit.
                                                                                                                                                                                                                It takes about 5 to 10 minutes to create a cluster.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                The created cluster will be displayed on the Clusters page, and the number of nodes in the cluster is 0.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                32. 
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Creating a Node
                                                                                                                                                                                                                After a cluster is created, you need to create nodes in the cluster to run workloads.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                1. Log in to the CCE console.
                                                                                                                                                                                                                2. Click the name of the created cluster to access the cluster console.
                                                                                                                                                                                                                3. In the navigation pane, choose Nodes. Click the Nodes tab, click Create Node in the upper right corner, and configure parameters as prompted.
                                                                                                                                                                                                                  The following describes only important parameters. For other parameters, retain the defaults.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Compute Settings
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  • AZ: Keep the default.
                                                                                                                                                                                                                  • Node Type: Select Elastic Cloud Server (VM).
                                                                                                                                                                                                                  • Specifications: Select node specifications that fit your business needs.
                                                                                                                                                                                                                  • Container Engine: Select a container engine as required.
                                                                                                                                                                                                                  • OS: Select the operating system (OS) of the nodes to be created.
                                                                                                                                                                                                                  • Node Name: Enter a node name.
                                                                                                                                                                                                                  • Login Mode:
                                                                                                                                                                                                                    • If the login mode is Key Pair, select a key pair for logging to the node and select the check box to acknowledge that you have obtained the key file and without this file you will not be able to log in to the node.
                                                                                                                                                                                                                      A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.
                                                                                                                                                                                                                      
+
+
                                                                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                      Table 2 Parameters for creating a node
                                                                                                                                                                                                                      Parameter
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Description
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Configurations
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      *AZ
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Select an AZ for the node as needed. You can select Random.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      *Node Type
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Select a node type based on service requirements. Then, the available node flavors will be automatically displayed in the Specifications area for you to select.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      In this example, Elastic Cloud Server (VM) is selected.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      *Specifications
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Select node specifications that best fit your service needs. 
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      *Container Engine
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Select a container engine based on service requirements. 
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      *OS
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Select an OS for the node.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      *Login Mode
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • If the login mode is Key Pair, select a key pair for logging to the node and select the check box to acknowledge that you have obtained the key file and without this file you will not be able to log in to the node.
                                                                                                                                                                                                                        A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.
                                                                                                                                                                                                                        
 
                                                                                                                                                                                                                      
-
-
                                                                                                                                                                                                                      Storage Settings
                                                                                                                                                                                                                      
-
                                                                                                                                                                                                                      • System Disk: Configure the disk type and capacity based on your requirements. The default disk capacity is 50 GiB.
                                                                                                                                                                                                                      • Data Disk: Configure the disk type and capacity based on your requirements. The default disk capacity is 100 GiB.
                                                                                                                                                                                                                      
-
                                                                                                                                                                                                                      Network Settings
                                                                                                                                                                                                                      
-
                                                                                                                                                                                                                      • VPC: Use the default VPC, which is, the subnet selected during cluster creation.
                                                                                                                                                                                                                      • Node Subnet: Select a subnet in which the node runs.
                                                                                                                                                                                                                      • Node IP: Select Automatic. The node IP indicates the private IP address of the node.
                                                                                                                                                                                                                      • EIP: enables public network access. After an EIP is bound, the node can access the Internet, for example, downloading images from an external repository.
                                                                                                                                                                                                                        The default value is Do not use. You can also select Use existing or Auto create.
                                                                                                                                                                                                                        
-
                                                                                                                                                                                                                      
-
                                                                                                                                                                                                                    • At the bottom of the page, select the node quantity, and click Next: Confirm.
                                                                                                                                                                                                                    • Review the node specifications, read the instructions, select I have read and understand the preceding information, and click Submit.
                                                                                                                                                                                                                      It takes about 6 to 10 minutes to create a node.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • Storage Settings
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      *System Disk
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Select the system disk size based on your service requirements. The default value is 50 GiB.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      *Data Disk
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Set the data disk size and quantity based on your service requirements. At least one data disk is required for container runtime and Kubelet components. The default value is 100 GiB.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Network Settings
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      VPC/Node Subnet
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      The node subnet selected during cluster creation is used by default. You can choose another subnet instead.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                    • At the bottom of the page, select the node quantity, and click Next: Confirm.
                                                                                                                                                                                                                    • Review the node specifications, read the instructions, select I have read and understand the preceding information, and click Submit.
                                                                                                                                                                                                                      It takes about 5 to 10 minutes to complete the node creation.
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                      The created node will be displayed on the Nodes page.
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_qs_0009.html b/docs/cce/umn/cce_qs_0009.html
index e4089db30..a8eb75fc0 100644
--- a/docs/cce/umn/cce_qs_0009.html
+++ b/docs/cce/umn/cce_qs_0009.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                                                                                Overview
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                WordPress was originally a blog platform based on PHP and MySQL. It is gradually evolved into a content management system. You can set up your own blog website on any server that supports PHP and MySQL. Thousands of plug-ins and countless theme templates are available for WordPress and easy to install.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                WordPress was originally a blog platform based on PHP and MySQL. It is gradually evolved into a content management system. You can set up your own blog website on any server that supports PHP and MySQL.  Thousands of plug-ins and countless theme templates are available for WordPress and easy to install.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                WordPress is a blog platform developed in hypertext preprocessor (PHP). You can set up your websites on the services that support PHP and MySQL databases, or use WordPress as a content management system. For more information about WordPress, visit https://wordpress.org/.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                WordPress must be used together with MySQL. WordPress runs the content management program while MySQL serves as a database to store data. Generally, WordPress and MySQL run in different containers, as shown in the following figure.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Figure 1 WordPress
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Figure 1 WordPress
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                In this example, two container images are involved.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                • WordPress: Select wordpress:php7.3 in this example.
                                                                                                                                                                                                                • MySQL: Select mysql:5.7 in this example.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                When WordPress accesses MySQL in a cluster, Kubernetes provides a resource object called Service for the workload access. In this example, a Service is created for MySQL and WordPress, respectively. For details about how to create and configure a Service, see the following sections.
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/en-us_image_0000001332989461.png b/docs/cce/umn/en-us_image_0000001332989461.png
deleted file mode 100644
index 220bbf453..000000000
Binary files a/docs/cce/umn/en-us_image_0000001332989461.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001751308190.png b/docs/cce/umn/en-us_image_0000001751308190.png
deleted file mode 100644
index 7af4d17a2..000000000
Binary files a/docs/cce/umn/en-us_image_0000001751308190.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001751467114.png b/docs/cce/umn/en-us_image_0000001851742516.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001751467114.png
rename to docs/cce/umn/en-us_image_0000001851742516.png
diff --git a/docs/cce/umn/en-us_image_0000001851742548.png b/docs/cce/umn/en-us_image_0000001851742548.png
new file mode 100644
index 000000000..eb3301928
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001851742548.png differ
diff --git a/docs/cce/umn/en-us_image_0000001798266905.png b/docs/cce/umn/en-us_image_0000001851742596.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001798266905.png
rename to docs/cce/umn/en-us_image_0000001851742596.png
diff --git a/docs/cce/umn/en-us_image_0000001751467142.png b/docs/cce/umn/en-us_image_0000001851742644.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001751467142.png
rename to docs/cce/umn/en-us_image_0000001851742644.png
diff --git a/docs/cce/umn/en-us_image_0000001751308206.png b/docs/cce/umn/en-us_image_0000001851742664.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001751308206.png
rename to docs/cce/umn/en-us_image_0000001851742664.png
diff --git a/docs/cce/umn/en-us_image_0000001798266925.png b/docs/cce/umn/en-us_image_0000001851742724.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001798266925.png
rename to docs/cce/umn/en-us_image_0000001851742724.png
diff --git a/docs/cce/umn/en-us_image_0000001798307873.png b/docs/cce/umn/en-us_image_0000001898022705.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001798307873.png
rename to docs/cce/umn/en-us_image_0000001898022705.png
diff --git a/docs/cce/umn/en-us_image_0000001798307901.png b/docs/cce/umn/en-us_image_0000001898022793.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001798307901.png
rename to docs/cce/umn/en-us_image_0000001898022793.png
diff --git a/docs/cce/umn/en-us_image_0000001751467134.png b/docs/cce/umn/en-us_image_0000001898022857.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001751467134.png
rename to docs/cce/umn/en-us_image_0000001898022857.png
diff --git a/docs/cce/umn/en-us_image_0000002065478774.gif b/docs/cce/umn/en-us_image_0000002065478774.gif
deleted file mode 100644
index 3ced28ebc..000000000
Binary files a/docs/cce/umn/en-us_image_0000002065478774.gif and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002065478874.png b/docs/cce/umn/en-us_image_0000002065478874.png
deleted file mode 100644
index b0639578b..000000000
Binary files a/docs/cce/umn/en-us_image_0000002065478874.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002065479138.png b/docs/cce/umn/en-us_image_0000002065479138.png
deleted file mode 100644
index 7a97cc95f..000000000
Binary files a/docs/cce/umn/en-us_image_0000002065479138.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002065479674.png b/docs/cce/umn/en-us_image_0000002065479674.png
deleted file mode 100644
index 97a22d839..000000000
Binary files a/docs/cce/umn/en-us_image_0000002065479674.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002065480910.png b/docs/cce/umn/en-us_image_0000002065480910.png
deleted file mode 100644
index 23752228d..000000000
Binary files a/docs/cce/umn/en-us_image_0000002065480910.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002065636318.png b/docs/cce/umn/en-us_image_0000002065636318.png
deleted file mode 100644
index b295b34e6..000000000
Binary files a/docs/cce/umn/en-us_image_0000002065636318.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002065636326.png b/docs/cce/umn/en-us_image_0000002065636326.png
deleted file mode 100644
index dab58aa9c..000000000
Binary files a/docs/cce/umn/en-us_image_0000002065636326.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002065637230.png b/docs/cce/umn/en-us_image_0000002065637230.png
deleted file mode 100644
index 00e966cb0..000000000
Binary files a/docs/cce/umn/en-us_image_0000002065637230.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002065637498.png b/docs/cce/umn/en-us_image_0000002065637498.png
deleted file mode 100644
index ee2270f05..000000000
Binary files a/docs/cce/umn/en-us_image_0000002065637498.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002065639022.png b/docs/cce/umn/en-us_image_0000002065639022.png
deleted file mode 100644
index 92e2615ec..000000000
Binary files a/docs/cce/umn/en-us_image_0000002065639022.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002065639130.png b/docs/cce/umn/en-us_image_0000002065639130.png
deleted file mode 100644
index 6293da6a9..000000000
Binary files a/docs/cce/umn/en-us_image_0000002065639130.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002065639146.png b/docs/cce/umn/en-us_image_0000002065639146.png
deleted file mode 100644
index af9cb4e72..000000000
Binary files a/docs/cce/umn/en-us_image_0000002065639146.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002065639262.png b/docs/cce/umn/en-us_image_0000002065639262.png
deleted file mode 100644
index f963c9739..000000000
Binary files a/docs/cce/umn/en-us_image_0000002065639262.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002101595681.gif b/docs/cce/umn/en-us_image_0000002101595681.gif
deleted file mode 100644
index c8fba921e..000000000
Binary files a/docs/cce/umn/en-us_image_0000002101595681.gif and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002101596485.png b/docs/cce/umn/en-us_image_0000002101596485.png
deleted file mode 100644
index 3aa8ffe46..000000000
Binary files a/docs/cce/umn/en-us_image_0000002101596485.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002101596565.png b/docs/cce/umn/en-us_image_0000002101596565.png
deleted file mode 100644
index 05cb59e81..000000000
Binary files a/docs/cce/umn/en-us_image_0000002101596565.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002101597089.png b/docs/cce/umn/en-us_image_0000002101597089.png
deleted file mode 100644
index 81893d638..000000000
Binary files a/docs/cce/umn/en-us_image_0000002101597089.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002101597829.png b/docs/cce/umn/en-us_image_0000002101597829.png
deleted file mode 100644
index 3dc21dded..000000000
Binary files a/docs/cce/umn/en-us_image_0000002101597829.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002101677169.gif b/docs/cce/umn/en-us_image_0000002101677169.gif
deleted file mode 100644
index 7086a0961..000000000
Binary files a/docs/cce/umn/en-us_image_0000002101677169.gif and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002101677565.png b/docs/cce/umn/en-us_image_0000002101677565.png
deleted file mode 100644
index 580ac4c9c..000000000
Binary files a/docs/cce/umn/en-us_image_0000002101677565.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002101678921.png b/docs/cce/umn/en-us_image_0000002101678921.png
deleted file mode 100644
index 1a1990767..000000000
Binary files a/docs/cce/umn/en-us_image_0000002101678921.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002101679293.png b/docs/cce/umn/en-us_image_0000002101679293.png
deleted file mode 100644
index da5aed3a5..000000000
Binary files a/docs/cce/umn/en-us_image_0000002101679293.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002101594869.png b/docs/cce/umn/en-us_image_0000002218657498.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101594869.png
rename to docs/cce/umn/en-us_image_0000002218657498.png
diff --git a/docs/cce/umn/en-us_image_0000002101594885.png b/docs/cce/umn/en-us_image_0000002218657514.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101594885.png
rename to docs/cce/umn/en-us_image_0000002218657514.png
diff --git a/docs/cce/umn/en-us_image_0000002065637006.png b/docs/cce/umn/en-us_image_0000002218658206.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637006.png
rename to docs/cce/umn/en-us_image_0000002218658206.png
diff --git a/docs/cce/umn/en-us_image_0000002101677229.png b/docs/cce/umn/en-us_image_0000002218658310.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101677229.png
rename to docs/cce/umn/en-us_image_0000002218658310.png
diff --git a/docs/cce/umn/en-us_image_0000002101677245.png b/docs/cce/umn/en-us_image_0000002218658322.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101677245.png
rename to docs/cce/umn/en-us_image_0000002218658322.png
diff --git a/docs/cce/umn/en-us_image_0000002101595757.png b/docs/cce/umn/en-us_image_0000002218658326.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101595757.png
rename to docs/cce/umn/en-us_image_0000002218658326.png
diff --git a/docs/cce/umn/en-us_image_0000002101595793.png b/docs/cce/umn/en-us_image_0000002218658406.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101595793.png
rename to docs/cce/umn/en-us_image_0000002218658406.png
diff --git a/docs/cce/umn/en-us_image_0000002101595809.png b/docs/cce/umn/en-us_image_0000002218658418.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101595809.png
rename to docs/cce/umn/en-us_image_0000002218658418.png
diff --git a/docs/cce/umn/en-us_image_0000002065478990.png b/docs/cce/umn/en-us_image_0000002218658506.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065478990.png
rename to docs/cce/umn/en-us_image_0000002218658506.png
diff --git a/docs/cce/umn/en-us_image_0000002218658526.png b/docs/cce/umn/en-us_image_0000002218658526.png
new file mode 100644
index 000000000..5333ecd83
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218658526.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101596077.png b/docs/cce/umn/en-us_image_0000002218658606.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101596077.png
rename to docs/cce/umn/en-us_image_0000002218658606.png
diff --git a/docs/cce/umn/en-us_image_0000002065637534.png b/docs/cce/umn/en-us_image_0000002218658614.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637534.png
rename to docs/cce/umn/en-us_image_0000002218658614.png
diff --git a/docs/cce/umn/en-us_image_0000002218658654.png b/docs/cce/umn/en-us_image_0000002218658654.png
new file mode 100644
index 000000000..890052773
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218658654.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065637710.png b/docs/cce/umn/en-us_image_0000002218658786.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637710.png
rename to docs/cce/umn/en-us_image_0000002218658786.png
diff --git a/docs/cce/umn/en-us_image_0000002101595749.png b/docs/cce/umn/en-us_image_0000002218658854.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101595749.png
rename to docs/cce/umn/en-us_image_0000002218658854.png
diff --git a/docs/cce/umn/en-us_image_0000002101596661.png b/docs/cce/umn/en-us_image_0000002218658914.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101596661.png
rename to docs/cce/umn/en-us_image_0000002218658914.png
diff --git a/docs/cce/umn/en-us_image_0000002101595797.jpg b/docs/cce/umn/en-us_image_0000002218658934.jpg
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101595797.jpg
rename to docs/cce/umn/en-us_image_0000002218658934.jpg
diff --git a/docs/cce/umn/en-us_image_0000002101596405.png b/docs/cce/umn/en-us_image_0000002218658938.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101596405.png
rename to docs/cce/umn/en-us_image_0000002218658938.png
diff --git a/docs/cce/umn/en-us_image_0000002065478954.png b/docs/cce/umn/en-us_image_0000002218659046.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065478954.png
rename to docs/cce/umn/en-us_image_0000002218659046.png
diff --git a/docs/cce/umn/en-us_image_0000002101677485.png b/docs/cce/umn/en-us_image_0000002218659098.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101677485.png
rename to docs/cce/umn/en-us_image_0000002218659098.png
diff --git a/docs/cce/umn/en-us_image_0000002065479098.png b/docs/cce/umn/en-us_image_0000002218659110.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065479098.png
rename to docs/cce/umn/en-us_image_0000002218659110.png
diff --git a/docs/cce/umn/en-us_image_0000002065637438.png b/docs/cce/umn/en-us_image_0000002218659118.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637438.png
rename to docs/cce/umn/en-us_image_0000002218659118.png
diff --git a/docs/cce/umn/en-us_image_0000002065479118.png b/docs/cce/umn/en-us_image_0000002218659142.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065479118.png
rename to docs/cce/umn/en-us_image_0000002218659142.png
diff --git a/docs/cce/umn/en-us_image_0000002065637614.png b/docs/cce/umn/en-us_image_0000002218659174.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637614.png
rename to docs/cce/umn/en-us_image_0000002218659174.png
diff --git a/docs/cce/umn/en-us_image_0000002065637630.jpg b/docs/cce/umn/en-us_image_0000002218659182.jpg
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637630.jpg
rename to docs/cce/umn/en-us_image_0000002218659182.jpg
diff --git a/docs/cce/umn/en-us_image_0000002065637706.png b/docs/cce/umn/en-us_image_0000002218659242.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637706.png
rename to docs/cce/umn/en-us_image_0000002218659242.png
diff --git a/docs/cce/umn/en-us_image_0000002065637662.png b/docs/cce/umn/en-us_image_0000002218659254.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637662.png
rename to docs/cce/umn/en-us_image_0000002218659254.png
diff --git a/docs/cce/umn/en-us_image_0000002065480898.png b/docs/cce/umn/en-us_image_0000002218659274.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480898.png
rename to docs/cce/umn/en-us_image_0000002218659274.png
diff --git a/docs/cce/umn/en-us_image_0000002218659302.png b/docs/cce/umn/en-us_image_0000002218659302.png
new file mode 100644
index 000000000..cc460facf
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218659302.png differ
diff --git a/docs/cce/umn/en-us_image_0000002218659314.png b/docs/cce/umn/en-us_image_0000002218659314.png
new file mode 100644
index 000000000..80e5851a9
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218659314.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101678557.png b/docs/cce/umn/en-us_image_0000002218659818.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678557.png
rename to docs/cce/umn/en-us_image_0000002218659818.png
diff --git a/docs/cce/umn/en-us_image_0000002101678525.png b/docs/cce/umn/en-us_image_0000002218659822.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678525.png
rename to docs/cce/umn/en-us_image_0000002218659822.png
diff --git a/docs/cce/umn/en-us_image_0000002065638558.png b/docs/cce/umn/en-us_image_0000002218659866.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638558.png
rename to docs/cce/umn/en-us_image_0000002218659866.png
diff --git a/docs/cce/umn/en-us_image_0000002065479422.png b/docs/cce/umn/en-us_image_0000002218659906.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065479422.png
rename to docs/cce/umn/en-us_image_0000002218659906.png
diff --git a/docs/cce/umn/en-us_image_0000002065480278.png b/docs/cce/umn/en-us_image_0000002218659930.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480278.png
rename to docs/cce/umn/en-us_image_0000002218659930.png
diff --git a/docs/cce/umn/en-us_image_0000002065480330.png b/docs/cce/umn/en-us_image_0000002218659938.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480330.png
rename to docs/cce/umn/en-us_image_0000002218659938.png
diff --git a/docs/cce/umn/en-us_image_0000002101597289.png b/docs/cce/umn/en-us_image_0000002218660018.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597289.png
rename to docs/cce/umn/en-us_image_0000002218660018.png
diff --git a/docs/cce/umn/en-us_image_0000002218660022.png b/docs/cce/umn/en-us_image_0000002218660022.png
new file mode 100644
index 000000000..ec3a39318
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218660022.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101678833.png b/docs/cce/umn/en-us_image_0000002218660194.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678833.png
rename to docs/cce/umn/en-us_image_0000002218660194.png
diff --git a/docs/cce/umn/en-us_image_0000002065480470.png b/docs/cce/umn/en-us_image_0000002218660226.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480470.png
rename to docs/cce/umn/en-us_image_0000002218660226.png
diff --git a/docs/cce/umn/en-us_image_0000002101597409.png b/docs/cce/umn/en-us_image_0000002218660238.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597409.png
rename to docs/cce/umn/en-us_image_0000002218660238.png
diff --git a/docs/cce/umn/en-us_image_0000002101678937.png b/docs/cce/umn/en-us_image_0000002218660286.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678937.png
rename to docs/cce/umn/en-us_image_0000002218660286.png
diff --git a/docs/cce/umn/en-us_image_0000002065480554.png b/docs/cce/umn/en-us_image_0000002218660294.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480554.png
rename to docs/cce/umn/en-us_image_0000002218660294.png
diff --git a/docs/cce/umn/en-us_image_0000002065480558.png b/docs/cce/umn/en-us_image_0000002218660298.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480558.png
rename to docs/cce/umn/en-us_image_0000002218660298.png
diff --git a/docs/cce/umn/en-us_image_0000002218660366.png b/docs/cce/umn/en-us_image_0000002218660366.png
new file mode 100644
index 000000000..ec3a39318
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218660366.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065480618.png b/docs/cce/umn/en-us_image_0000002218660418.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480618.png
rename to docs/cce/umn/en-us_image_0000002218660418.png
diff --git a/docs/cce/umn/en-us_image_0000002065638938.png b/docs/cce/umn/en-us_image_0000002218660430.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638938.png
rename to docs/cce/umn/en-us_image_0000002218660430.png
diff --git a/docs/cce/umn/en-us_image_0000002065638946.png b/docs/cce/umn/en-us_image_0000002218660438.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638946.png
rename to docs/cce/umn/en-us_image_0000002218660438.png
diff --git a/docs/cce/umn/en-us_image_0000002218660466.png b/docs/cce/umn/en-us_image_0000002218660466.png
new file mode 100644
index 000000000..8747a8ea3
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218660466.png differ
diff --git a/docs/cce/umn/en-us_image_0000002218660474.png b/docs/cce/umn/en-us_image_0000002218660474.png
new file mode 100644
index 000000000..8747a8ea3
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218660474.png differ
diff --git a/docs/cce/umn/en-us_image_0000002218660478.png b/docs/cce/umn/en-us_image_0000002218660478.png
new file mode 100644
index 000000000..65ebacba8
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218660478.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101597485.png b/docs/cce/umn/en-us_image_0000002218660486.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597485.png
rename to docs/cce/umn/en-us_image_0000002218660486.png
diff --git a/docs/cce/umn/en-us_image_0000002101679081.png b/docs/cce/umn/en-us_image_0000002218660514.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101679081.png
rename to docs/cce/umn/en-us_image_0000002218660514.png
diff --git a/docs/cce/umn/en-us_image_0000002065480610.png b/docs/cce/umn/en-us_image_0000002218660566.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480610.png
rename to docs/cce/umn/en-us_image_0000002218660566.png
diff --git a/docs/cce/umn/en-us_image_0000002101679273.png b/docs/cce/umn/en-us_image_0000002218660654.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101679273.png
rename to docs/cce/umn/en-us_image_0000002218660654.png
diff --git a/docs/cce/umn/en-us_image_0000002101679233.png b/docs/cce/umn/en-us_image_0000002218660706.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101679233.png
rename to docs/cce/umn/en-us_image_0000002218660706.png
diff --git a/docs/cce/umn/en-us_image_0000002101597757.png b/docs/cce/umn/en-us_image_0000002218660710.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597757.png
rename to docs/cce/umn/en-us_image_0000002218660710.png
diff --git a/docs/cce/umn/en-us_image_0000002065479386.png b/docs/cce/umn/en-us_image_0000002218660718.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065479386.png
rename to docs/cce/umn/en-us_image_0000002218660718.png
diff --git a/docs/cce/umn/en-us_image_0000002065639282.png b/docs/cce/umn/en-us_image_0000002218660734.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065639282.png
rename to docs/cce/umn/en-us_image_0000002218660734.png
diff --git a/docs/cce/umn/en-us_image_0000002218660782.png b/docs/cce/umn/en-us_image_0000002218660782.png
new file mode 100644
index 000000000..1f3580df6
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218660782.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065480762.png b/docs/cce/umn/en-us_image_0000002218660810.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480762.png
rename to docs/cce/umn/en-us_image_0000002218660810.png
diff --git a/docs/cce/umn/en-us_image_0000002218817314.png b/docs/cce/umn/en-us_image_0000002218817314.png
new file mode 100644
index 000000000..ea2f0b851
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218817314.png differ
diff --git a/docs/cce/umn/en-us_image_0000002218817326.png b/docs/cce/umn/en-us_image_0000002218817326.png
new file mode 100644
index 000000000..7a8d81f18
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218817326.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065478702.png b/docs/cce/umn/en-us_image_0000002218818034.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065478702.png
rename to docs/cce/umn/en-us_image_0000002218818034.png
diff --git a/docs/cce/umn/en-us_image_0000002065478822.png b/docs/cce/umn/en-us_image_0000002218818126.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065478822.png
rename to docs/cce/umn/en-us_image_0000002218818126.png
diff --git a/docs/cce/umn/en-us_image_0000002101595737.png b/docs/cce/umn/en-us_image_0000002218818142.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101595737.png
rename to docs/cce/umn/en-us_image_0000002218818142.png
diff --git a/docs/cce/umn/en-us_image_0000002065478854.png b/docs/cce/umn/en-us_image_0000002218818146.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065478854.png
rename to docs/cce/umn/en-us_image_0000002218818146.png
diff --git a/docs/cce/umn/en-us_image_0000002065637194.png b/docs/cce/umn/en-us_image_0000002218818158.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637194.png
rename to docs/cce/umn/en-us_image_0000002218818158.png
diff --git a/docs/cce/umn/en-us_image_0000002101677309.png b/docs/cce/umn/en-us_image_0000002218818218.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101677309.png
rename to docs/cce/umn/en-us_image_0000002218818218.png
diff --git a/docs/cce/umn/en-us_image_0000002218818222.png b/docs/cce/umn/en-us_image_0000002218818222.png
new file mode 100644
index 000000000..4dae37815
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218818222.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101677301.png b/docs/cce/umn/en-us_image_0000002218818234.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101677301.png
rename to docs/cce/umn/en-us_image_0000002218818234.png
diff --git a/docs/cce/umn/en-us_image_0000002065637258.png b/docs/cce/umn/en-us_image_0000002218818246.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637258.png
rename to docs/cce/umn/en-us_image_0000002218818246.png
diff --git a/docs/cce/umn/en-us_image_0000002065637342.png b/docs/cce/umn/en-us_image_0000002218818310.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637342.png
rename to docs/cce/umn/en-us_image_0000002218818310.png
diff --git a/docs/cce/umn/en-us_image_0000002218818366.png b/docs/cce/umn/en-us_image_0000002218818366.png
new file mode 100644
index 000000000..003941bb9
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218818366.png differ
diff --git a/docs/cce/umn/en-us_image_0000002218818382.png b/docs/cce/umn/en-us_image_0000002218818382.png
new file mode 100644
index 000000000..b15f23fff
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218818382.png differ
diff --git a/docs/cce/umn/en-us_image_0000002218818386.png b/docs/cce/umn/en-us_image_0000002218818386.png
new file mode 100644
index 000000000..ee3834590
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218818386.png differ
diff --git a/docs/cce/umn/en-us_image_0000002218818398.png b/docs/cce/umn/en-us_image_0000002218818398.png
new file mode 100644
index 000000000..2b7d0f6e5
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218818398.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101595761.jpg b/docs/cce/umn/en-us_image_0000002218818442.jpg
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101595761.jpg
rename to docs/cce/umn/en-us_image_0000002218818442.jpg
diff --git a/docs/cce/umn/en-us_image_0000002101677605.png b/docs/cce/umn/en-us_image_0000002218818446.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101677605.png
rename to docs/cce/umn/en-us_image_0000002218818446.png
diff --git a/docs/cce/umn/en-us_image_0000002065479222.png b/docs/cce/umn/en-us_image_0000002218818458.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065479222.png
rename to docs/cce/umn/en-us_image_0000002218818458.png
diff --git a/docs/cce/umn/en-us_image_0000002218818490.png b/docs/cce/umn/en-us_image_0000002218818490.png
new file mode 100644
index 000000000..ff2529469
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218818490.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101677281.png b/docs/cce/umn/en-us_image_0000002218818530.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101677281.png
rename to docs/cce/umn/en-us_image_0000002218818530.png
diff --git a/docs/cce/umn/en-us_image_0000002065479338.png b/docs/cce/umn/en-us_image_0000002218818546.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065479338.png
rename to docs/cce/umn/en-us_image_0000002218818546.png
diff --git a/docs/cce/umn/en-us_image_0000002065480858.png b/docs/cce/umn/en-us_image_0000002218818590.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480858.png
rename to docs/cce/umn/en-us_image_0000002218818590.png
diff --git a/docs/cce/umn/en-us_image_0000002065637794.png b/docs/cce/umn/en-us_image_0000002218818630.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637794.png
rename to docs/cce/umn/en-us_image_0000002218818630.png
diff --git a/docs/cce/umn/en-us_image_0000002065638086.png b/docs/cce/umn/en-us_image_0000002218818686.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638086.png
rename to docs/cce/umn/en-us_image_0000002218818686.png
diff --git a/docs/cce/umn/en-us_image_0000002101678157.png b/docs/cce/umn/en-us_image_0000002218818734.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678157.png
rename to docs/cce/umn/en-us_image_0000002218818734.png
diff --git a/docs/cce/umn/en-us_image_0000002065638098.png b/docs/cce/umn/en-us_image_0000002218818738.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638098.png
rename to docs/cce/umn/en-us_image_0000002218818738.png
diff --git a/docs/cce/umn/en-us_image_0000002065478898.jpg b/docs/cce/umn/en-us_image_0000002218818770.jpg
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065478898.jpg
rename to docs/cce/umn/en-us_image_0000002218818770.jpg
diff --git a/docs/cce/umn/en-us_image_0000002065637422.png b/docs/cce/umn/en-us_image_0000002218818914.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637422.png
rename to docs/cce/umn/en-us_image_0000002218818914.png
diff --git a/docs/cce/umn/en-us_image_0000002101677497.png b/docs/cce/umn/en-us_image_0000002218818934.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101677497.png
rename to docs/cce/umn/en-us_image_0000002218818934.png
diff --git a/docs/cce/umn/en-us_image_0000002065637450.png b/docs/cce/umn/en-us_image_0000002218818946.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637450.png
rename to docs/cce/umn/en-us_image_0000002218818946.png
diff --git a/docs/cce/umn/en-us_image_0000002101677421.png b/docs/cce/umn/en-us_image_0000002218818954.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101677421.png
rename to docs/cce/umn/en-us_image_0000002218818954.png
diff --git a/docs/cce/umn/en-us_image_0000002065479622.png b/docs/cce/umn/en-us_image_0000002218818982.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065479622.png
rename to docs/cce/umn/en-us_image_0000002218818982.png
diff --git a/docs/cce/umn/en-us_image_0000002065637598.png b/docs/cce/umn/en-us_image_0000002218818994.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637598.png
rename to docs/cce/umn/en-us_image_0000002218818994.png
diff --git a/docs/cce/umn/en-us_image_0000002101596229.png b/docs/cce/umn/en-us_image_0000002218819094.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101596229.png
rename to docs/cce/umn/en-us_image_0000002218819094.png
diff --git a/docs/cce/umn/en-us_image_0000002218819126.png b/docs/cce/umn/en-us_image_0000002218819126.png
new file mode 100644
index 000000000..a689b5aef
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218819126.png differ
diff --git a/docs/cce/umn/en-us_image_0000002218819222.png b/docs/cce/umn/en-us_image_0000002218819222.png
new file mode 100644
index 000000000..e06d9a969
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218819222.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101596489.png b/docs/cce/umn/en-us_image_0000002218819242.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101596489.png
rename to docs/cce/umn/en-us_image_0000002218819242.png
diff --git a/docs/cce/umn/en-us_image_0000002101678517.png b/docs/cce/umn/en-us_image_0000002218819650.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678517.png
rename to docs/cce/umn/en-us_image_0000002218819650.png
diff --git a/docs/cce/umn/en-us_image_0000002101678573.png b/docs/cce/umn/en-us_image_0000002218819718.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678573.png
rename to docs/cce/umn/en-us_image_0000002218819718.png
diff --git a/docs/cce/umn/en-us_image_0000002065638630.png b/docs/cce/umn/en-us_image_0000002218819774.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638630.png
rename to docs/cce/umn/en-us_image_0000002218819774.png
diff --git a/docs/cce/umn/en-us_image_0000002065480222.png b/docs/cce/umn/en-us_image_0000002218819786.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480222.png
rename to docs/cce/umn/en-us_image_0000002218819786.png
diff --git a/docs/cce/umn/en-us_image_0000002101597285.png b/docs/cce/umn/en-us_image_0000002218819838.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597285.png
rename to docs/cce/umn/en-us_image_0000002218819838.png
diff --git a/docs/cce/umn/en-us_image_0000002218819854.png b/docs/cce/umn/en-us_image_0000002218819854.png
new file mode 100644
index 000000000..ec3a39318
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218819854.png differ
diff --git a/docs/cce/umn/en-us_image_0000002218819982.png b/docs/cce/umn/en-us_image_0000002218819982.png
new file mode 100644
index 000000000..c33b2d080
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218819982.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065638766.png b/docs/cce/umn/en-us_image_0000002218820018.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638766.png
rename to docs/cce/umn/en-us_image_0000002218820018.png
diff --git a/docs/cce/umn/en-us_image_0000002065638678.png b/docs/cce/umn/en-us_image_0000002218820034.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638678.png
rename to docs/cce/umn/en-us_image_0000002218820034.png
diff --git a/docs/cce/umn/en-us_image_0000002065638794.png b/docs/cce/umn/en-us_image_0000002218820038.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638794.png
rename to docs/cce/umn/en-us_image_0000002218820038.png
diff --git a/docs/cce/umn/en-us_image_0000002065638906.png b/docs/cce/umn/en-us_image_0000002218820158.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638906.png
rename to docs/cce/umn/en-us_image_0000002218820158.png
diff --git a/docs/cce/umn/en-us_image_0000002218820166.png b/docs/cce/umn/en-us_image_0000002218820166.png
new file mode 100644
index 000000000..947d362c3
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218820166.png differ
diff --git a/docs/cce/umn/en-us_image_0000002218820214.png b/docs/cce/umn/en-us_image_0000002218820214.png
new file mode 100644
index 000000000..ad94ecdb0
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218820214.png differ
diff --git a/docs/cce/umn/en-us_image_0000002218820226.png b/docs/cce/umn/en-us_image_0000002218820226.png
new file mode 100644
index 000000000..ec3a39318
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218820226.png differ
diff --git a/docs/cce/umn/en-us_image_0000002218820242.png b/docs/cce/umn/en-us_image_0000002218820242.png
new file mode 100644
index 000000000..36d5818a6
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218820242.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065639038.png b/docs/cce/umn/en-us_image_0000002218820382.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065639038.png
rename to docs/cce/umn/en-us_image_0000002218820382.png
diff --git a/docs/cce/umn/en-us_image_0000002101678997.png b/docs/cce/umn/en-us_image_0000002218820402.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678997.png
rename to docs/cce/umn/en-us_image_0000002218820402.png
diff --git a/docs/cce/umn/en-us_image_0000002065638950.png b/docs/cce/umn/en-us_image_0000002218820410.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638950.png
rename to docs/cce/umn/en-us_image_0000002218820410.png
diff --git a/docs/cce/umn/en-us_image_0000002218820434.png b/docs/cce/umn/en-us_image_0000002218820434.png
new file mode 100644
index 000000000..3152d7d6e
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218820434.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065639042.png b/docs/cce/umn/en-us_image_0000002218820458.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065639042.png
rename to docs/cce/umn/en-us_image_0000002218820458.png
diff --git a/docs/cce/umn/en-us_image_0000002065639162.png b/docs/cce/umn/en-us_image_0000002218820526.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065639162.png
rename to docs/cce/umn/en-us_image_0000002218820526.png
diff --git a/docs/cce/umn/en-us_image_0000002101597765.png b/docs/cce/umn/en-us_image_0000002218820570.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597765.png
rename to docs/cce/umn/en-us_image_0000002218820570.png
diff --git a/docs/cce/umn/en-us_image_0000002218820586.png b/docs/cce/umn/en-us_image_0000002218820586.png
new file mode 100644
index 000000000..6f98070b0
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218820586.png differ
diff --git a/docs/cce/umn/en-us_image_0000002218820614.png b/docs/cce/umn/en-us_image_0000002218820614.png
new file mode 100644
index 000000000..9e12041d4
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218820614.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065480750.png b/docs/cce/umn/en-us_image_0000002218820646.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480750.png
rename to docs/cce/umn/en-us_image_0000002218820646.png
diff --git a/docs/cce/umn/en-us_image_0000002101597653.png b/docs/cce/umn/en-us_image_0000002218820650.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597653.png
rename to docs/cce/umn/en-us_image_0000002218820650.png
diff --git a/docs/cce/umn/en-us_image_0000002218820658.png b/docs/cce/umn/en-us_image_0000002218820658.png
new file mode 100644
index 000000000..962da0bfe
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218820658.png differ
diff --git a/docs/cce/umn/en-us_image_0000002218820674.png b/docs/cce/umn/en-us_image_0000002218820674.png
new file mode 100644
index 000000000..1fb9f4979
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218820674.png differ
diff --git a/docs/cce/umn/en-us_image_0000002218820702.png b/docs/cce/umn/en-us_image_0000002218820702.png
new file mode 100644
index 000000000..947d362c3
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002218820702.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065477978.png b/docs/cce/umn/en-us_image_0000002253617217.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065477978.png
rename to docs/cce/umn/en-us_image_0000002253617217.png
diff --git a/docs/cce/umn/en-us_image_0000002101595573.png b/docs/cce/umn/en-us_image_0000002253617941.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101595573.png
rename to docs/cce/umn/en-us_image_0000002253617941.png
diff --git a/docs/cce/umn/en-us_image_0000002101677269.png b/docs/cce/umn/en-us_image_0000002253618117.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101677269.png
rename to docs/cce/umn/en-us_image_0000002253618117.png
diff --git a/docs/cce/umn/en-us_image_0000002065637238.png b/docs/cce/umn/en-us_image_0000002253618121.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637238.png
rename to docs/cce/umn/en-us_image_0000002253618121.png
diff --git a/docs/cce/umn/en-us_image_0000002065637250.png b/docs/cce/umn/en-us_image_0000002253618133.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637250.png
rename to docs/cce/umn/en-us_image_0000002253618133.png
diff --git a/docs/cce/umn/en-us_image_0000002065478942.png b/docs/cce/umn/en-us_image_0000002253618137.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065478942.png
rename to docs/cce/umn/en-us_image_0000002253618137.png
diff --git a/docs/cce/umn/en-us_image_0000002253618289.png b/docs/cce/umn/en-us_image_0000002253618289.png
new file mode 100644
index 000000000..8c7766246
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002253618289.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065479186.png b/docs/cce/umn/en-us_image_0000002253618329.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065479186.png
rename to docs/cce/umn/en-us_image_0000002253618329.png
diff --git a/docs/cce/umn/en-us_image_0000002065479210.png b/docs/cce/umn/en-us_image_0000002253618345.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065479210.png
rename to docs/cce/umn/en-us_image_0000002253618345.png
diff --git a/docs/cce/umn/en-us_image_0000002065637722.png b/docs/cce/umn/en-us_image_0000002253618457.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637722.png
rename to docs/cce/umn/en-us_image_0000002253618457.png
diff --git a/docs/cce/umn/en-us_image_0000002101596289.png b/docs/cce/umn/en-us_image_0000002253618517.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101596289.png
rename to docs/cce/umn/en-us_image_0000002253618517.png
diff --git a/docs/cce/umn/en-us_image_0000002101596357.png b/docs/cce/umn/en-us_image_0000002253618529.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101596357.png
rename to docs/cce/umn/en-us_image_0000002253618529.png
diff --git a/docs/cce/umn/en-us_image_0000002101596637.png b/docs/cce/umn/en-us_image_0000002253618549.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101596637.png
rename to docs/cce/umn/en-us_image_0000002253618549.png
diff --git a/docs/cce/umn/en-us_image_0000002101677397.png b/docs/cce/umn/en-us_image_0000002253618569.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101677397.png
rename to docs/cce/umn/en-us_image_0000002253618569.png
diff --git a/docs/cce/umn/en-us_image_0000002101596653.png b/docs/cce/umn/en-us_image_0000002253618605.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101596653.png
rename to docs/cce/umn/en-us_image_0000002253618605.png
diff --git a/docs/cce/umn/en-us_image_0000002101596525.png b/docs/cce/umn/en-us_image_0000002253618649.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101596525.png
rename to docs/cce/umn/en-us_image_0000002253618649.png
diff --git a/docs/cce/umn/en-us_image_0000002253618813.png b/docs/cce/umn/en-us_image_0000002253618813.png
new file mode 100644
index 000000000..16aeb854c
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002253618813.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101595969.png b/docs/cce/umn/en-us_image_0000002253618817.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101595969.png
rename to docs/cce/umn/en-us_image_0000002253618817.png
diff --git a/docs/cce/umn/en-us_image_0000002101595997.png b/docs/cce/umn/en-us_image_0000002253618837.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101595997.png
rename to docs/cce/umn/en-us_image_0000002253618837.png
diff --git a/docs/cce/umn/en-us_image_0000002101677513.png b/docs/cce/umn/en-us_image_0000002253618841.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101677513.png
rename to docs/cce/umn/en-us_image_0000002253618841.png
diff --git a/docs/cce/umn/en-us_image_0000002065479598.png b/docs/cce/umn/en-us_image_0000002253618845.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065479598.png
rename to docs/cce/umn/en-us_image_0000002253618845.png
diff --git a/docs/cce/umn/en-us_image_0000002065637590.png b/docs/cce/umn/en-us_image_0000002253618897.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637590.png
rename to docs/cce/umn/en-us_image_0000002253618897.png
diff --git a/docs/cce/umn/en-us_image_0000002101597161.png b/docs/cce/umn/en-us_image_0000002253619005.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597161.png
rename to docs/cce/umn/en-us_image_0000002253619005.png
diff --git a/docs/cce/umn/en-us_image_0000002101596349.png b/docs/cce/umn/en-us_image_0000002253619089.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101596349.png
rename to docs/cce/umn/en-us_image_0000002253619089.png
diff --git a/docs/cce/umn/en-us_image_0000002253619117.png b/docs/cce/umn/en-us_image_0000002253619117.png
new file mode 100644
index 000000000..8ee277c3b
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002253619117.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065479290.png b/docs/cce/umn/en-us_image_0000002253619133.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065479290.png
rename to docs/cce/umn/en-us_image_0000002253619133.png
diff --git a/docs/cce/umn/en-us_image_0000002101597009.png b/docs/cce/umn/en-us_image_0000002253619517.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597009.png
rename to docs/cce/umn/en-us_image_0000002253619517.png
diff --git a/docs/cce/umn/en-us_image_0000002065638446.png b/docs/cce/umn/en-us_image_0000002253619521.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638446.png
rename to docs/cce/umn/en-us_image_0000002253619521.png
diff --git a/docs/cce/umn/en-us_image_0000002101597069.png b/docs/cce/umn/en-us_image_0000002253619569.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597069.png
rename to docs/cce/umn/en-us_image_0000002253619569.png
diff --git a/docs/cce/umn/en-us_image_0000002065480154.png b/docs/cce/umn/en-us_image_0000002253619601.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480154.png
rename to docs/cce/umn/en-us_image_0000002253619601.png
diff --git a/docs/cce/umn/en-us_image_0000002101597065.png b/docs/cce/umn/en-us_image_0000002253619605.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597065.png
rename to docs/cce/umn/en-us_image_0000002253619605.png
diff --git a/docs/cce/umn/en-us_image_0000002101678569.png b/docs/cce/umn/en-us_image_0000002253619613.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678569.png
rename to docs/cce/umn/en-us_image_0000002253619613.png
diff --git a/docs/cce/umn/en-us_image_0000002065638526.png b/docs/cce/umn/en-us_image_0000002253619621.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638526.png
rename to docs/cce/umn/en-us_image_0000002253619621.png
diff --git a/docs/cce/umn/en-us_image_0000002065638606.png b/docs/cce/umn/en-us_image_0000002253619653.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638606.png
rename to docs/cce/umn/en-us_image_0000002253619653.png
diff --git a/docs/cce/umn/en-us_image_0000002065480234.png b/docs/cce/umn/en-us_image_0000002253619701.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480234.png
rename to docs/cce/umn/en-us_image_0000002253619701.png
diff --git a/docs/cce/umn/en-us_image_0000002253619705.png b/docs/cce/umn/en-us_image_0000002253619705.png
new file mode 100644
index 000000000..afcbc03d5
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002253619705.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065480238.png b/docs/cce/umn/en-us_image_0000002253619713.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480238.png
rename to docs/cce/umn/en-us_image_0000002253619713.png
diff --git a/docs/cce/umn/en-us_image_0000002101678765.png b/docs/cce/umn/en-us_image_0000002253619725.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678765.png
rename to docs/cce/umn/en-us_image_0000002253619725.png
diff --git a/docs/cce/umn/en-us_image_0000002101678773.png b/docs/cce/umn/en-us_image_0000002253619737.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678773.png
rename to docs/cce/umn/en-us_image_0000002253619737.png
diff --git a/docs/cce/umn/en-us_image_0000002101597253.png b/docs/cce/umn/en-us_image_0000002253619765.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597253.png
rename to docs/cce/umn/en-us_image_0000002253619765.png
diff --git a/docs/cce/umn/en-us_image_0000002253619901.png b/docs/cce/umn/en-us_image_0000002253619901.png
new file mode 100644
index 000000000..32662bf3e
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002253619901.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101597333.png b/docs/cce/umn/en-us_image_0000002253619909.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597333.png
rename to docs/cce/umn/en-us_image_0000002253619909.png
diff --git a/docs/cce/umn/en-us_image_0000002101597349.png b/docs/cce/umn/en-us_image_0000002253619937.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597349.png
rename to docs/cce/umn/en-us_image_0000002253619937.png
diff --git a/docs/cce/umn/en-us_image_0000002101597397.png b/docs/cce/umn/en-us_image_0000002253619977.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597397.png
rename to docs/cce/umn/en-us_image_0000002253619977.png
diff --git a/docs/cce/umn/en-us_image_0000002101678893.png b/docs/cce/umn/en-us_image_0000002253619981.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678893.png
rename to docs/cce/umn/en-us_image_0000002253619981.png
diff --git a/docs/cce/umn/en-us_image_0000002065638710.png b/docs/cce/umn/en-us_image_0000002253620001.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638710.png
rename to docs/cce/umn/en-us_image_0000002253620001.png
diff --git a/docs/cce/umn/en-us_image_0000002065480366.png b/docs/cce/umn/en-us_image_0000002253620029.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480366.png
rename to docs/cce/umn/en-us_image_0000002253620029.png
diff --git a/docs/cce/umn/en-us_image_0000002065638886.png b/docs/cce/umn/en-us_image_0000002253620033.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638886.png
rename to docs/cce/umn/en-us_image_0000002253620033.png
diff --git a/docs/cce/umn/en-us_image_0000002101678953.png b/docs/cce/umn/en-us_image_0000002253620049.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678953.png
rename to docs/cce/umn/en-us_image_0000002253620049.png
diff --git a/docs/cce/umn/en-us_image_0000002101597461.png b/docs/cce/umn/en-us_image_0000002253620097.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597461.png
rename to docs/cce/umn/en-us_image_0000002253620097.png
diff --git a/docs/cce/umn/en-us_image_0000002101678961.png b/docs/cce/umn/en-us_image_0000002253620189.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678961.png
rename to docs/cce/umn/en-us_image_0000002253620189.png
diff --git a/docs/cce/umn/en-us_image_0000002253620209.png b/docs/cce/umn/en-us_image_0000002253620209.png
new file mode 100644
index 000000000..0f749158b
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002253620209.png differ
diff --git a/docs/cce/umn/en-us_image_0000002253620213.png b/docs/cce/umn/en-us_image_0000002253620213.png
new file mode 100644
index 000000000..0f749158b
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002253620213.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101597577.png b/docs/cce/umn/en-us_image_0000002253620305.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597577.png
rename to docs/cce/umn/en-us_image_0000002253620305.png
diff --git a/docs/cce/umn/en-us_image_0000002101679217.png b/docs/cce/umn/en-us_image_0000002253620349.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101679217.png
rename to docs/cce/umn/en-us_image_0000002253620349.png
diff --git a/docs/cce/umn/en-us_image_0000002101679261.png b/docs/cce/umn/en-us_image_0000002253620361.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101679261.png
rename to docs/cce/umn/en-us_image_0000002253620361.png
diff --git a/docs/cce/umn/en-us_image_0000002101597689.png b/docs/cce/umn/en-us_image_0000002253620365.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597689.png
rename to docs/cce/umn/en-us_image_0000002253620365.png
diff --git a/docs/cce/umn/en-us_image_0000002065639238.png b/docs/cce/umn/en-us_image_0000002253620397.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065639238.png
rename to docs/cce/umn/en-us_image_0000002253620397.png
diff --git a/docs/cce/umn/en-us_image_0000002101679277.png b/docs/cce/umn/en-us_image_0000002253620425.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101679277.png
rename to docs/cce/umn/en-us_image_0000002253620425.png
diff --git a/docs/cce/umn/en-us_image_0000002065480670.png b/docs/cce/umn/en-us_image_0000002253620433.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480670.png
rename to docs/cce/umn/en-us_image_0000002253620433.png
diff --git a/docs/cce/umn/en-us_image_0000002101679237.png b/docs/cce/umn/en-us_image_0000002253620437.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101679237.png
rename to docs/cce/umn/en-us_image_0000002253620437.png
diff --git a/docs/cce/umn/en-us_image_0000002101597825.png b/docs/cce/umn/en-us_image_0000002253620477.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597825.png
rename to docs/cce/umn/en-us_image_0000002253620477.png
diff --git a/docs/cce/umn/en-us_image_0000002065480794.png b/docs/cce/umn/en-us_image_0000002253620497.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480794.png
rename to docs/cce/umn/en-us_image_0000002253620497.png
diff --git a/docs/cce/umn/en-us_image_0000002101597657.png b/docs/cce/umn/en-us_image_0000002253620533.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597657.png
rename to docs/cce/umn/en-us_image_0000002253620533.png
diff --git a/docs/cce/umn/en-us_image_0000002253620537.png b/docs/cce/umn/en-us_image_0000002253620537.png
new file mode 100644
index 000000000..d7f6cf210
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002253620537.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101597665.png b/docs/cce/umn/en-us_image_0000002253620541.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597665.png
rename to docs/cce/umn/en-us_image_0000002253620541.png
diff --git a/docs/cce/umn/en-us_image_0000002065639258.png b/docs/cce/umn/en-us_image_0000002253620561.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065639258.png
rename to docs/cce/umn/en-us_image_0000002253620561.png
diff --git a/docs/cce/umn/en-us_image_0000002101676373.png b/docs/cce/umn/en-us_image_0000002253777129.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101676373.png
rename to docs/cce/umn/en-us_image_0000002253777129.png
diff --git a/docs/cce/umn/en-us_image_0000002101594929.png b/docs/cce/umn/en-us_image_0000002253777197.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101594929.png
rename to docs/cce/umn/en-us_image_0000002253777197.png
diff --git a/docs/cce/umn/en-us_image_0000002101594945.png b/docs/cce/umn/en-us_image_0000002253777225.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101594945.png
rename to docs/cce/umn/en-us_image_0000002253777225.png
diff --git a/docs/cce/umn/en-us_image_0000002101595713.png b/docs/cce/umn/en-us_image_0000002253777937.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101595713.png
rename to docs/cce/umn/en-us_image_0000002253777937.png
diff --git a/docs/cce/umn/en-us_image_0000002101677221.png b/docs/cce/umn/en-us_image_0000002253777941.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101677221.png
rename to docs/cce/umn/en-us_image_0000002253777941.png
diff --git a/docs/cce/umn/en-us_image_0000002065637178.png b/docs/cce/umn/en-us_image_0000002253777953.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637178.png
rename to docs/cce/umn/en-us_image_0000002253777953.png
diff --git a/docs/cce/umn/en-us_image_0000002101595789.png b/docs/cce/umn/en-us_image_0000002253778017.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101595789.png
rename to docs/cce/umn/en-us_image_0000002253778017.png
diff --git a/docs/cce/umn/en-us_image_0000002065637246.png b/docs/cce/umn/en-us_image_0000002253778021.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637246.png
rename to docs/cce/umn/en-us_image_0000002253778021.png
diff --git a/docs/cce/umn/en-us_image_0000002253778205.png b/docs/cce/umn/en-us_image_0000002253778205.png
new file mode 100644
index 000000000..a0055ac8e
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002253778205.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101677557.png b/docs/cce/umn/en-us_image_0000002253778225.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101677557.png
rename to docs/cce/umn/en-us_image_0000002253778225.png
diff --git a/docs/cce/umn/en-us_image_0000002253778245.png b/docs/cce/umn/en-us_image_0000002253778245.png
new file mode 100644
index 000000000..116007755
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002253778245.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101596097.png b/docs/cce/umn/en-us_image_0000002253778253.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101596097.png
rename to docs/cce/umn/en-us_image_0000002253778253.png
diff --git a/docs/cce/umn/en-us_image_0000002253778265.png b/docs/cce/umn/en-us_image_0000002253778265.png
new file mode 100644
index 000000000..6d4f7cb8a
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002253778265.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065479218.png b/docs/cce/umn/en-us_image_0000002253778269.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065479218.png
rename to docs/cce/umn/en-us_image_0000002253778269.png
diff --git a/docs/cce/umn/en-us_image_0000002253778301.png b/docs/cce/umn/en-us_image_0000002253778301.png
new file mode 100644
index 000000000..4c1a4e8b2
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002253778301.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101677757.png b/docs/cce/umn/en-us_image_0000002253778377.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101677757.png
rename to docs/cce/umn/en-us_image_0000002253778377.png
diff --git a/docs/cce/umn/en-us_image_0000002101596297.png b/docs/cce/umn/en-us_image_0000002253778437.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101596297.png
rename to docs/cce/umn/en-us_image_0000002253778437.png
diff --git a/docs/cce/umn/en-us_image_0000002065637318.png b/docs/cce/umn/en-us_image_0000002253778449.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637318.png
rename to docs/cce/umn/en-us_image_0000002253778449.png
diff --git a/docs/cce/umn/en-us_image_0000002065637802.png b/docs/cce/umn/en-us_image_0000002253778453.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637802.png
rename to docs/cce/umn/en-us_image_0000002253778453.png
diff --git a/docs/cce/umn/en-us_image_0000002065479742.png b/docs/cce/umn/en-us_image_0000002253778485.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065479742.png
rename to docs/cce/umn/en-us_image_0000002253778485.png
diff --git a/docs/cce/umn/en-us_image_0000002101678145.png b/docs/cce/umn/en-us_image_0000002253778493.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678145.png
rename to docs/cce/umn/en-us_image_0000002253778493.png
diff --git a/docs/cce/umn/en-us_image_0000002101596649.png b/docs/cce/umn/en-us_image_0000002253778497.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101596649.png
rename to docs/cce/umn/en-us_image_0000002253778497.png
diff --git a/docs/cce/umn/en-us_image_0000002065637370.png b/docs/cce/umn/en-us_image_0000002253778541.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637370.png
rename to docs/cce/umn/en-us_image_0000002253778541.png
diff --git a/docs/cce/umn/en-us_image_0000002253778733.png b/docs/cce/umn/en-us_image_0000002253778733.png
new file mode 100644
index 000000000..4913f52b0
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002253778733.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065479090.png b/docs/cce/umn/en-us_image_0000002253778737.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065479090.png
rename to docs/cce/umn/en-us_image_0000002253778737.png
diff --git a/docs/cce/umn/en-us_image_0000002065637606.png b/docs/cce/umn/en-us_image_0000002253778797.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637606.png
rename to docs/cce/umn/en-us_image_0000002253778797.png
diff --git a/docs/cce/umn/en-us_image_0000002101596161.png b/docs/cce/umn/en-us_image_0000002253778813.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101596161.png
rename to docs/cce/umn/en-us_image_0000002253778813.png
diff --git a/docs/cce/umn/en-us_image_0000002101677721.png b/docs/cce/umn/en-us_image_0000002253778853.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101677721.png
rename to docs/cce/umn/en-us_image_0000002253778853.png
diff --git a/docs/cce/umn/en-us_image_0000002101677725.png b/docs/cce/umn/en-us_image_0000002253778885.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101677725.png
rename to docs/cce/umn/en-us_image_0000002253778885.png
diff --git a/docs/cce/umn/en-us_image_0000002101596309.png b/docs/cce/umn/en-us_image_0000002253778901.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101596309.png
rename to docs/cce/umn/en-us_image_0000002253778901.png
diff --git a/docs/cce/umn/en-us_image_0000002065479494.png b/docs/cce/umn/en-us_image_0000002253778965.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065479494.png
rename to docs/cce/umn/en-us_image_0000002253778965.png
diff --git a/docs/cce/umn/en-us_image_0000002253779013.png b/docs/cce/umn/en-us_image_0000002253779013.png
new file mode 100644
index 000000000..8d9b2f76a
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002253779013.png differ
diff --git a/docs/cce/umn/en-us_image_0000002253779017.png b/docs/cce/umn/en-us_image_0000002253779017.png
new file mode 100644
index 000000000..f8d4dda15
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002253779017.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101678473.png b/docs/cce/umn/en-us_image_0000002253779397.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678473.png
rename to docs/cce/umn/en-us_image_0000002253779397.png
diff --git a/docs/cce/umn/en-us_image_0000002065638502.png b/docs/cce/umn/en-us_image_0000002253779469.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638502.png
rename to docs/cce/umn/en-us_image_0000002253779469.png
diff --git a/docs/cce/umn/en-us_image_0000002065480162.png b/docs/cce/umn/en-us_image_0000002253779473.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480162.png
rename to docs/cce/umn/en-us_image_0000002253779473.png
diff --git a/docs/cce/umn/en-us_image_0000002101597121.png b/docs/cce/umn/en-us_image_0000002253779501.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597121.png
rename to docs/cce/umn/en-us_image_0000002253779501.png
diff --git a/docs/cce/umn/en-us_image_0000002101597061.png b/docs/cce/umn/en-us_image_0000002253779505.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597061.png
rename to docs/cce/umn/en-us_image_0000002253779505.png
diff --git a/docs/cce/umn/en-us_image_0000002065638574.png b/docs/cce/umn/en-us_image_0000002253779605.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638574.png
rename to docs/cce/umn/en-us_image_0000002253779605.png
diff --git a/docs/cce/umn/en-us_image_0000002065638582.png b/docs/cce/umn/en-us_image_0000002253779617.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638582.png
rename to docs/cce/umn/en-us_image_0000002253779617.png
diff --git a/docs/cce/umn/en-us_image_0000002065480242.png b/docs/cce/umn/en-us_image_0000002253779625.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480242.png
rename to docs/cce/umn/en-us_image_0000002253779625.png
diff --git a/docs/cce/umn/en-us_image_0000002101597157.png b/docs/cce/umn/en-us_image_0000002253779633.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597157.png
rename to docs/cce/umn/en-us_image_0000002253779633.png
diff --git a/docs/cce/umn/en-us_image_0000002253779657.png b/docs/cce/umn/en-us_image_0000002253779657.png
new file mode 100644
index 000000000..1414d34fe
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002253779657.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065480398.png b/docs/cce/umn/en-us_image_0000002253779681.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480398.png
rename to docs/cce/umn/en-us_image_0000002253779681.png
diff --git a/docs/cce/umn/en-us_image_0000002101678805.jpg b/docs/cce/umn/en-us_image_0000002253779773.jpg
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678805.jpg
rename to docs/cce/umn/en-us_image_0000002253779773.jpg
diff --git a/docs/cce/umn/en-us_image_0000002101678825.png b/docs/cce/umn/en-us_image_0000002253779809.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678825.png
rename to docs/cce/umn/en-us_image_0000002253779809.png
diff --git a/docs/cce/umn/en-us_image_0000002101678821.png b/docs/cce/umn/en-us_image_0000002253779825.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678821.png
rename to docs/cce/umn/en-us_image_0000002253779825.png
diff --git a/docs/cce/umn/en-us_image_0000002253779849.png b/docs/cce/umn/en-us_image_0000002253779849.png
new file mode 100644
index 000000000..920573f97
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002253779849.png differ
diff --git a/docs/cce/umn/en-us_image_0000002253779921.png b/docs/cce/umn/en-us_image_0000002253779921.png
new file mode 100644
index 000000000..b3aebb2dc
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002253779921.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065638890.png b/docs/cce/umn/en-us_image_0000002253779941.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638890.png
rename to docs/cce/umn/en-us_image_0000002253779941.png
diff --git a/docs/cce/umn/en-us_image_0000002065638898.png b/docs/cce/umn/en-us_image_0000002253779949.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638898.png
rename to docs/cce/umn/en-us_image_0000002253779949.png
diff --git a/docs/cce/umn/en-us_image_0000002101678941.png b/docs/cce/umn/en-us_image_0000002253779993.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101678941.png
rename to docs/cce/umn/en-us_image_0000002253779993.png
diff --git a/docs/cce/umn/en-us_image_0000002101679001.png b/docs/cce/umn/en-us_image_0000002253780085.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101679001.png
rename to docs/cce/umn/en-us_image_0000002253780085.png
diff --git a/docs/cce/umn/en-us_image_0000002065480682.png b/docs/cce/umn/en-us_image_0000002253780093.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480682.png
rename to docs/cce/umn/en-us_image_0000002253780093.png
diff --git a/docs/cce/umn/en-us_image_0000002101679193.png b/docs/cce/umn/en-us_image_0000002253780145.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101679193.png
rename to docs/cce/umn/en-us_image_0000002253780145.png
diff --git a/docs/cce/umn/en-us_image_0000002101597649.png b/docs/cce/umn/en-us_image_0000002253780209.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597649.png
rename to docs/cce/umn/en-us_image_0000002253780209.png
diff --git a/docs/cce/umn/en-us_image_0000002065637758.png b/docs/cce/umn/en-us_image_0000002253780305.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065637758.png
rename to docs/cce/umn/en-us_image_0000002253780305.png
diff --git a/docs/cce/umn/en-us_image_0000002065480658.png b/docs/cce/umn/en-us_image_0000002253780329.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065480658.png
rename to docs/cce/umn/en-us_image_0000002253780329.png
diff --git a/docs/cce/umn/en-us_image_0000002101597645.png b/docs/cce/umn/en-us_image_0000002253780361.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597645.png
rename to docs/cce/umn/en-us_image_0000002253780361.png
diff --git a/docs/cce/umn/en-us_image_0000002101597817.png b/docs/cce/umn/en-us_image_0000002253780381.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597817.png
rename to docs/cce/umn/en-us_image_0000002253780381.png
diff --git a/docs/cce/umn/en-us_image_0000002101597693.png b/docs/cce/umn/en-us_image_0000002253780433.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101597693.png
rename to docs/cce/umn/en-us_image_0000002253780433.png
diff --git a/docs/cce/umn/en-us_image_0000002101679209.png b/docs/cce/umn/en-us_image_0000002253780457.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002101679209.png
rename to docs/cce/umn/en-us_image_0000002253780457.png
diff --git a/docs/cce/umn/en-us_image_0000002254877052.png b/docs/cce/umn/en-us_image_0000002254877052.png
new file mode 100644
index 000000000..3de25a14d
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002254877052.png differ
diff --git a/docs/cce/umn/en-us_image_0000002254877428.png b/docs/cce/umn/en-us_image_0000002254877428.png
new file mode 100644
index 000000000..3e4a2860d
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002254877428.png differ
diff --git a/docs/cce/umn/en-us_image_0000002254879860.png b/docs/cce/umn/en-us_image_0000002254879860.png
new file mode 100644
index 000000000..a983e85b7
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002254879860.png differ
diff --git a/docs/cce/umn/en-us_image_0000002254895070.png b/docs/cce/umn/en-us_image_0000002254895070.png
new file mode 100644
index 000000000..bfe53f0c0
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002254895070.png differ
diff --git a/docs/cce/umn/en-us_image_0000002254895574.png b/docs/cce/umn/en-us_image_0000002254895574.png
new file mode 100644
index 000000000..cf0201c97
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002254895574.png differ
diff --git a/docs/cce/umn/en-us_image_0000002254895914.png b/docs/cce/umn/en-us_image_0000002254895914.png
new file mode 100644
index 000000000..3afa6ee45
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002254895914.png differ
diff --git a/docs/cce/umn/en-us_image_0000002254978558.png b/docs/cce/umn/en-us_image_0000002254978558.png
new file mode 100644
index 000000000..5d1e46a62
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002254978558.png differ
diff --git a/docs/cce/umn/en-us_image_0000002255002834.png b/docs/cce/umn/en-us_image_0000002255002834.png
new file mode 100644
index 000000000..20ee95fe6
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002255002834.png differ
diff --git a/docs/cce/umn/en-us_image_0000002274473989.png b/docs/cce/umn/en-us_image_0000002274473989.png
new file mode 100644
index 000000000..158c200e1
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002274473989.png differ
diff --git a/docs/cce/umn/en-us_image_0000002289476265.png b/docs/cce/umn/en-us_image_0000002289476265.png
new file mode 100644
index 000000000..c0e69a3d4
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002289476265.png differ
diff --git a/docs/cce/umn/en-us_image_0000002289589649.png b/docs/cce/umn/en-us_image_0000002289589649.png
new file mode 100644
index 000000000..cd580d8a0
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002289589649.png differ
diff --git a/docs/cce/umn/en-us_image_0000002289592109.png b/docs/cce/umn/en-us_image_0000002289592109.png
new file mode 100644
index 000000000..693f15e8a
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002289592109.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065638074.png b/docs/cce/umn/en-us_image_0261818867.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000002065638074.png
rename to docs/cce/umn/en-us_image_0261818867.png