yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity

CCE UMN 20251031 version

Browse Source 
Reviewed-by: Gergo-Bence Lorincz <a200452876@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: qiujiandong1 <qiujiandong1@huawei.com>
Co-committed-by: qiujiandong1 <qiujiandong1@huawei.com>
This commit is contained in:
Dong, Qiu Jian
2026-01-15 10:25:22 +00:00
committed by zuul
parent 46d24ba358
commit ab1e53a279
755 changed files with 10419 additions and 7276 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3371
docs/cce/umn/ALL_META.TXT.json
View File

File diff suppressed because it is too large Load Diff

2990
docs/cce/umn/CLASS.TXT.json
View File

File diff suppressed because it is too large Load Diff

28
docs/cce/umn/cce_01_0300.html
View File

@ -8,7 +8,33 @@
</th>
</tr>
</thead>
<tbody><tr id="cce_01_0300__row1055918131549"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p165591013125418">2025-09-12</p>
<tbody><tr id="cce_01_0300__row69530118317"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p164617189313">2025-12-30</p>
</td>
<td class="cellrowborder" valign="top" width="80.99%" headers="mcps1.3.1.2.3.1.2 "><p id="cce_01_0300__p1159438173119">Add:</p>
<ul id="cce_01_0300__ul25923810310"><li id="cce_01_0300__li185953819317">Added <a href="cce_bulletin_0105.html">Kubernetes 1.33 Release Notes</a>.</li><li id="cce_01_0300__li0892436153316">Added <a href="cce_10_1062.html">Obtaining Pod Network Interfaces in a CCE Turbo Cluster</a>, <a href="cce_10_1063.html">Deploying Hubble for DataPlane V2 Network Observability</a> and <a href="cce_10_1064.html">Enabling Observability for cilium-agent in a Cluster with DataPlane V2 Enabled</a>.</li><li id="cce_01_0300__li686113193414">Added <a href="cce_10_1088.html">Modifying the Node Scale-In Concurrency Settings</a>.</li><li id="cce_01_0300__li171425313415">Added <a href="cce_10_1027.html">Switching the AOM Instance Connected to Grafana</a>.</li><li id="cce_01_0300__li198713463417">Added <a href="cce_10_1060.html">Add-on Upgrade Checks</a>.</li><li id="cce_01_0300__li151091759347">Added <a href="cce_10_0556.html">System Agencies</a> and <a href="cce_10_1069.html">Custom Agencies</a>.</li></ul>
<p id="cce_01_0300__p18670125403915">Update:</p>
<ul id="cce_01_0300__ul624365714405"><li id="cce_01_0300__li156811043114811">Updated <a href="cce_10_0028.html">Creating a CCE Standard/Turbo Cluster</a>.</li><li id="cce_01_0300__li106221415165118">Supported the creation of clusters of v1.33. Updated <a href="cce_10_0405.html">Patch Version Release Notes</a> and <a href="cce_10_0476.html">Node OSs</a>.</li><li id="cce_01_0300__li3855818115819">Updated <a href="cce_10_0012.html">Creating a Node Pool</a>.</li><li id="cce_01_0300__li1537013385113">Updated <a href="cce_10_0653.html">Updating a Node Pool</a> and <a href="cce_10_0652.html">Managing Node Pool Configurations</a>.</li><li id="cce_01_0300__li18249174619313">Updated <a href="cce_10_0141.html">CCE AI Suite (NVIDIA GPU)</a>.</li><li id="cce_01_0300__li8243165712405">Supported the Editing Reclaim Policy and Synchronizing PVC capacity, Updated <a href="cce_10_0374.html">Storage</a>.</li></ul>
</td>
</tr>
<tr id="cce_01_0300__row12906854912"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p14906954214">2025-12-17</p>
</td>
<td class="cellrowborder" valign="top" width="80.99%" headers="mcps1.3.1.2.3.1.2 "><p id="cce_01_0300__p49969164218">Add:</p>
<ul id="cce_01_0300__ul999631617219"><li id="cce_01_0300__li159969161923">Added <a href="cce_10_0387.html">Adding a Secondary VPC CIDR Block for a Cluster</a></li></ul>
</td>
</tr>
<tr id="cce_01_0300__row0450154865616"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p19808154710245">2025-11-06</p>
</td>
<td class="cellrowborder" valign="top" width="80.99%" headers="mcps1.3.1.2.3.1.2 "><p id="cce_01_0300__p4808144792419">Update:</p>
<ul id="cce_01_0300__ul176161854580"><li id="cce_01_0300__li1161625125819">Updated the <strong id="cce_01_0300__b1798215131">"</strong>Mapping between OS and Container Storage Rootfs" in <a href="cce_10_0341.html">Space Allocation of a Data Disk</a>.</li></ul>
</td>
</tr>
<tr id="cce_01_0300__row194411208441"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p594412015441">2025-10-16</p>
</td>
<td class="cellrowborder" valign="top" width="80.99%" headers="mcps1.3.1.2.3.1.2 "><p id="cce_01_0300__p99447205442">Add:</p>
<ul id="cce_01_0300__ul1451911135810"><li id="cce_01_0300__li74518117582">Added <a href="cce_10_0408.html">Optimizing Node System Parameters</a>.</li></ul>
</td>
</tr>
<tr id="cce_01_0300__row1055918131549"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p165591013125418">2025-09-12</p>
</td>
<td class="cellrowborder" valign="top" width="80.99%" headers="mcps1.3.1.2.3.1.2 "><p id="cce_01_0300__p8808123612548">Add:</p>
<ul id="cce_01_0300__ul6808113614540"><li id="cce_01_0300__li1180893615416">Added <a href="cce_bulletin_0104.html">Kubernetes 1.32 Release Notes</a>.</li><li id="cce_01_0300__li14475257175413">Added <a href="cce_10_0961.html">Cluster Access Overview</a>.</li><li id="cce_01_0300__li1057882518561">Added <a href="cce_10_0962.html">Cluster Management Overview</a>.</li><li id="cce_01_0300__li23891526145617">Added <a href="cce_10_1006.html">Using AppArmor to Confine Container Access to Resources</a>.</li><li id="cce_01_0300__li1058418519163">Added <a href="cce_10_0845.html">GPU Driver Version</a>.</li><li id="cce_01_0300__li2145182713568">Added <a href="cce_10_0643.html">GPU Virtualization</a>.</li><li id="cce_01_0300__li6978102710567">Added <a href="cce_10_1016.html">GPU Monitoring</a> , <a href="cce_10_0741.html">Comprehensive Monitoring of GPU, Virtualization, and Pod Resource Metrics</a>.</li><li id="cce_01_0300__li12195183213567">Added <a href="cce_10_1017.html">GPU Auto Scaling</a>, <a href="cce_10_0844.html">Configuring Workload Scaling Based on GPU Monitoring Metrics</a>.</li><li id="cce_01_0300__li5448105217338">Added <a href="cce_10_0779.html">GPU Fault Handling</a>.</li><li id="cce_01_0300__li103001722173511">Added <a href="cce_10_1077.html">Configuring a Security Group for a Workload in a CCE Turbo Cluster</a>, <a href="cce_10_1078.html">Comparison of Workload Security Group Configuration Methods</a>, <a href="cce_10_1079.html">Using Node Pool Settings to Bind the Default Security Group to Pods in the Node Pool</a>.</li><li id="cce_01_0300__li06903525610">Added <a href="cce_10_0857.html">Nginx Ingress Usage Suggestions</a>.</li><li id="cce_01_0300__li1691213352563">Supported the <strong id="cce_01_0300__b477112161114">NodeLocal DNSCache</strong> add-on. Added <a href="cce_10_0404.html">NodeLocal DNSCache</a>, <a href="cce_10_0362.html">Using NodeLocal DNSCache to Improve DNS Performance</a>,<p id="cce_01_0300__p129961300614"><a href="cce_10_0959.html">Changing the Default NodeLocal DNSCache Port</a>, <a href="cce_bestpractice_0351.html">Using NodeLocal DNSCache</a>.</p>

8
docs/cce/umn/cce_10_0003.html
View File

@ -61,13 +61,13 @@
</td>
<td class="cellrowborder" valign="top" width="79.97999999999999%" headers="mcps1.3.4.2.5.2.3.1.2.3.1.2 "><p id="cce_10_0003__cce_10_0198_p324785392516">Select a disk for storing system components.</p>
<ul id="cce_10_0003__cce_10_0198_ul566328102615"><li id="cce_10_0003__cce_10_0198_li3931805278"><strong id="cce_10_0003__cce_10_0198_b10296098794455">Data Disk</strong>: added for storing container runtime and kubelet components by default. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.</li><li id="cce_10_0003__cce_10_0198_li20663168152611"><strong id="cce_10_0003__cce_10_0198_b6415056124102">System Disk</strong>: stores CCE resources such as downloaded images, ephemeral storage for containers, and container stdout logs. If the system disk is fully occupied, it will negatively affect the stability of the node.</li></ul>
<div class="note" id="cce_10_0003__cce_10_0198_note6478170183416"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="cce_10_0003__cce_10_0198_p5437848286">In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, you can select a disk for storing system components. If <a href="cce_10_0132.html">CCE Node Problem Detector</a> is used, ensure that its version is 1.19.2 or later.</p>
<div class="note" id="cce_10_0003__cce_10_0198_note6478170183416"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="cce_10_0003__cce_10_0198_p5437848286">In clusters v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, you can select a disk for storing system components. If <a href="cce_10_0132.html">CCE Node Problem Detector</a> is used, ensure that its version is 1.19.2 or later.</p>
</div></div>
</td>
</tr>
<tr id="cce_10_0003__cce_10_0198_row1966913718588"><td class="cellrowborder" valign="top" width="20.02%" headers="mcps1.3.4.2.5.2.3.1.2.3.1.1 "><p id="cce_10_0003__cce_10_0198_p0669147185817">Data Disk</p>
</td>
<td class="cellrowborder" valign="top" width="79.97999999999999%" headers="mcps1.3.4.2.5.2.3.1.2.3.1.2 "><ul id="cce_10_0003__cce_10_0198_ul184351126605"><li id="cce_10_0003__cce_10_0198_en-us_topic_0000001199021246_li103472126407"><strong id="cce_10_0003__cce_10_0198_b6314038347415">At least one default data disk must be added</strong> for storing container runtime and kubelet components if <span class="uicontrol" id="cce_10_0003__cce_10_0198_en-us_topic_0000001199021246_uicontrol79783262393"><b>System Component Storage</b></span> is set to <span class="uicontrol" id="cce_10_0003__cce_10_0198_en-us_topic_0000001199021246_uicontrol179781326143914"><b>Data Disk</b></span>. <strong id="cce_10_0003__cce_10_0198_b7501571957415">This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.</strong> </li><li id="cce_10_0003__cce_10_0198_en-us_topic_0000001199021246_li18830161664015">If <span class="uicontrol" id="cce_10_0003__cce_10_0198_uicontrol16275444867446"><b>System Component Storage</b></span> is set to <span class="uicontrol" id="cce_10_0003__cce_10_0198_uicontrol5641816837446"><b>System Disk</b></span>, you do not need to add a default data disk. In this case, all data disks are common ones: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB. This function is available for clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later versions.</li></ul>
<td class="cellrowborder" valign="top" width="79.97999999999999%" headers="mcps1.3.4.2.5.2.3.1.2.3.1.2 "><ul id="cce_10_0003__cce_10_0198_ul184351126605"><li id="cce_10_0003__cce_10_0198_en-us_topic_0000001199021246_li103472126407">At least one default data disk must be added for storing container runtime and kubelet components if <span class="uicontrol" id="cce_10_0003__cce_10_0198_uicontrol136828018182"><b>System Component Storage</b></span> is set to <span class="uicontrol" id="cce_10_0003__cce_10_0198_uicontrol1268215016180"><b>Data Disk</b></span>. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.</li><li id="cce_10_0003__cce_10_0198_en-us_topic_0000001199021246_li18830161664015">If <span class="uicontrol" id="cce_10_0003__cce_10_0198_uicontrol16275444867446"><b>System Component Storage</b></span> is set to <span class="uicontrol" id="cce_10_0003__cce_10_0198_uicontrol5641816837446"><b>System Disk</b></span>, you do not need to add a default data disk. In this case, all data disks are common ones: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB. This function is available for clusters v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later versions.</li></ul>
<p id="cce_10_0003__cce_10_0198_p3752312011">Click <strong id="cce_10_0003__cce_10_0198_b513813367555">Expand</strong> to configure <strong id="cce_10_0003__cce_10_0198_b13265825195416">Data Disk Space Allocation</strong>. This allocates space for container engines, images, and ephemeral storage to ensure their proper running. For details about how to allocate data disk space, see <a href="cce_10_0341.html">Space Allocation of a Data Disk</a>.</p>
<p id="cce_10_0003__cce_10_0198_p1391618153118">For other data disks, a raw disk is created without any processing by default. You can also click <strong id="cce_10_0003__cce_10_0198_b16127101911540">Expand</strong> and select <strong id="cce_10_0003__cce_10_0198_b21351519135417">Mount Disk</strong> to mount the data disk to a specified directory. </p>
</td>
@ -86,7 +86,7 @@
<tbody><tr id="cce_10_0003__en-us_topic_0000001244141037_row25394514014"><td class="cellrowborder" valign="top" width="23.66%" headers="mcps1.3.4.2.5.2.4.2.2.3.1.1 "><p id="cce_10_0003__en-us_topic_0000001244141037_p25391859406">Resource Tag</p>
</td>
<td class="cellrowborder" valign="top" width="76.34%" headers="mcps1.3.4.2.5.2.4.2.2.3.1.2 "><p id="cce_10_0003__en-us_topic_0000001244141037_p275333410342">You can add resource tags to classify resources. A maximum of eight resource tags can be added.</p>
<p id="cce_10_0003__en-us_topic_0000001244141037_p117537347346">You can create <span class="uicontrol" id="cce_10_0003__en-us_topic_0000001244141037_uicontrol1975314345344"><b>predefined tags</b></span> on the TMS console. These tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. </p>
<p id="cce_10_0003__en-us_topic_0000001244141037_p117537347346">You can create <span class="uicontrol" id="cce_10_0003__uicontrol2091210163205"><b>predefined tags</b></span> on the TMS console. These tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. </p>
<p id="cce_10_0003__en-us_topic_0000001244141037_p16753133419348">CCE will automatically create the <strong id="cce_10_0003__b955154034416">CCE-Dynamic-Provisioning-Node=</strong><em id="cce_10_0003__i69622340388">Node ID</em> tag.</p>
</td>
</tr>
@ -98,7 +98,7 @@
</tr>
<tr id="cce_10_0003__en-us_topic_0000001244141037_row115391952402"><td class="cellrowborder" valign="top" width="23.66%" headers="mcps1.3.4.2.5.2.4.2.2.3.1.1 "><p id="cce_10_0003__en-us_topic_0000001244141037_p55391457404">Taint</p>
</td>
<td class="cellrowborder" valign="top" width="76.34%" headers="mcps1.3.4.2.5.2.4.2.2.3.1.2 "><div class="p" id="cce_10_0003__en-us_topic_0000001244141037_p2875141354415">This parameter is left blank by default. You can add taints to configure anti-affinity for the node. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:<ul id="cce_10_0003__en-us_topic_0000001244141037_ul17274222121015"><li id="cce_10_0003__en-us_topic_0000001244141037_li227482216106"><strong id="cce_10_0003__b8739656480">Key</strong>: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.</li><li id="cce_10_0003__en-us_topic_0000001244141037_li7274112241020"><strong id="cce_10_0003__b535114014814">Value</strong>: A value must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.</li><li id="cce_10_0003__en-us_topic_0000001244141037_li2274182211010"><strong id="cce_10_0003__b1793141415492">Effect</strong>: Available options are <strong id="cce_10_0003__b12931141444914">NoSchedule</strong>, <strong id="cce_10_0003__b1593116145494">PreferNoSchedule</strong>, and <strong id="cce_10_0003__b993111141495">NoExecute</strong>.</li></ul>
<td class="cellrowborder" valign="top" width="76.34%" headers="mcps1.3.4.2.5.2.4.2.2.3.1.2 "><div class="p" id="cce_10_0003__en-us_topic_0000001244141037_p2875141354415">This parameter is left blank by default. You can add taints to configure anti-affinity for the node. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:<ul id="cce_10_0003__en-us_topic_0000001244141037_ul17274222121015"><li id="cce_10_0003__en-us_topic_0000001244141037_li227482216106"><strong id="cce_10_0003__b1315422610202">Taint key</strong>: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.</li><li id="cce_10_0003__en-us_topic_0000001244141037_li7274112241020"><strong id="cce_10_0003__b06488303207">Taint value</strong>: A value must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.</li><li id="cce_10_0003__en-us_topic_0000001244141037_li2274182211010"><strong id="cce_10_0003__b1793141415492">Effect</strong>: Available options are <strong id="cce_10_0003__b12931141444914">NoSchedule</strong>, <strong id="cce_10_0003__b1593116145494">PreferNoSchedule</strong>, and <strong id="cce_10_0003__b993111141495">NoExecute</strong>.</li></ul>
<div class="notice" id="cce_10_0003__en-us_topic_0000001244141037_note77443231113"><span class="noticetitle"> NOTICE: </span><div class="noticebody"><ul id="cce_10_0003__en-us_topic_0000001244141037_ul104271158181515"><li id="cce_10_0003__en-us_topic_0000001244141037_li042725811158">If taints are used, you must configure tolerations of pods. Otherwise, a scale-out may fail or pods cannot be scheduled onto the added nodes.</li><li id="cce_10_0003__en-us_topic_0000001244141037_li642712581152">After a node pool is created, you can click <strong id="cce_10_0003__b1941413124528">Edit</strong> to modify its configuration. The modification will be synchronized to all nodes in the node pool.</li></ul>
</div></div>
</div>

68
docs/cce/umn/cce_10_0004.html
View File

File diff suppressed because it is too large Load Diff

159
docs/cce/umn/cce_10_0006.html
View File

File diff suppressed because it is too large Load Diff

2
docs/cce/umn/cce_10_0007.html
View File

@ -105,7 +105,7 @@
<ol id="cce_10_0007__en-us_topic_0107283638_ol1188315418332"><li id="cce_10_0007__en-us_topic_0107283638_li1388334119335"><span>Log in to the <span id="cce_10_0007__ph181175457307">CCE console</span>, go to the console of an existing cluster, and choose <strong id="cce_10_0007__b11769141672918">Workloads</strong> in the navigation pane.</span></li><li id="cce_10_0007__en-us_topic_0107283638_li1588424111338"><span>Click the <strong id="cce_10_0007__b199921814299">Deployments</strong> tab and choose <strong id="cce_10_0007__b1799951820293">More</strong> &gt; <strong id="cce_10_0007__b17031913299">Disable/Enable Upgrade</strong> in the <strong id="cce_10_0007__b180719162911">Operation</strong> column of the workload.</span></li><li id="cce_10_0007__en-us_topic_0107283638_li1288404118334"><span>In the dialog box that is displayed, click <strong id="cce_10_0007__b1688621162914">Yes</strong>.</span></li></ol>
</div>
<div class="section" id="cce_10_0007__en-us_topic_0107283638_section5931193015488"><a name="cce_10_0007__en-us_topic_0107283638_section5931193015488"></a><a name="en-us_topic_0107283638_section5931193015488"></a><h4 class="sectiontitle"><span class="keyword" id="cce_10_0007__en-us_topic_0107283638_keyword141731324132418">Managing Labels</span></h4><p id="cce_10_0007__en-us_topic_0107283638_p13735621112611">Labels are key-value pairs and can be attached to workloads. You can manage and select workloads by labels. You can add labels to multiple workloads or a specified workload.</p>
<ol id="cce_10_0007__en-us_topic_0107283638_ol6251112511220"><li id="cce_10_0007__en-us_topic_0107283638_li53548551606"><span>Log in to the <span id="cce_10_0007__ph3930134823011">CCE console</span>, go to the console of an existing cluster, and choose <strong id="cce_10_0007__b1335702382915">Workloads</strong> in the navigation pane.</span></li><li id="cce_10_0007__en-us_topic_0107283638_li22871259152611"><span>Click the <strong id="cce_10_0007__b1838219256291">Deployments</strong> tab and choose <strong id="cce_10_0007__b4383162552919">More</strong> &gt; <strong id="cce_10_0007__b2383225142917">Manage Label</strong> in the <strong id="cce_10_0007__b18383182512912">Operation</strong> column of the target workload.</span></li><li id="cce_10_0007__en-us_topic_0107283638_li47616189277"><span>Click <span><img id="cce_10_0007__image3143153919236" src="en-us_image_0000002434239840.png"></span>, enter a key and a value, and click <span class="uicontrol" id="cce_10_0007__uicontrol1277618274294"><b>OK</b></span>.</span><p><div class="note" id="cce_10_0007__en-us_topic_0107283638_note163751811133416"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0007__en-us_topic_0107283638_p03751011133411">A key-value pair must contain 1 to 63 characters starting and ending with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.</p>
<ol id="cce_10_0007__en-us_topic_0107283638_ol6251112511220"><li id="cce_10_0007__en-us_topic_0107283638_li53548551606"><span>Log in to the <span id="cce_10_0007__ph3930134823011">CCE console</span>, go to the console of an existing cluster, and choose <strong id="cce_10_0007__b1335702382915">Workloads</strong> in the navigation pane.</span></li><li id="cce_10_0007__en-us_topic_0107283638_li22871259152611"><span>Click the <strong id="cce_10_0007__b1838219256291">Deployments</strong> tab and choose <strong id="cce_10_0007__b4383162552919">More</strong> &gt; <strong id="cce_10_0007__b2383225142917">Manage Label</strong> in the <strong id="cce_10_0007__b18383182512912">Operation</strong> column of the target workload.</span></li><li id="cce_10_0007__en-us_topic_0107283638_li47616189277"><span>Click <span><img id="cce_10_0007__image3143153919236" src="en-us_image_0000002483959098.png"></span>, enter a key and a value, and click <span class="uicontrol" id="cce_10_0007__uicontrol1277618274294"><b>OK</b></span>.</span><p><div class="note" id="cce_10_0007__en-us_topic_0107283638_note163751811133416"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0007__en-us_topic_0107283638_p03751011133411">A key-value pair must contain 1 to 63 characters starting and ending with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.</p>
</div></div>
</p></li></ol>
</div>

50
docs/cce/umn/cce_10_0009.html
View File

File diff suppressed because it is too large Load Diff

8
docs/cce/umn/cce_10_0010.html
View File

@ -6,7 +6,7 @@
<ul id="cce_10_0010__ul65247121891"><li id="cce_10_0010__li14524161214917">Cluster network structure (<strong id="cce_10_0010__b1593645719381"><a href="#cce_10_0010__section1131733719195">Cluster Network Structure</a></strong>): A cluster consists of multiple nodes, and each node runs multiple pods (containers). To ensure the communications between nodes, between nodes and pods, and between pods, a cluster requires:<ul id="cce_10_0010__ul4887053103815"><li id="cce_10_0010__li2887853183810"><strong id="cce_10_0010__b2088745343815">A node network</strong>: enables all nodes in a cluster to communicate with each other.</li><li id="cce_10_0010__li289312539384"><strong id="cce_10_0010__b0887155318385">A container network</strong>: enables all pods in a cluster to communicate with each other using IP addresses without NAT.</li><li id="cce_10_0010__li2887205333818"><strong id="cce_10_0010__b688755323810">A Service network</strong>: ensures Services in a cluster can be accessed by other pods or Services in that cluster through stable virtual IP addresses.</li></ul>
</li><li id="cce_10_0010__li55241612391"><strong id="cce_10_0010__b1433181819395">Pod access in a cluster</strong>: Kubernetes provides Services (<a href="#cce_10_0010__section1860619221134">Service</a>) and ingresses (<a href="#cce_10_0010__section1248852094313">Ingress</a>) for pod access. This section summarizes common network access scenarios. You can select the appropriate scenario based on site requirements. For details about the network access scenarios, see <a href="#cce_10_0010__section1286493159">Access Scenarios</a>.</li></ul>
<div class="section" id="cce_10_0010__section1131733719195"><a name="cce_10_0010__section1131733719195"></a><a name="section1131733719195"></a><h4 class="sectiontitle">Cluster Network Structure</h4><p id="cce_10_0010__p1299218814417">Cluster networks are the core of Kubernetes. They ensure that containers in a cluster can communicate with each other and with external systems. There are:</p>
<ul id="cce_10_0010__ul71285348441"><li id="cce_10_0010__li9128173413440"><strong id="cce_10_0010__b766151614472">Node network</strong>: CCE uses VPC subnets as the node network of a cluster. The available IP addresses of a subnet limit the maximum number of nodes that can be created in a cluster. For example, a subnet with a mask of /24 can allocate a maximum of 254 node IP addresses. The number of nodes that can be created in a cluster is also affected by the container network. For details, see container network models.</li><li id="cce_10_0010__li36181922104819"><strong id="cce_10_0010__b890355844712">Container network</strong>: Pods in a cluster are allocated independent IP addresses. All pods in a cluster are on a flat network and can be accessed using their IP addresses without NAT. Kubernetes uses <a href="https://github.com/containernetworking/cni" target="_blank" rel="noopener noreferrer">Container Network Interface (CNI)</a> to standardize the network between containers. Network model plugins are used to allocate independent IP addresses to pods for flat network communications in a cluster. Different network models have different allocation principles.<div class="fignone" id="cce_10_0010__fig3527185315566"><span class="figcap"><b>Figure 1 </b>Container network</span><br><span><img class="eddx" id="cce_10_0010__image7527145315613" src="en-us_image_0000002467719141.png"></span></div>
<ul id="cce_10_0010__ul71285348441"><li id="cce_10_0010__li9128173413440"><strong id="cce_10_0010__b766151614472">Node network</strong>: CCE uses VPC subnets as the node network of a cluster. The available IP addresses of a subnet limit the maximum number of nodes that can be created in a cluster. For example, a subnet with a mask of /24 can allocate a maximum of 254 node IP addresses. The number of nodes that can be created in a cluster is also affected by the container network. For details, see container network models.</li><li id="cce_10_0010__li36181922104819"><strong id="cce_10_0010__b890355844712">Container network</strong>: Pods in a cluster are allocated independent IP addresses. All pods in a cluster are on a flat network and can be accessed using their IP addresses without NAT. Kubernetes uses <a href="https://github.com/containernetworking/cni" target="_blank" rel="noopener noreferrer">Container Network Interface (CNI)</a> to standardize the network between containers. Network model plugins are used to allocate independent IP addresses to pods for flat network communications in a cluster. Different network models have different allocation principles.<div class="fignone" id="cce_10_0010__fig3527185315566"><span class="figcap"><b>Figure 1 </b>Container network</span><br><span><img class="eddx" id="cce_10_0010__image7527145315613" src="en-us_image_0000002483959592.png"></span></div>
<p id="cce_10_0010__p17931122014208">Currently, CCE supports the following container network models:</p>
<ul id="cce_10_0010__ul10464211245"><li id="cce_10_0010__li124613292414"><a href="cce_10_0282.html">Container tunnel network</a>: This network model is constructed based on the node network through tunnel encapsulation, but it is independent of the node network. It uses VXLAN to encapsulate Ethernet packets into UDP packets and transmits them in tunnels. Open vSwitch serves as the backend virtual switch.</li><li id="cce_10_0010__li11464220244"><a href="cce_10_0283.html">VPC network</a>: This network model seamlessly combines VPC routing with the underlying network, making it ideal for high-performance scenarios. However, the maximum number of nodes allowed in a cluster is determined by the VPC route quota. Each node in a cluster that uses a VPC network is running in a subnet with a fixed number of IP addresses. The VPC network model outperforms the container tunnel network model in terms of performance because it does not have tunnel encapsulation overhead. In addition, as the routes destined for nodes and containers are added to a VPC route table, containers can be directly accessed from outside the cluster.</li><li id="cce_10_0010__li174612102411"><a href="cce_10_0284.html">Cloud Native Network 2.0</a> is a next-generation model developed by CCE and combines the network interfaces and supplementary network interfaces of VPC. Pod IP addresses are allocated from the VPC CIDR block. ELB passthrough networking is supported to forward requests to containers. Security groups and EIPs are associated to deliver high performance.</li></ul>
<p id="cce_10_0010__p14408316536">The performance, networking scale, and application scenarios of a container network vary depending on the container network model. For details about the functions and features of different container network models, see <a href="cce_10_0281.html">Overview</a>.</p>
@ -20,17 +20,17 @@
<p id="cce_10_0010__p1677717174140">For details about the Service, see <a href="cce_10_0249.html">Service Overview</a>.</p>
</div>
<div class="section" id="cce_10_0010__section1248852094313"><a name="cce_10_0010__section1248852094313"></a><a name="section1248852094313"></a><h4 class="sectiontitle">Ingress</h4><p id="cce_10_0010__p96672218193">Services forward requests using TCP and UDP at Layer 4. Ingresses forward requests using HTTP and HTTPS at Layer 7. Domain names and paths can be used for access of finer granularities.</p>
<div class="fignone" id="cce_10_0010__fig816719454212"><span class="figcap"><b>Figure 3 </b>An ingress and associated Services</span><br><span><img id="cce_10_0010__en-us_topic_0249851122_image8371183511310" src="en-us_image_0258961458.png"></span></div>
<div class="fignone" id="cce_10_0010__fig816719454212"><span class="figcap"><b>Figure 3 </b>An ingress and its associated Services</span><br><span><img id="cce_10_0010__en-us_topic_0249851122_image8371183511310" src="en-us_image_0258961458.png"></span></div>
<p id="cce_10_0010__p174691141141410">For details about the ingress, see <a href="cce_10_0094.html">Ingress Overview</a>.</p>
</div>
<div class="section" id="cce_10_0010__section19359105124011"><h4 class="sectiontitle">DNS</h4><p id="cce_10_0010__p783620210412">CCE uses CoreDNS to implement service discovery in a cluster. For example, a client can access backend pods through a ClusterIP Service whose name is mapped to a cluster-scoped virtual IP address. This approach decouples the invoking between applications in a cluster from specific IP addresses and deployment environments. For details about the cluster DNS settings, see <a href="cce_10_0360.html">DNS Overview</a>.</p>
<div class="fignone" id="cce_10_0010__fig56221517187"><span class="figcap"><b>Figure 4 </b>Example of domain name resolution in a cluster</span><br><span><img id="cce_10_0010__cce_10_0360_image13391194511278" src="en-us_image_0000002467679373.png"></span></div>
<div class="fignone" id="cce_10_0010__fig56221517187"><span class="figcap"><b>Figure 4 </b>Example of domain name resolution in a cluster</span><br><span><img id="cce_10_0010__cce_10_0360_image13391194511278" src="en-us_image_0000002516079535.png"></span></div>
</div>
<div class="section" id="cce_10_0010__section1286493159"><a name="cce_10_0010__section1286493159"></a><a name="section1286493159"></a><h4 class="sectiontitle">Access Scenarios</h4><p id="cce_10_0010__p1558001514155">Workload access scenarios can be categorized as follows:</p>
<ul id="cce_10_0010__ul125010117542"><li id="cce_10_0010__li1466355519018">Intra-cluster access: A ClusterIP Service is used for workloads in the same cluster to access each other.</li><li id="cce_10_0010__li1014011111110">Access from outside a cluster: A Service (NodePort or LoadBalancer type) or an ingress is recommended for a workload outside a cluster to access workloads in the cluster.<ul id="cce_10_0010__ul101426119117"><li id="cce_10_0010__li8904911447">Access through the public network: An EIP should be bound to the node or load balancer.</li><li id="cce_10_0010__li2501311125411">Access through the private network: The workload can be accessed through the internal IP address of the node or load balancer. If workloads are located in different VPCs, a peering connection is required to enable communication between different VPCs.</li></ul>
</li><li id="cce_10_0010__li1066365520014">The workload can access the external network as follows:<ul id="cce_10_0010__ul17529512239"><li id="cce_10_0010__li26601017165619">Accessing a private network: The workload accesses the private network address, but the implementation method varies depending on container network models. Ensure that the peer security group allows access from the container CIDR block.</li><li id="cce_10_0010__li8257105318237">Accessing a public network: Assign an EIP to the node where the workload runs (when a VPC network or tunnel network is used), bind an EIP to the pod IP address (when Cloud Native Network 2.0 is used), or configure an SNAT rule on the NAT gateway. For details, see <a href="cce_10_0400.html">Accessing the Internet from a Container</a>.</li></ul>
</li></ul>
<div class="fignone" id="cce_10_0010__fig13795829151515"><span class="figcap"><b>Figure 5 </b>Network access diagram</span><br><span><img id="cce_10_0010__image445972519529" src="en-us_image_0000002434080684.png"></span></div>
<div class="fignone" id="cce_10_0010__fig13795829151515"><span class="figcap"><b>Figure 5 </b>Network access diagram</span><br><span><img id="cce_10_0010__image445972519529" src="en-us_image_0000002516199539.png"></span></div>
</div>
</div>
<div>

4
docs/cce/umn/cce_10_0011.html
View File

@ -4,7 +4,7 @@
<div id="body1522736584192"><p id="cce_10_0011__p03821416270"><span class="keyword" id="cce_10_0011__keyword1546144019373">ClusterIP</span> is the default Service type of Kubernetes and provides stable intra-cluster access. Kubernetes assigns a virtual IP address (cluster-scoped IP address) that can only be accessed within the cluster from the Service CIDR block of the cluster. CoreDNS maps the <span class="uicontrol" id="cce_10_0011__uicontrol789033512616"><b>cluster-internal domain name</b></span> to the assigned cluster IP address. The domain name format is <em id="cce_10_0011__i111021242407">&lt;Service-name&gt;</em>.<em id="cce_10_0011__i210234114014">&lt;namespace-of-the-workload&gt;</em><strong id="cce_10_0011__b16102844404">.svc.cluster.local:</strong><em id="cce_10_0011__i91029414016">&lt;port&gt;</em>, for example, <strong id="cce_10_0011__b610215434010">nginx.default.svc.cluster.local:80</strong>.</p>
<p id="cce_10_0011__p326011246819">If pods need to communicate with each other within a cluster, you can create a ClusterIP Service. For example, if a frontend pod in a cluster needs to access a backend database in the same cluster, you can create a ClusterIP Service.</p>
<p id="cce_10_0011__p1778412445517"><a href="#cce_10_0011__fig192245420557">Figure 1</a> shows how ClusterIP works. You can learn about the access channel, container port, and access port mapping rules of this type of Service.</p>
<div class="fignone" id="cce_10_0011__fig192245420557"><a name="cce_10_0011__fig192245420557"></a><a name="fig192245420557"></a><span class="figcap"><b>Figure 1 </b>Intra-cluster access (ClusterIP)</span><br><span><img id="cce_10_0011__image1942163010278" src="en-us_image_0000002434081104.png"></span></div>
<div class="fignone" id="cce_10_0011__fig192245420557"><a name="cce_10_0011__fig192245420557"></a><a name="fig192245420557"></a><span class="figcap"><b>Figure 1 </b>Intra-cluster access (ClusterIP)</span><br><span><img id="cce_10_0011__image1942163010278" src="en-us_image_0000002516079663.png"></span></div>
<div class="section" id="cce_10_0011__section51925078171335"><h4 class="sectiontitle">Using the CCE Console</h4><ol id="cce_10_0011__ol1321170617144"><li id="cce_10_0011__li64402531616"><span>Log in to the <span id="cce_10_0011__cce_10_0004_ph18314322182">CCE console</span> and click the cluster name to access the cluster console.</span></li><li id="cce_10_0011__li836916478329"><span>In the navigation pane, choose <strong id="cce_10_0011__b18658321171411"><span id="cce_10_0011__text9765124722315">Services &amp; Ingresses</span></strong>. In the upper right corner, click <span class="uicontrol" id="cce_10_0011__uicontrol132971717714"><b>Create Service</b></span>.</span></li><li id="cce_10_0011__li3476651017144"><span>Configure intra-cluster access parameters.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0011__table23887196361" frame="border" border="1" rules="all"><thead align="left"><tr id="cce_10_0011__row33881619203617"><th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.5.2.3.2.1.1.3.1.1"><p id="cce_10_0011__p17388131914369">Parameter</p>
</th>
@ -41,7 +41,7 @@
</tr>
<tr id="cce_10_0011__row1961420125396"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.5.2.3.2.1.1.3.1.1 "><p id="cce_10_0011__p14614141216391">Port</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.5.2.3.2.1.1.3.1.2 "><ul id="cce_10_0011__ul6289131916397"><li id="cce_10_0011__li2289619143917"><strong id="cce_10_0011__b914900566">Protocol</strong>: the protocol supported by the Service.</li><li id="cce_10_0011__li628915191395"><strong id="cce_10_0011__b569396568">Container Port</strong>: the listening port of the service containers. The port ranges from 1 to 65535. You need to determine the port based on the container image. For example, the default port of Nginx is 80, and the default port of MySQL is 3306.</li><li id="cce_10_0011__li86391810174111"><strong id="cce_10_0011__b1066262561">Service Port</strong>: the port used to access the ClusterIP Service. You can customize the port as required. The port ranges from 1 to 65535.</li></ul>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.5.2.3.2.1.1.3.1.2 "><ul id="cce_10_0011__ul6289131916397"><li id="cce_10_0011__li2289619143917"><strong id="cce_10_0011__b97693479">Protocol</strong>: the protocol supported by the Service.</li><li id="cce_10_0011__li628915191395"><strong id="cce_10_0011__b1279989584">Container Port</strong>: the listening port of the service containers. The port ranges from 1 to 65535. You need to determine the port based on the container image. For example, the default port of Nginx is 80, and the default port of MySQL is 3306.</li><li id="cce_10_0011__li86391810174111"><strong id="cce_10_0011__b732021731">Service Port</strong>: the port used to access the ClusterIP Service. You can customize the port as required. The port ranges from 1 to 65535.</li></ul>
</td>
</tr>
</tbody>

35
docs/cce/umn/cce_10_0012.html
View File

@ -16,6 +16,12 @@
<td class="cellrowborder" valign="top" width="75.47%" headers="mcps1.3.2.2.3.2.2.2.3.1.2 "><p id="cce_10_0012__p17949173819260">Name of a node pool. By default, the name is in the format of <em id="cce_10_0012__i149877146013">Cluster name</em>-nodepool-<em id="cce_10_0012__i19923141302">Random number</em>. If you do not want to use the default name format, you can customize the name.</p>
</td>
</tr>
<tr id="cce_10_0012__row1099113459418"><td class="cellrowborder" valign="top" width="24.529999999999998%" headers="mcps1.3.2.2.3.2.2.2.3.1.1 "><p id="cce_10_0012__p1921320131017">Enterprise Project</p>
</td>
<td class="cellrowborder" valign="top" width="75.47%" headers="mcps1.3.2.2.3.2.2.2.3.1.2 "><p id="cce_10_0012__p199211620111019">This parameter is available only for enterprise users who have enabled an enterprise project, and the cluster version must be v1.21.15-r0, v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later.</p>
<p id="cce_10_0012__p1692192011107">After an enterprise project is selected, nodes will be created in the node pool within that project. To manage clusters and other resources like nodes, load balancers, and node security groups, you can use the Enterprise Project Management Service (EPS). </p>
</td>
</tr>
</tbody>
</table>
</div>
@ -77,37 +83,38 @@
</thead>
<tbody><tr id="cce_10_0012__cce_10_0363_row5669170585"><td class="cellrowborder" valign="top" width="20.02%" headers="mcps1.3.2.2.3.2.6.1.2.3.1.1 "><p id="cce_10_0012__cce_10_0363_p666916719588">System Disk</p>
</td>
<td class="cellrowborder" valign="top" width="79.97999999999999%" headers="mcps1.3.2.2.3.2.6.1.2.3.1.2 "><p id="cce_10_0012__cce_10_0363_p590942616323">System disk used by the node OS. The value ranges from 40 GiB to 1024 GiB. The default value is 50 GiB.</p>
<div class="p" id="cce_10_0012__cce_10_0363_en-us_topic_0107283640_p196385417139"><strong id="cce_10_0012__cce_10_0363_b11690144943516">System Disk Encryption</strong>: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. <strong id="cce_10_0012__cce_10_0363_b682192012018">Only the nodes of the Elastic Cloud Server (VM) type in certain regions support system disk encryption. For details, see the console.</strong><ul id="cce_10_0012__cce_10_0363_en-us_topic_0107283640_ul6195114261211"><li id="cce_10_0012__cce_10_0363_en-us_topic_0107283640_li5195194211127"><strong id="cce_10_0012__cce_10_0363_b3414281726">Not encrypted</strong> is selected by default.</li><li id="cce_10_0012__cce_10_0363_en-us_topic_0107283640_li5195184201217">If you select <strong id="cce_10_0012__cce_10_0363_b1914143518545">Enabled (key)</strong> for <strong id="cce_10_0012__cce_10_0363_b116539323544">System Disk Encryption</strong>, choose an existing key. If no key is available, click <strong id="cce_10_0012__cce_10_0363_b1741811243462">View Key List</strong> and create a key. After the key is created, click the refresh icon next to the text box.</li><li id="cce_10_0012__cce_10_0363_li143358157216">If you select <strong id="cce_10_0012__cce_10_0363_b1034961319913">Enabled (KMS key ID)</strong> for <strong id="cce_10_0012__cce_10_0363_b6349513895">System Disk Encryption</strong>, enter a KMS key (which can be shared by others) in the current region.</li></ul>
<td class="cellrowborder" valign="top" width="79.97999999999999%" headers="mcps1.3.2.2.3.2.6.1.2.3.1.2 "><p id="cce_10_0012__cce_10_0363_p590942616323">System disk used by the node OS. The value ranges from 40 GiB to 1,024 GiB. The default value is 50 GiB.</p>
<div class="p" id="cce_10_0012__cce_10_0363_en-us_topic_0107283640_p196385417139"><strong id="cce_10_0012__cce_10_0363_b11690144943516">System Disk Encryption</strong>: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. Only the nodes of the Elastic Cloud Server (VM) type in certain regions support system disk encryption. For details, see the console.<ul id="cce_10_0012__cce_10_0363_en-us_topic_0107283640_ul6195114261211"><li id="cce_10_0012__cce_10_0363_en-us_topic_0107283640_li5195194211127"><strong id="cce_10_0012__cce_10_0363_b3414281726">Not encrypted</strong> is selected by default.</li><li id="cce_10_0012__cce_10_0363_en-us_topic_0107283640_li5195184201217">If you select <strong id="cce_10_0012__cce_10_0363_b1914143518545">Enable (key name)</strong> for <strong id="cce_10_0012__cce_10_0363_b116539323544">System Disk Encryption</strong>, choose an existing key. If no key is available, click <strong id="cce_10_0012__cce_10_0363_b1741811243462">View Key List</strong> and create a key. After the key is created, click the refresh icon next to the text box.</li><li id="cce_10_0012__cce_10_0363_li143358157216">If you select <strong id="cce_10_0012__cce_10_0363_b1034961319913">Enable (key ID)</strong> for <strong id="cce_10_0012__cce_10_0363_b6349513895">System Disk Encryption</strong>, enter a KMS key (which can be shared by others) in the current region.</li></ul>
</div>
</td>
</tr>
<tr id="cce_10_0012__cce_10_0363_row913318122514"><td class="cellrowborder" valign="top" width="20.02%" headers="mcps1.3.2.2.3.2.6.1.2.3.1.1 "><p id="cce_10_0012__cce_10_0363_p1413315892519">System Component Storage</p>
</td>
<td class="cellrowborder" valign="top" width="79.97999999999999%" headers="mcps1.3.2.2.3.2.6.1.2.3.1.2 "><p id="cce_10_0012__cce_10_0363_p324785392516">Select a disk for storing system components.</p>
<ul id="cce_10_0012__cce_10_0363_ul566328102615"><li id="cce_10_0012__cce_10_0363_li3931805278"><strong id="cce_10_0012__cce_10_0363_b354258318">Data Disk</strong>: added for storing container runtime and kubelet components by default. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.</li><li id="cce_10_0012__cce_10_0363_li20663168152611"><strong id="cce_10_0012__cce_10_0363_b724291716512">System Disk</strong>: stores CCE resources such as downloaded images, ephemeral storage for containers, and container stdout logs. If the system disk is fully occupied, it will negatively affect the stability of the node.</li></ul>
<div class="note" id="cce_10_0012__cce_10_0363_note6478170183416"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="cce_10_0012__cce_10_0363_p5437848286">In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, you can select a disk for storing system components. If <a href="cce_10_0132.html">CCE Node Problem Detector</a> is used, ensure that its version is 1.19.2 or later.</p>
<ul id="cce_10_0012__cce_10_0363_ul566328102615"><li id="cce_10_0012__cce_10_0363_li3931805278"><strong id="cce_10_0012__cce_10_0363_b354258318">Data Disk</strong>: added for storing container runtime and kubelet components by default. The disk size ranges from 20 GiB to 32,768 GiB. The default value is 100 GiB. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.</li><li id="cce_10_0012__cce_10_0363_li20663168152611"><strong id="cce_10_0012__cce_10_0363_b724291716512">System Disk</strong>: stores CCE resources such as downloaded images, ephemeral storage for containers, and container stdout logs. If the system disk is fully occupied, it will negatively affect the stability of the node.</li></ul>
<div class="note" id="cce_10_0012__cce_10_0363_note6478170183416"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="cce_10_0012__cce_10_0363_p5437848286">Clusters v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0 and later support the selection of the storage location of system components. If the CCE Node Problem Detector add-on is required in the cluster, install v1.19.2 or a later version. For details about this add-on, see <a href="cce_10_0132.html">CCE Node Problem Detector</a>.</p>
</div></div>
</td>
</tr>
<tr id="cce_10_0012__cce_10_0363_row1966913718588"><td class="cellrowborder" valign="top" width="20.02%" headers="mcps1.3.2.2.3.2.6.1.2.3.1.1 "><p id="cce_10_0012__cce_10_0363_p0669147185817">Data Disk</p>
</td>
<td class="cellrowborder" valign="top" width="79.97999999999999%" headers="mcps1.3.2.2.3.2.6.1.2.3.1.2 "><ul id="cce_10_0012__cce_10_0363_ul13347201216402"><li id="cce_10_0012__cce_10_0363_li103472126407"><strong id="cce_10_0012__cce_10_0363_b14356162274112">At least one default data disk must be added</strong> for storing container runtime and kubelet components if <span class="uicontrol" id="cce_10_0012__cce_10_0363_uicontrol1570817562482"><b>System Component Storage</b></span> is set to <span class="uicontrol" id="cce_10_0012__cce_10_0363_uicontrol179781326143914"><b>Data Disk</b></span>. <strong id="cce_10_0012__cce_10_0363_b5708195624814">This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.</strong> This function is available for clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0.<ul id="cce_10_0012__cce_10_0363_ul324262033711"><li id="cce_10_0012__cce_10_0363_li1124252010378">Default data disk: used for container runtime and kubelet components. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB.</li><li id="cce_10_0012__cce_10_0363_li6177165413374">Other common data disks: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.</li></ul>
</li><li id="cce_10_0012__cce_10_0363_li18830161664015">If <span class="uicontrol" id="cce_10_0012__cce_10_0363_uicontrol2621173512497"><b>System Component Storage</b></span> is set to <span class="uicontrol" id="cce_10_0012__cce_10_0363_uicontrol19561032184918"><b>System Disk</b></span>, you do not need to add a default data disk. In this case, all data disks are common ones: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB. This function is available for clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later versions.</li></ul>
<td class="cellrowborder" valign="top" width="79.97999999999999%" headers="mcps1.3.2.2.3.2.6.1.2.3.1.2 "><ul id="cce_10_0012__cce_10_0363_ul13347201216402"><li id="cce_10_0012__cce_10_0363_li103472126407">At least one default data disk must be added if <strong id="cce_10_0012__cce_10_0363_b2563101631720">System Component Storage</strong> is set to <strong id="cce_10_0012__cce_10_0363_b2563191614178">Data Disk</strong> for the container runtime and kubelet. This data disk cannot be deleted or uninstalled. If it is deleted or uninstalled, the node will be unavailable.<ul id="cce_10_0012__cce_10_0363_ul324262033711"><li id="cce_10_0012__cce_10_0363_li1124252010378">Default data disk: used for container runtime and kubelet components. The disk size ranges from 20 GiB to 32,768 GiB. The default value is 100 GiB.</li><li id="cce_10_0012__cce_10_0363_li6177165413374">Other common data disks: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.</li></ul>
</li><li id="cce_10_0012__cce_10_0363_li18830161664015">If <span class="uicontrol" id="cce_10_0012__cce_10_0363_uicontrol2621173512497"><b>System Component Storage</b></span> is set to <span class="uicontrol" id="cce_10_0012__cce_10_0363_uicontrol19561032184918"><b>System Disk</b></span>, you do not need to add a default data disk. In this case, all data disks are common ones. You can set the data disk size to a value ranging from 10 GiB to 32,768 GiB. The default value is 100 GiB.</li></ul>
<div class="note" id="cce_10_0012__cce_10_0363_note95411755120"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="cce_10_0012__cce_10_0363_ul1388875765811"><li id="cce_10_0012__cce_10_0363_li9888165712586">If the node flavor is disk-intensive or ultra-high I/O, one data disk can be a local disk.</li><li id="cce_10_0012__cce_10_0363_li7888757125811">Local disks may break down and do not ensure data reliability. Store your service data in EVS disks, which are more reliable than local disks.</li></ul>
</div></div>
<p id="cce_10_0012__cce_10_0363_p20408122884010"><strong id="cce_10_0012__cce_10_0363_b168590318488">Advanced Settings</strong></p>
<div class="dropdownexpand"><div class="dropdowntitle" onclick="ExpandorCollapseNode(this)"><p id="cce_10_0012__cce_10_0363_p3752312011">Expand the area and configure the following parameters:</p></div>
<div class="dropdowncontext"><ul id="cce_10_0012__cce_10_0363_ul197721145155911"><li id="cce_10_0012__cce_10_0363_li12110343014"><strong id="cce_10_0012__cce_10_0363_b158191435122117">Data Disk Space Allocation</strong>: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see <a href="cce_10_0341.html">Space Allocation of a Data Disk</a>.</li><li id="cce_10_0012__cce_10_0363_li1095641711169"><strong id="cce_10_0012__cce_10_0363_b8672113734817">Data Disk Encryption</strong>: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. <ul id="cce_10_0012__cce_10_0363_ul1924511512168"><li id="cce_10_0012__cce_10_0363_li4245181561611"><strong id="cce_10_0012__cce_10_0363_b1573516333164">Not encrypted</strong> is selected by default.</li><li id="cce_10_0012__cce_10_0363_li172751284225">If you select <strong id="cce_10_0012__cce_10_0363_b16761923958">Enabled (key)</strong> for <strong id="cce_10_0012__cce_10_0363_b1267610231951">Data Disk Encryption</strong>, choose an existing key. If no key is available, click <strong id="cce_10_0012__cce_10_0363_b76761231051">View Key List</strong> and create a key. After the key is created, click the refresh icon next to the text box.</li><li id="cce_10_0012__cce_10_0363_li22751687228">If you select <strong id="cce_10_0012__cce_10_0363_b79545611132">Enabled (KMS key ID)</strong> for <strong id="cce_10_0012__cce_10_0363_b129547621311">Data Disk Encryption</strong>, enter a KMS key (which can be shared by others) in the current region.</li></ul>
<div class="dropdownexpand"><div class="dropdowntitle" onclick="ExpandorCollapseNode(this)"><p id="cce_10_0012__cce_10_0363_p3752312011">For the default data disk used by the container runtime and kubelet, expand advanced settings and configure the following parameters:</p></div>
<div class="dropdowncontext"><ul id="cce_10_0012__cce_10_0363_ul197721145155911"><li id="cce_10_0012__cce_10_0363_li12110343014"><strong id="cce_10_0012__cce_10_0363_b158191435122117">Data Disk Space Allocation</strong>: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see <a href="cce_10_0341.html">Space Allocation of a Data Disk</a>.</li><li id="cce_10_0012__cce_10_0363_li1721650566"><strong id="cce_10_0012__cce_10_0363_b14167265318">Write Mode</strong>: You can select <a href="#cce_10_0012__cce_10_0363_li1152213439519">Linear</a> or <a href="#cce_10_0012__cce_10_0363_li1852244310516">Striped</a> for the default data disk.</li><li id="cce_10_0012__cce_10_0363_li1095641711169"><strong id="cce_10_0012__cce_10_0363_b8672113734817">Data Disk Encryption</strong>: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. <ul id="cce_10_0012__cce_10_0363_ul1924511512168"><li id="cce_10_0012__cce_10_0363_li4245181561611"><strong id="cce_10_0012__cce_10_0363_b1573516333164">Not encrypted</strong> is selected by default.</li><li id="cce_10_0012__cce_10_0363_li172751284225">If you select <strong id="cce_10_0012__cce_10_0363_b16761923958">Enable (key name)</strong> for <strong id="cce_10_0012__cce_10_0363_b1267610231951">Data Disk Encryption</strong>, choose an existing key. If no key is available, click <strong id="cce_10_0012__cce_10_0363_b76761231051">View Key List</strong> and create a key. After the key is created, click the refresh icon next to the text box.</li><li id="cce_10_0012__cce_10_0363_li22751687228">If you select <strong id="cce_10_0012__cce_10_0363_b79545611132">Enable (key ID)</strong> for <strong id="cce_10_0012__cce_10_0363_b129547621311">Data Disk Encryption</strong>, enter a KMS key (which can be shared by others) in the current region.</li></ul>
</li></ul>
</div></div><p id="cce_10_0012__cce_10_0363_p1391618153118"><strong id="cce_10_0012__cce_10_0363_b698132517473">Adding data disks</strong></p>
<p id="cce_10_0012__cce_10_0363_p45741654112612">A maximum of 16 data disks can be attached to an ECS. By default, a raw disk is created without any processing. You can also click <strong id="cce_10_0012__cce_10_0363_b1353214375715">Expand</strong> and select any of the following options:</p>
<ul id="cce_10_0012__cce_10_0363_ul198131191414"><li id="cce_10_0012__cce_10_0363_li1681481912112"><strong id="cce_10_0012__cce_10_0363_b650951155715">Default</strong>: By default, a raw disk is created without any processing.</li><li id="cce_10_0012__cce_10_0363_li108141119311"><strong id="cce_10_0012__cce_10_0363_b1791414137595">Mount Disk</strong>: The data disk is attached to a specified directory.</li><li id="cce_10_0012__cce_10_0363_li18141219612"><strong id="cce_10_0012__cce_10_0363_b12108139105910">Use as PV</strong>: applicable when there is a high performance requirement on PVs. The <strong id="cce_10_0012__cce_10_0363_b57411338611">node.kubernetes.io/local-storage-persistent</strong> label is added to the node with PV configured. The value is <strong id="cce_10_0012__cce_10_0363_b0496143919615">linear</strong> or <strong id="cce_10_0012__cce_10_0363_b2800194113618">striped</strong>.</li><li id="cce_10_0012__cce_10_0363_li17814619119"><strong id="cce_10_0012__cce_10_0363_b154131531010">Use as ephemeral volume</strong>: applicable when there is a high performance requirement on emptyDir.</li></ul>
<p id="cce_10_0012__cce_10_0363_p1077134819548"><a href="cce_10_0391.html">PVs</a> and <a href="cce_10_0726.html">EVs</a> support the following write modes:</p>
<ul id="cce_10_0012__cce_10_0363_ul1752212438513"><li id="cce_10_0012__cce_10_0363_li1152213439519"><strong id="cce_10_0012__cce_10_0363_b198983618468">Linear</strong>: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.</li><li id="cce_10_0012__cce_10_0363_li1852244310516"><strong id="cce_10_0012__cce_10_0363_b177696864712">Striped</strong>: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence. This allows data to be concurrently read and written. A storage pool consisting of striped volumes cannot be scaled-out. This option can be selected only when there are multiple volumes.</li></ul>
<div class="note" id="cce_10_0012__cce_10_0363_note18645194919433"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="cce_10_0012__cce_10_0363_ul76451449144314"><li id="cce_10_0012__cce_10_0363_li3645049194318">Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.</li><li id="cce_10_0012__cce_10_0363_li1645649184315">Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.</li></ul>
<p id="cce_10_0012__cce_10_0363_p45741654112612">A maximum of 16 data disks can be attached to an ECS. By default, a raw disk is created without any processing.</p>
<p id="cce_10_0012__cce_10_0363_p839618351931">You can also click <strong id="cce_10_0012__cce_10_0363_b1353214375715">Expand</strong> and select any of the following options:</p>
<ul id="cce_10_0012__cce_10_0363_ul198131191414"><li id="cce_10_0012__cce_10_0363_li1681481912112"><strong id="cce_10_0012__cce_10_0363_b650951155715">Default</strong>: By default, a raw disk is created without any processing.</li><li id="cce_10_0012__cce_10_0363_li108141119311"><strong id="cce_10_0012__cce_10_0363_b1791414137595">Mount Disk</strong>: The data disk is attached to a specified directory.</li><li id="cce_10_0012__cce_10_0363_li18141219612"><a href="cce_10_0391.html">Use as PV</a>: applicable when there is a high performance requirement on PVs. The <strong id="cce_10_0012__cce_10_0363_b57411338611">node.kubernetes.io/local-storage-persistent</strong> label is added to the node with PV configured. The value is <strong id="cce_10_0012__cce_10_0363_b0496143919615">linear</strong> or <strong id="cce_10_0012__cce_10_0363_b2800194113618">striped</strong>.</li><li id="cce_10_0012__cce_10_0363_li17814619119"><a href="cce_10_0726.html">Use as ephemeral volume</a>: applicable when there is a high performance requirement on emptyDir.<div class="note" id="cce_10_0012__cce_10_0363_note153779122023"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="cce_10_0012__cce_10_0363_ul14378181210212"><li id="cce_10_0012__cce_10_0363_li15378201211219">Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.</li><li id="cce_10_0012__cce_10_0363_li33781312025">Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.</li></ul>
</div></div>
</td>
</li></ul>
<div class="dropdownexpand"><div class="dropdowntitle" onclick="ExpandorCollapseNode(this)"><p id="cce_10_0012__cce_10_0363_p1077134819548">If the data disk is not mounted by default, the following write modes are supported:</p></div>
<div class="dropdowncontext"><ul id="cce_10_0012__cce_10_0363_ul1752212438513"><li id="cce_10_0012__cce_10_0363_li1152213439519"><a name="cce_10_0012__cce_10_0363_li1152213439519"></a><a name="cce_10_0363_li1152213439519"></a><strong id="cce_10_0012__cce_10_0363_b198983618468">Linear</strong>: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.</li><li id="cce_10_0012__cce_10_0363_li1852244310516"><a name="cce_10_0012__cce_10_0363_li1852244310516"></a><a name="cce_10_0363_li1852244310516"></a><strong id="cce_10_0012__cce_10_0363_b177696864712">Striped</strong>: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence. This allows data to be concurrently read and written. A storage pool consisting of striped volumes cannot be scaled-out. This option is available only if there are at least two data disks.</li></ul>
</div></div></td>
</tr>
</tbody>
</table>

2
docs/cce/umn/cce_10_0014.html
View File

@ -26,7 +26,7 @@
</li>
<li class="ulchildlink"><strong><a href="cce_10_0924.html">Changing a Custom EIP for a LoadBalancer Service</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="cce_10_0685.html">Setting the Pod Ready Status Through the ELB Health Check</a></strong><br>
<li class="ulchildlink"><strong><a href="cce_10_0685.html">Setting the Pod Readiness Status Through an ELB Health Check</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="cce_10_0084.html">Enabling ICMP Security Group Rules</a></strong><br>
</li>

8
docs/cce/umn/cce_10_0018.html
View File

@ -4,7 +4,7 @@
<div id="body1522667123001"><p id="cce_10_0018__p78381781804">CCE works with AOM 1.0 to collect workload logs. When a node is created, ICAgent (a DaemonSet named <strong id="cce_10_0018__b13829819578">icagent</strong> in the <strong id="cce_10_0018__b697274313582">kube-system</strong> namespace of a cluster) is installed by default. ICAgent collects workload logs and reports them to AOM 1.0. You can view workload logs on the CCE or AOM 1.0 console.</p>
<div class="section" id="cce_10_0018__section17884754413"><h4 class="sectiontitle">Constraints</h4><p id="cce_10_0018__p23831558355">ICAgent only collects text log files in .log, .trace, and .out formats.</p>
</div>
<div class="section" id="cce_10_0018__section1951732710"><h4 class="sectiontitle">Using ICAgent to Collect Logs</h4><ol id="cce_10_0018__ol1253654833013"><li id="cce_10_0018__li19284854163014"><span>When <a href="cce_10_0047.html">creating a workload</a>, choose <strong id="cce_10_0018__b15344161695011">Logging</strong> in <strong id="cce_10_0018__b1381882085012">Container Information</strong>.</span></li><li id="cce_10_0018__li2427158104715"><span>Click <span><img id="cce_10_0018__image134281583473" src="en-us_image_0000002467679305.png"></span> to add a log policy.</span><p><p id="cce_10_0018__p9862125810472">The following uses Nginx as an example. Log policies vary depending on workloads.</p>
<div class="section" id="cce_10_0018__section1951732710"><h4 class="sectiontitle">Using ICAgent to Collect Logs</h4><ol id="cce_10_0018__ol1253654833013"><li id="cce_10_0018__li19284854163014"><span>When <a href="cce_10_0047.html">creating a workload</a>, choose <strong id="cce_10_0018__b15344161695011">Logging</strong> in <strong id="cce_10_0018__b1381882085012">Container Information</strong>.</span></li><li id="cce_10_0018__li2427158104715"><span>Click <span><img id="cce_10_0018__image134281583473" src="en-us_image_0000002516079543.png"></span> to add a log policy.</span><p><p id="cce_10_0018__p9862125810472">The following uses Nginx as an example. Log policies vary depending on workloads.</p>
</p></li><li id="cce_10_0018__li1479392315150"><span>Set <strong id="cce_10_0018__b5461630195419">Volume Type</strong> to <span class="uicontrol" id="cce_10_0018__uicontrol105212302547"><b>hostPath</b></span> or <span class="uicontrol" id="cce_10_0018__uicontrol1752103095410"><b>emptyDir</b></span>.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0018__table115901715550" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for configuring a log policy</caption><thead align="left"><tr id="cce_10_0018__row45851074554"><th align="left" class="cellrowborder" valign="top" width="22.12%" id="mcps1.3.3.2.3.2.1.2.3.1.1"><p id="cce_10_0018__p115843785517">Parameter</p>
</th>
@ -97,7 +97,7 @@ spec:
name: vol-log
imagePullSecrets:
- name: default-secret</pre>
<p id="cce_10_0018__p878213715533">The following shows how to use a hostPath volume. Compared with emptyDir, the type of <strong id="cce_10_0018__b116061846152315">volumes</strong> is changed to <strong id="cce_10_0018__b19606134616237">hostPath</strong>, and the path on the host needs to be configured for this hostPath volume. In the following example, <span class="uicontrol" id="cce_10_0018__uicontrol046012383406"><b>/tmp/log</b></span> on the host is mounted to <span class="uicontrol" id="cce_10_0018__uicontrol1546533819400"><b>/var/log/nginx</b></span>. In this way, the ICAgent can collect logs in <strong id="cce_10_0018__b1246512382409">/var/log/nginx</strong>, without deleting the logs from <strong id="cce_10_0018__b64661838144012">/tmp/log</strong>.</p>
<p id="cce_10_0018__p878213715533">The following shows how to use a hostPath volume. Compared with emptyDir, the type of <strong id="cce_10_0018__b116061846152315">volumes</strong> is changed to <strong id="cce_10_0018__b19606134616237">hostPath</strong>, and the path on the host needs to be configured for this hostPath volume. In the following example, <span class="uicontrol" id="cce_10_0018__uicontrol046012383406"><b>/tmp/log</b></span> on the host is mounted to <span class="uicontrol" id="cce_10_0018__uicontrol1546533819400"><b>/var/log/nginx</b></span>. In this way, the ICAgent can collect logs in <strong id="cce_10_0018__b1246512382409">/var/log/nginx</strong>, and the logs are still stored in <strong id="cce_10_0018__b64661838144012">/tmp/log</strong>.</p>
<pre class="screen" id="cce_10_0018__screen1347245314534">apiVersion: apps/v1
kind: Deployment
metadata:
@ -154,8 +154,8 @@ spec:
<td class="cellrowborder" valign="top" width="19.23%" headers="mcps1.3.4.7.2.4.1.2 "><p id="cce_10_0018__p6329709512">Extended host path</p>
</td>
<td class="cellrowborder" valign="top" width="63.71%" headers="mcps1.3.4.7.2.4.1.3 "><p id="cce_10_0018__p32881805119">Extended host paths contain pod IDs or container names to distinguish different containers into which the host path is mounted.</p>
<p id="cce_10_0018__p1728888115112">A level-3 directory is added to the original volume directory/subdirectory. You can easily obtain the files output by a single <span class="keyword" id="cce_10_0018__keyword39514290">Pod</span>.</p>
<ul id="cce_10_0018__ul2028828105113"><li id="cce_10_0018__li428815865110"><strong id="cce_10_0018__b1265292060">None</strong>: No extended path is configured.</li><li id="cce_10_0018__li62889814517"><strong id="cce_10_0018__b833957999">PodUID</strong>: ID of a pod.</li><li id="cce_10_0018__li528818135113"><strong id="cce_10_0018__b938033014">PodName</strong>: name of a pod.</li><li id="cce_10_0018__li62882084517"><strong id="cce_10_0018__b899085775">PodUID/ContainerName</strong>: ID of a pod or name of a container.</li><li id="cce_10_0018__li528898175110"><strong id="cce_10_0018__b8818125942116">PodName/ContainerName</strong>: name of a pod or container.</li></ul>
<p id="cce_10_0018__p1728888115112">A level-3 directory is added to the original volume directory/subdirectory. You can easily obtain the files output by a single <span class="keyword" id="cce_10_0018__keyword463048936">Pod</span>.</p>
<ul id="cce_10_0018__ul2028828105113"><li id="cce_10_0018__li428815865110"><strong id="cce_10_0018__b1673084912">None</strong>: No extended path is configured.</li><li id="cce_10_0018__li62889814517"><strong id="cce_10_0018__b96424558">PodUID</strong>: ID of a pod.</li><li id="cce_10_0018__li528818135113"><strong id="cce_10_0018__b1468169494">PodName</strong>: name of a pod.</li><li id="cce_10_0018__li62882084517"><strong id="cce_10_0018__b2057286321">PodUID/ContainerName</strong>: ID of a pod or name of a container.</li><li id="cce_10_0018__li528898175110"><strong id="cce_10_0018__b8818125942116">PodName/ContainerName</strong>: name of a pod or container.</li></ul>
</td>
</tr>
<tr id="cce_10_0018__row732915085118"><td class="cellrowborder" valign="top" width="17.06%" headers="mcps1.3.4.7.2.4.1.1 "><p id="cce_10_0018__p17329004514">policy.logs.rotate</p>

2
docs/cce/umn/cce_10_0020.html
View File

@ -14,6 +14,8 @@
</li>
<li class="ulchildlink"><strong><a href="cce_10_0359.html">DNS</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="cce_10_0679.html">Cluster Network Settings</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="cce_10_0399.html">Configuring Intra-VPC Access</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="cce_10_0400.html">Accessing the Internet from a Container</a></strong><br>

2
docs/cce/umn/cce_10_0025.html
View File

@ -2,7 +2,7 @@
<h1 class="topictitle1">CCE Operations Supported by CTS</h1>
<div id="body1525226397666"><p id="cce_10_0025__p128516588310"><span class="keyword" id="cce_10_0025__keyword8727184318148">Cloud Trace Service</span> (<span class="keyword" id="cce_10_0025__keyword3727043181411">CTS</span>) records operations on cloud service resources, allowing you to query, audit, and backtrack the resource operation requests initiated from the CCE console or open APIs as well as responses to the requests.</p>
<div class="note" id="cce_10_0025__note5938163561716"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0025__p149803512186">To collect the query events (Get and List) listed in the table below, enable read-only event reporting of CCE in CTS. Because query operations occur far more frequently than addition, deletion, or modification operations, enabling this function may generate a large volume of events. Assess the potential impact before enabling it. </p>
<div class="note" id="cce_10_0025__note5938163561716"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0025__p149803512186">To collect the query events (Get and List) listed in the table below, enable read-only event reporting of CCE in CTS. Because query operations occur far more frequently than addition, deletion, or modification operations, enabling this function may generate a large number of events. Assess the potential impacts before enabling it.</p>
</div></div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0025__table10122133613599" frame="border" border="1" rules="all"><caption><b>Table 1 </b>CCE operations supported by CTS</caption><thead align="left"><tr id="cce_10_0025__row1612243618593"><th align="left" class="cellrowborder" valign="top" width="28.37%" id="mcps1.3.3.2.4.1.1"><p id="cce_10_0025__p5122153665915">Operation</p>

8
docs/cce/umn/cce_10_0026.html
View File

@ -5,7 +5,7 @@
</div>
<div class="section" id="cce_10_0026__en-us_topic_0179639644_section036851413573"><h4 class="sectiontitle">What Is a Trace?</h4><p id="cce_10_0026__en-us_topic_0179639644_p7344192412579">A trace is an operation log for a cloud service resource, tracked and stored by CTS. Traces record operations such as adding, modifying, or deleting cloud service resources. You can view them to identify who performed operations and when for detailed tracking.</p>
</div>
<div class="section" id="cce_10_0026__en-us_topic_0179639644_section19271975203"><h4 class="sectiontitle">Viewing Traces in the Trace List</h4><ol id="cce_10_0026__en-us_topic_0179639644_ol143115612115"><li id="cce_10_0026__en-us_topic_0179639644_li1629194722218"><span>Log in to the management console, click <span><img id="cce_10_0026__en-us_topic_0179639644_image1229124714224" src="en-us_image_0000002359774578.png"></span> in the upper left corner, and choose <strong id="cce_10_0026__en-us_topic_0179639644_b0101171161313">Management &amp; Deployment</strong> &gt; <strong id="cce_10_0026__en-us_topic_0179639644_b17101511131310">Cloud Trace Service</strong>.</span></li><li id="cce_10_0026__en-us_topic_0179639644_li1443115692119"><span>In the navigation pane, choose <strong id="cce_10_0026__en-us_topic_0179639644_b5352121921314">Trace List</strong>.</span></li><li id="cce_10_0026__en-us_topic_0179639644_li1468123811239"><span>In the upper right corner of the page, set a desired query time range: <strong id="cce_10_0026__en-us_topic_0179639644_b18885164252718">Last 1 hour</strong>, <strong id="cce_10_0026__en-us_topic_0179639644_b3885114232715">Last 1 day</strong>, or <strong id="cce_10_0026__en-us_topic_0179639644_b1688574213277">Last 1 week</strong>. You can also click <strong id="cce_10_0026__en-us_topic_0179639644_b288519425275">Customize</strong> to specify a custom time range within the last seven days.</span></li><li id="cce_10_0026__en-us_topic_0179639644_li243155612119"><span>Set filters to search for your desired traces, as shown in <a href="#cce_10_0026__en-us_topic_0179639644_fig139361441134311">Figure 1</a>.</span><p><div class="fignone" id="cce_10_0026__en-us_topic_0179639644_fig139361441134311"><a name="cce_10_0026__en-us_topic_0179639644_fig139361441134311"></a><a name="en-us_topic_0179639644_fig139361441134311"></a><span class="figcap"><b>Figure 1 </b>Filters</span><br><span><img id="cce_10_0026__en-us_topic_0179639644_image14936144112433" src="en-us_image_0000001744598325.png"></span></div>
<div class="section" id="cce_10_0026__en-us_topic_0179639644_section19271975203"><h4 class="sectiontitle">Viewing Traces in the Trace List</h4><ol id="cce_10_0026__en-us_topic_0179639644_ol143115612115"><li id="cce_10_0026__en-us_topic_0179639644_li1629194722218"><span>Log in to the management console, click <span><img id="cce_10_0026__en-us_topic_0179639644_image1229124714224" src="en-us_image_0000002359774578.png"></span> in the upper left corner, and choose <strong id="cce_10_0026__en-us_topic_0179639644_b0101171161313">Management &amp; Deployment</strong> &gt; <strong id="cce_10_0026__en-us_topic_0179639644_b17101511131310">Cloud Trace Service</strong>.</span></li><li id="cce_10_0026__en-us_topic_0179639644_li1443115692119"><span>In the navigation pane, choose <strong id="cce_10_0026__en-us_topic_0179639644_b5352121921314">Trace List</strong>.</span></li><li id="cce_10_0026__en-us_topic_0179639644_li1468123811239"><span>In the upper right corner of the page, set a desired query time range: <strong id="cce_10_0026__en-us_topic_0179639644_b192893416490">Last 1 hour</strong>, <strong id="cce_10_0026__en-us_topic_0179639644_b122899464911">Last 1 day</strong>, or <strong id="cce_10_0026__en-us_topic_0179639644_b19289147490">Last 1 week</strong>. You can also click <strong id="cce_10_0026__en-us_topic_0179639644_b328913414912">Customize</strong> to specify a custom time range within the last seven days.</span></li><li id="cce_10_0026__en-us_topic_0179639644_li243155612119"><span>Set filters to search for your desired traces, as shown in <a href="#cce_10_0026__en-us_topic_0179639644_fig139361441134311">Figure 1</a>.</span><p><div class="fignone" id="cce_10_0026__en-us_topic_0179639644_fig139361441134311"><a name="cce_10_0026__en-us_topic_0179639644_fig139361441134311"></a><a name="en-us_topic_0179639644_fig139361441134311"></a><span class="figcap"><b>Figure 1 </b>Filters</span><br><span><img id="cce_10_0026__en-us_topic_0179639644_image14936144112433" src="en-us_image_0000001744598325.png"></span></div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0026__en-us_topic_0179639644_table147746583014" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Trace filtering parameters</caption><thead align="left"><tr id="cce_10_0026__en-us_topic_0179639644_row1877510573019"><th align="left" class="cellrowborder" valign="top" width="18.95%" id="mcps1.3.3.2.4.2.2.2.3.1.1"><p id="cce_10_0026__en-us_topic_0179639644_p1877512593016">Parameter</p>
</th>
@ -27,14 +27,14 @@
<tr id="cce_10_0026__en-us_topic_0179639644_row531111429400"><td class="cellrowborder" valign="top" width="18.95%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="cce_10_0026__en-us_topic_0179639644_p167757553018">Resource type</p>
</td>
<td class="cellrowborder" valign="top" width="81.05%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><p id="cce_10_0026__en-us_topic_0179639644_p1677513515307">Select the type of the resource involved in a trace from the drop-down list.</p>
<p id="cce_10_0026__en-us_topic_0179639644_p1077535173016">For details about the resource types of each cloud service, see section "Supported Services and Operations" in the <em id="cce_10_0026__en-us_topic_0179639644_i62441747131712">Cloud Trace Service User Guide</em>.</p>
<p id="cce_10_0026__en-us_topic_0179639644_p1077535173016">For details about the resource types of each cloud service, see section "Supported Services and Operations" in the <em id="cce_10_0026__en-us_topic_0179639644_i1090794613497">Cloud Trace Service User Guide</em>.</p>
</td>
</tr>
<tr id="cce_10_0026__en-us_topic_0179639644_row17951953163817"><td class="cellrowborder" valign="top" width="18.95%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="cce_10_0026__en-us_topic_0179639644_p17951145393815">Search By</p>
</td>
<td class="cellrowborder" valign="top" width="81.05%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><p id="cce_10_0026__en-us_topic_0179639644_p1866016362423">Select one of the following options:</p>
<ul id="cce_10_0026__en-us_topic_0179639644_ul8324201518432"><li id="cce_10_0026__en-us_topic_0179639644_li1332441519434"><strong id="cce_10_0026__en-us_topic_0179639644_b17755195192214">Resource ID</strong>: ID of the cloud resource involved in a trace.<p id="cce_10_0026__en-us_topic_0179639644_p927319140446">Leave this field empty if the resource has no resource ID or if resource creation failed.</p>
</li><li id="cce_10_0026__en-us_topic_0179639644_li19324111594319"><strong id="cce_10_0026__en-us_topic_0179639644_b20740051162314">Trace name</strong>: name of a trace.<p id="cce_10_0026__en-us_topic_0179639644_p162131756164314">For details about the operations that can be audited for each cloud service, see section "Supported Services and Operations" in the <em id="cce_10_0026__en-us_topic_0179639644_i1219145055114">Cloud Trace Service User Guide</em>.</p>
</li><li id="cce_10_0026__en-us_topic_0179639644_li19324111594319"><strong id="cce_10_0026__en-us_topic_0179639644_b20740051162314">Trace name</strong>: name of a trace.<p id="cce_10_0026__en-us_topic_0179639644_p162131756164314">For details about the operations that can be audited for each cloud service, see section "Supported Services and Operations" in the <em id="cce_10_0026__en-us_topic_0179639644_i185782113507">Cloud Trace Service User Guide</em>.</p>
</li><li id="cce_10_0026__en-us_topic_0179639644_li53251315144311"><strong id="cce_10_0026__en-us_topic_0179639644_b113836152512">Resource name</strong>: name of the cloud resource involved in a trace.<p id="cce_10_0026__en-us_topic_0179639644_p546964974419">If the cloud resource involved in the trace does not have a resource name or the corresponding API operation does not involve the resource name parameter, leave this field empty.</p>
</li></ul>
</td>
@ -59,7 +59,7 @@
</p></li><li id="cce_10_0026__en-us_topic_0179639644_li15432145622119"><span>Click <span><img id="cce_10_0026__en-us_topic_0179639644_image9947176447" src="en-us_image_0000001744678489.jpg"></span> on the left of a trace to expand its details.</span><p><p id="cce_10_0026__en-us_topic_0179639644_p1294101714446"></p>
<p id="cce_10_0026__en-us_topic_0179639644_p1694171715446"><span><img id="cce_10_0026__en-us_topic_0179639644_image1767234653119" src="en-us_image_0000001942942816.png"></span></p>
<p id="cce_10_0026__en-us_topic_0179639644_p145491156142711"></p>
</p></li><li id="cce_10_0026__en-us_topic_0179639644_li143245616217"><span>Click <strong id="cce_10_0026__en-us_topic_0179639644_b139145611337">View Trace</strong> in the <strong id="cce_10_0026__en-us_topic_0179639644_b1591756103313">Operation</strong> column. The trace details are displayed.</span><p><p id="cce_10_0026__en-us_topic_0179639644_p1695161714447"><span><img id="cce_10_0026__en-us_topic_0179639644_image1904172011220" src="en-us_image_0000001758618249.png"></span></p>
</p></li><li id="cce_10_0026__en-us_topic_0179639644_li143245616217"><span>Click <strong id="cce_10_0026__en-us_topic_0179639644_b139145611337">View Trace</strong> in the <strong id="cce_10_0026__en-us_topic_0179639644_b1591756103313">Operation</strong> column. The trace details are displayed.</span><p><p id="cce_10_0026__en-us_topic_0179639644_p1695161714447"><span><img id="cce_10_0026__en-us_topic_0179639644_image1990505483515" src="en-us_image_0000001758618249.png"></span></p>
</p></li></ol>
</div>
<div class="section" id="cce_10_0026__en-us_topic_0179639644_section18501734161612"><h4 class="sectiontitle">Helpful Links</h4><ul id="cce_10_0026__en-us_topic_0179639644_ul19442019172"><li id="cce_10_0026__en-us_topic_0179639644_li547715311275">For details about the key fields in the trace structure, see <a href="https://docs.otc.t-systems.com/cloud-trace-service/umn/user_guide/trace_references/trace_structure.html#cts-03-0010" target="_blank" rel="noopener noreferrer">Trace Structure</a> and <a href="https://docs.otc.t-systems.com/cloud-trace-service/umn/user_guide/trace_references/example_traces.html" target="_blank" rel="noopener noreferrer">Example Traces</a>.</li></ul>

359
docs/cce/umn/cce_10_0028.html
View File

File diff suppressed because it is too large Load Diff

2
docs/cce/umn/cce_10_0031.html
View File

@ -12,7 +12,7 @@
</li>
<li class="ulchildlink"><strong><a href="cce_10_0403.html">Changing a Cluster Scale</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="cce_10_0426.html">Changing the Default Security Group of a Node</a></strong><br>
<li class="ulchildlink"><strong><a href="cce_10_0426.html">Changing the Default Node Security Group</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="cce_10_0212.html">Deleting a Cluster</a></strong><br>
</li>

10
docs/cce/umn/cce_10_0034.html
View File

@ -10,16 +10,16 @@
</div>
<div class="section" id="cce_10_0034__section971014351338"><a name="cce_10_0034__section971014351338"></a><a name="section971014351338"></a><h4 class="sectiontitle">How the Add-on Works</h4><p id="cce_10_0034__p107541912344">An Nginx ingress consists of the ingress object, ingress controller, and Nginx. The ingress controller assembles ingresses into the Nginx configuration file (<strong id="cce_10_0034__b639012320451">nginx.conf</strong>) and reloads Nginx to make the configuration changes apply. When it detects that the pod in a Service changes, it dynamically changes the upstream server group configuration of Nginx. In this case, the Nginx process does not need to be reloaded. <a href="#cce_10_0034__fig204075132570">Figure 1</a> shows how this add-on works.</p>
<ul id="cce_10_0034__ul12335125217342"><li id="cce_10_0034__li1533555233414">An ingress is a group of access rules that forward requests to specified Services based on domain names or URLs. Ingresses are stored in the object storage service etcd and are added, deleted, modified, and queried through APIs.</li><li id="cce_10_0034__li733615283411">The ingress controller monitors the changes of resource objects such as ingresses, Services, endpoints, secrets (mainly TLS certificates and keys), nodes, and ConfigMaps in real time and automatically performs operations on Nginx.</li><li id="cce_10_0034__li1633685273420">Nginx implements load balancing and access control at the application layer.</li></ul>
<div class="fignone" id="cce_10_0034__fig204075132570"><a name="cce_10_0034__fig204075132570"></a><a name="fig204075132570"></a><span class="figcap"><b>Figure 1 </b>Working principles of NGINX Ingress Controller</span><br><span><img id="cce_10_0034__image1913206115716" src="en-us_image_0000002467718661.png"></span></div>
<div class="fignone" id="cce_10_0034__fig204075132570"><a name="cce_10_0034__fig204075132570"></a><a name="fig204075132570"></a><span class="figcap"><b>Figure 1 </b>Working principles of NGINX Ingress Controller</span><br><span><img id="cce_10_0034__image1913206115716" src="en-us_image_0000002484119084.png"></span></div>
</div>
<div class="section" id="cce_10_0034__section3200193614201"><h4 class="sectiontitle">Precautions</h4><ul id="cce_10_0034__ul12529925421"><li id="cce_10_0034__li15529525324">For clusters earlier than v1.23, <strong id="cce_10_0034__b345165161317">kubernetes.io/ingress.class: "nginx"</strong> must be added to the annotation of the ingress created through the API. </li><li id="cce_10_0034__li11913127567">A dedicated load balancer must be of the network type (TCP/UDP) and support private networks (with a private IP address).</li><li id="cce_10_0034__li827072151315">If the node where NGINX Ingress Controller runs and containers on this node cannot access Nginx ingress, you need to configure anti-affinity for the workload pods and Nginx Ingress Controller. For details, see <a href="#cce_10_0034__section15456140194414">Configuring Anti-Affinity Between a Workload and Nginx Ingress Controller</a>.</li><li id="cce_10_0034__li837116398581">During the NGINX Ingress Controller pod upgrade, 10s are reserved for deleting the NGINX Ingress Controller at the ELB backend.</li><li id="cce_10_0034__li1215612416384">The timeout duration for the graceful exit of the NGINX Ingress Controller is 300s. If the timeout duration is longer than 300s during the upgrade of the NGINX Ingress Controller, persistent connections will be disconnected, and connectivity will be interrupted for a short period of time.</li></ul>
</div>
<div class="section" id="cce_10_0034__en-us_topic_0226102211_section92541494210"><h4 class="sectiontitle">Prerequisites</h4><p id="cce_10_0034__en-us_topic_0226102211_p996134411315">Before installing this add-on, you have one available cluster and there is a node running properly. If no cluster is available, create one according to <a href="cce_10_0028.html">Creating a CCE Standard/Turbo Cluster</a>.</p>
<div class="section" id="cce_10_0034__en-us_topic_0226102211_section92541494210"><h4 class="sectiontitle">Prerequisites</h4><p id="cce_10_0034__en-us_topic_0226102211_p996134411315">Before installing this add-on, you have one available cluster with a node running properly. If no cluster is available, create one according to <a href="cce_10_0028.html">Creating a CCE Standard/Turbo Cluster</a>.</p>
</div>
<div class="section" id="cce_10_0034__section1152424015224"><a name="cce_10_0034__section1152424015224"></a><a name="section1152424015224"></a><h4 class="sectiontitle">Installing the Add-on</h4><ol id="cce_10_0034__ol595195015265"><li id="cce_10_0034__li330462393220"><span>Log in to the <span id="cce_10_0034__cce_10_0004_ph18314322182">CCE console</span> and click the cluster name to access the cluster console.</span></li><li id="cce_10_0034__li13183153352515"><span>In the navigation pane, choose <strong id="cce_10_0034__b1673720498920"><span id="cce_10_0034__text1737849091">Add-ons</span></strong>. Locate <strong id="cce_10_0034__b1273719496911">NGINX Ingress Controller</strong> on the right and click <span class="uicontrol" id="cce_10_0034__uicontrol1273834913913"><b>Install</b></span>.</span></li><li id="cce_10_0034__li6185135511235"><span>On the <strong id="cce_10_0034__b168313930105924">Install Add-on</strong> page, configure the specifications as needed.</span><p><p id="cce_10_0034__p12804745248">You can adjust the number of add-on pods and resource quotas as required. High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.</p>
</p></li><li id="cce_10_0034__li584045813266"><span>Configure the add-on parameters.</span><p><ul id="cce_10_0034__ul741422082911"><li id="cce_10_0034__li0953175016455"><a name="cce_10_0034__li0953175016455"></a><a name="li0953175016455"></a><strong id="cce_10_0034__b247210618418">Ingress Class</strong>: Enter a controller name. The name of each controller in the same cluster must be unique and cannot be set to <strong id="cce_10_0034__b10472106174115">cce</strong> (which is the unique identifier of the LoadBalancer ingress controller.) When creating an ingress, you can specify the controller name to declare which controller should manage this ingress.</li><li id="cce_10_0034__li43911954164512"><strong id="cce_10_0034__b87211241203016">Add-on Namespace</strong>: Select a namespace for the ingress controller.</li><li id="cce_10_0034__li194268504296"><strong id="cce_10_0034__b7357351122419">Load Balancer</strong>: Select a shared or dedicated load balancer. If no load balancer is available, create one. The load balancer has at least two listeners, and ports 80 and 443 are not occupied by listeners.</li><li id="cce_10_0034__li19869530141118"><strong id="cce_10_0034__b266512513184">Admission Check</strong>: Admission control is performed on Ingresses to ensure that the controller can generate valid configurations. Admission verification is performed on the configuration of Nginx Ingresses. If the verification fails, the request will be intercepted. For details about admission verification, see <a href="https://kubernetes.github.io/ingress-nginx/e2e-tests/#admission-admission-controller" target="_blank" rel="noopener noreferrer">Access Control</a>.<div class="note" id="cce_10_0034__note13941342101413"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="cce_10_0034__ul13288250171411"><li id="cce_10_0034__li1228817507146">Admission check slows down the responses to Ingress requests.</li><li id="cce_10_0034__li172581224167">Only add-ons of version 2.4.1 or later support admission verification.</li></ul>
</p></li><li id="cce_10_0034__li584045813266"><span>Configure the add-on parameters.</span><p><ul id="cce_10_0034__ul741422082911"><li id="cce_10_0034__li0953175016455"><a name="cce_10_0034__li0953175016455"></a><a name="li0953175016455"></a><strong id="cce_10_0034__b247210618418">Ingress Class</strong>: Enter a controller name. The name of each controller in the same cluster must be unique and cannot be set to <strong id="cce_10_0034__b10472106174115">cce</strong> (which is the unique identifier of the LoadBalancer ingress controller). When creating an ingress, you can specify the controller name to declare which controller should manage this ingress.</li><li id="cce_10_0034__li43911954164512"><strong id="cce_10_0034__b87211241203016">Add-on Namespace</strong>: Select a namespace for the ingress controller.</li><li id="cce_10_0034__li194268504296"><strong id="cce_10_0034__b7357351122419">Load Balancer</strong>: Select a shared or dedicated load balancer. If no load balancer is available, create one. The load balancer has at least two listeners, and ports 80 and 443 are not occupied by listeners.</li><li id="cce_10_0034__li19869530141118"><strong id="cce_10_0034__b266512513184">Admission Check</strong>: Admission control is performed on Ingresses to ensure that the controller can generate valid configurations. Admission verification is performed on the configuration of Nginx Ingresses. If the verification fails, the request will be intercepted. For details about admission verification, see <a href="https://kubernetes.github.io/ingress-nginx/e2e-tests/#admission-admission-controller" target="_blank" rel="noopener noreferrer">Access Control</a>.<div class="note" id="cce_10_0034__note13941342101413"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="cce_10_0034__ul13288250171411"><li id="cce_10_0034__li1228817507146">Admission check slows down the responses to Ingress requests.</li><li id="cce_10_0034__li172581224167">Only add-ons of version 2.4.1 or later support admission verification.</li></ul>
</div></div>
</li><li id="cce_10_0034__li66142206315"><strong id="cce_10_0034__b6241732145011">Nginx Parameters</strong>: You can configure the <strong id="cce_10_0034__b1463512386289">nginx.conf</strong> file, which will affect all managed ingresses. You can select <strong id="cce_10_0034__b174124435613">GUI</strong> or <strong id="cce_10_0034__b2410447568">YAML</strong>. <strong id="cce_10_0034__b194254415560">GUI</strong> is supported by the NGINX Ingress Controller of version 2.2.75, 2.6.26, 3.0.1, or later.<p id="cce_10_0034__p1512810221947">To configure custom parameters supported by the Kubernetes community, choose <strong id="cce_10_0034__b184431518173115">YAML</strong> and find the related parameters in <a href="https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/" target="_blank" rel="noopener noreferrer">ConfigMaps</a>. For example, you can use the <strong id="cce_10_0034__b19750151011317">keep-alive-requests</strong> parameter to describe how to set the maximum number of requests for keeping active connections to 100.</p>
</li><li id="cce_10_0034__li66142206315"><strong id="cce_10_0034__b6241732145011">Nginx Parameters</strong>: You can configure the <strong id="cce_10_0034__b1463512386289">nginx.conf</strong> file, which will affect all managed ingresses. You can select <strong id="cce_10_0034__b65271532199">GUI</strong> or <strong id="cce_10_0034__b18527193220918">YAML</strong>. <strong id="cce_10_0034__b2052715324915">GUI</strong> is supported by the NGINX Ingress Controller of version 2.2.75, 2.6.26, 3.0.1, or later.<p id="cce_10_0034__p1512810221947">To configure custom parameters supported by the Kubernetes community, choose <strong id="cce_10_0034__b14281938796">YAML</strong> and find the related parameters in <a href="https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/" target="_blank" rel="noopener noreferrer">ConfigMaps</a>. For example, you can use the <strong id="cce_10_0034__b19750151011317">keep-alive-requests</strong> parameter to describe how to set the maximum number of requests for keeping active connections to 100.</p>
<pre class="screen" id="cce_10_0034__screen6950408718">{
"keep-alive-requests": "100"
}</pre>
@ -224,7 +224,7 @@ spec:
app: nginx
spec:
containers:
- image: nginx:aplpine
- image: nginx:alpine
imagePullPolicy: IfNotPresent
name: nginx
imagePullSecrets:

2
docs/cce/umn/cce_10_0047.html
View File

@ -159,7 +159,7 @@
</tr>
<tr id="cce_10_0047__row7534151220182"><td class="cellrowborder" valign="top" width="23%" headers="mcps1.3.3.2.6.2.1.1.3.1.1 "><p id="cce_10_0047__p55339125183">Network Configuration</p>
</td>
<td class="cellrowborder" valign="top" width="77%" headers="mcps1.3.3.2.6.2.1.1.3.1.2 "><ul id="cce_10_0047__ul853411127187"><li id="cce_10_0047__li1153361211183">Pod ingress/egress bandwidth limit: You can set ingress and egress bandwidth limits for pods. For details, see <a href="cce_10_0382.html">Configuring QoS for a Pod</a>.</li><li id="cce_10_0047__li135331712101812">Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will be created using the container subnet and security group in the configuration. For details, see <a href="cce_10_0196.html">Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration</a>.</li><li id="cce_10_0047__li1253314122180">Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.</li><li id="cce_10_0047__li11534712161812">IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack network interfaces. For details, see <a href="cce_10_0604.html">Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack Network Interfaces</a>.</li></ul>
<td class="cellrowborder" valign="top" width="77%" headers="mcps1.3.3.2.6.2.1.1.3.1.2 "><ul id="cce_10_0047__ul853411127187"><li id="cce_10_0047__li1153361211183">Pod ingress/egress bandwidth limit: You can set ingress and egress bandwidth limits for pods. For details, see <a href="cce_10_0382.html">Configuring QoS for a Pod</a>.</li><li id="cce_10_0047__li135331712101812">Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will use the subnet and security group defined in the configuration. For details, see <a href="cce_10_0196.html">Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration</a>.</li><li id="cce_10_0047__li1253314122180">Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.</li><li id="cce_10_0047__li11534712161812">IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack network interfaces. For details, see <a href="cce_10_0604.html">Configuring a Shared Bandwidth for Dual-Stack Pods in a CCE Turbo Cluster</a>.</li></ul>
</td>
</tr>
</tbody>

6
docs/cce/umn/cce_10_0048.html
View File

@ -3,11 +3,11 @@
<h1 class="topictitle1">Creating a StatefulSet</h1>
<div id="body1505966783091"><p id="cce_10_0048__p925511972817">A <a href="https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/" target="_blank" rel="noopener noreferrer">StatefulSet</a> is an application that needs to retain data or state while running. StatefulSets are ideal for stateful applications, such as databases, cache services, and message queues. Unlike Deployments, StatefulSets have the following features:</p>
<ul id="cce_10_0048__ul1978142634812"><li id="cce_10_0048__li878102619488"><strong id="cce_10_0048__b199251216104616">Fixed identifier</strong>: Each pod in a StatefulSet has a fixed identifier, which is associated with the pod name. The identifier is typically in the format of <span class="parmvalue" id="cce_10_0048__parmvalue7724184604418"><b>&lt;StatefulSet name&gt;-&lt;Ordinal&gt;</b></span>. For example, in a StatefulSet named <strong id="cce_10_0048__b1275919517402">web</strong>, the pods would have the names like <strong id="cce_10_0048__b8728122144110">web-0</strong> and <strong id="cce_10_0048__b7668142564119">web-1</strong>. This naming rule enables each pod to maintain its identity and persistent data even after restart or migration.</li><li id="cce_10_0048__li207852614817"><strong id="cce_10_0048__b790716920477">Ordered deployment and scaling</strong>: Pods in a StatefulSet are created, scaled, or deleted sequentially. For example, pods with higher ordinals are prioritized for scale-out and removed first during scale-in, which is critical to stateful applications that need to be started or stopped in sequence and ideal for scenarios like primary-secondary replication of databases.</li><li id="cce_10_0048__li738123204817"><strong id="cce_10_0048__b123058436480">Persistent storage</strong>: To ensure data persistence, you can assign stable persistent storage volumes to each StatefulSet pod by using <strong id="cce_10_0048__b790713501797">VolumeClaimTemplate</strong>. If a pod is scheduled to other nodes, its original data volume remains intact via the PVC, preventing data loss.</li></ul>
<div class="section" id="cce_10_0048__section6329175411713"><h4 class="sectiontitle">Notes and Constraints</h4><ul id="cce_10_0048__ul3611113041018"><li id="cce_10_0048__li28151714171212">When you delete or scale a StatefulSet, the system does not delete the storage volumes associated with the StatefulSet to ensure data security.</li><li id="cce_10_0048__li9611230141012">When you delete a StatefulSet, reduce the number of replicas to <strong id="cce_10_0048__b20407050121312">0</strong> before deleting the StatefulSet so that pods in the StatefulSet can be stopped in order.</li><li id="cce_10_0048__li611418311218">When you create a StatefulSet, a headless Service is required for pod access. For details, see <a href="cce_10_0398.html">Headless Service</a>.</li><li id="cce_10_0048__li093214329312">When a node is unavailable, pods become <strong id="cce_10_0048__b69930313149">Unready</strong>. In this case, manually delete the pods of the StatefulSet so that the pods can be migrated to a normal node.</li></ul>
<div class="section" id="cce_10_0048__section6329175411713"><h4 class="sectiontitle">Constraints</h4><ul id="cce_10_0048__ul3611113041018"><li id="cce_10_0048__li28151714171212">When you delete or scale a StatefulSet, the system does not delete the storage volumes associated with the StatefulSet to ensure data security.</li><li id="cce_10_0048__li9611230141012">When you delete a StatefulSet, reduce the number of replicas to <strong id="cce_10_0048__b20407050121312">0</strong> before deleting the StatefulSet so that pods in the StatefulSet can be stopped in order.</li><li id="cce_10_0048__li611418311218">When you create a StatefulSet, a headless Service is required for pod access. For details, see <a href="cce_10_0398.html">Headless Service</a>.</li><li id="cce_10_0048__li093214329312">When a node is unavailable, pods become <strong id="cce_10_0048__b69930313149">Unready</strong>. In this case, manually delete the pods of the StatefulSet so that the pods can be migrated to a normal node.</li></ul>
</div>
<div class="section" id="cce_10_0048__section1734962819219"><h4 class="sectiontitle">Prerequisites</h4><ul id="cce_10_0048__ul1685719423426"><li id="cce_10_0048__cce_10_0047_li596019263145">A cluster is available. For details about how to create a cluster, see <a href="cce_10_0028.html">Creating a CCE Standard/Turbo Cluster</a>.</li><li id="cce_10_0048__cce_10_0047_li1132215015415">There are some available nodes in the cluster. If no node is available, create one by referring to <a href="cce_10_0363.html">Creating a Node</a>.</li></ul>
</div>
<div class="section" id="cce_10_0048__section16385130102112"><h4 class="sectiontitle">Using the CCE Console</h4><ol id="cce_10_0048__ol2012902601117"><li id="cce_10_0048__li9293104917265"><span>Log in to the <span id="cce_10_0048__cce_10_0047_ph1519791153812">CCE console</span>.</span></li><li id="cce_10_0048__li2075471341"><span>Click the cluster name to go to the cluster console, choose <strong id="cce_10_0048__b94442390613">Workloads</strong> in the navigation pane, and click the <strong id="cce_10_0048__b1844413910614">Create Workload</strong> in the upper right corner.</span></li><li id="cce_10_0048__li67891737151520"><span>Configure <strong id="cce_10_0048__b168123018401">basic information</strong> about the workload.</span><p>
<div class="section" id="cce_10_0048__section16385130102112"><h4 class="sectiontitle">Using the CCE Console</h4><ol id="cce_10_0048__ol2012902601117"><li id="cce_10_0048__li9293104917265"><span>Log in to the <span id="cce_10_0048__cce_10_0047_ph1519791153812">CCE console</span>.</span></li><li id="cce_10_0048__li2075471341"><span>Click the cluster name to go to the cluster console, choose <strong id="cce_10_0048__b94442390613">Workloads</strong> in the navigation pane, and click <strong id="cce_10_0048__b1844413910614">Create Workload</strong> in the upper right corner.</span></li><li id="cce_10_0048__li67891737151520"><span>Configure <strong id="cce_10_0048__b168123018401">basic information</strong> about the workload.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0048__table18732191924816" frame="border" border="1" rules="all"><thead align="left"><tr id="cce_10_0048__row147328197481"><th align="left" class="cellrowborder" valign="top" width="23%" id="mcps1.3.5.2.3.2.1.1.3.1.1"><p id="cce_10_0048__p11733619164811">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="77%" id="mcps1.3.5.2.3.2.1.1.3.1.2"><p id="cce_10_0048__p13733201964812">Description</p>
@ -170,7 +170,7 @@
</tr>
<tr id="cce_10_0048__row7534151220182"><td class="cellrowborder" valign="top" width="23%" headers="mcps1.3.5.2.7.2.1.1.3.1.1 "><p id="cce_10_0048__p55339125183">Network Configuration</p>
</td>
<td class="cellrowborder" valign="top" width="77%" headers="mcps1.3.5.2.7.2.1.1.3.1.2 "><ul id="cce_10_0048__ul1582631234511"><li id="cce_10_0048__li11826612114513">Pod ingress/egress bandwidth limit: You can set ingress and egress bandwidth limits for pods. For details, see <a href="cce_10_0382.html">Configuring QoS for a Pod</a>.</li><li id="cce_10_0048__li58262123457">Whether to enable the static IP address: available only for clusters that support this function. After this function is enabled, you can set the interval for reclaiming expired pod IP addresses. For details, see <a href="cce_10_0603.html">Configuring a Static IP Address for a Pod</a>.</li><li id="cce_10_0048__li2082621214510">Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will be created using the container subnet and security group in the configuration. For details, see <a href="cce_10_0196.html">Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration</a>.</li><li id="cce_10_0048__li582619127452">Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.</li><li id="cce_10_0048__li1826151234517">IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack network interfaces. For details, see <a href="cce_10_0604.html">Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack Network Interfaces</a>.</li></ul>
<td class="cellrowborder" valign="top" width="77%" headers="mcps1.3.5.2.7.2.1.1.3.1.2 "><ul id="cce_10_0048__ul1582631234511"><li id="cce_10_0048__li11826612114513">Pod ingress/egress bandwidth limit: You can set ingress and egress bandwidth limits for pods. For details, see <a href="cce_10_0382.html">Configuring QoS for a Pod</a>.</li><li id="cce_10_0048__li58262123457">Whether to enable the static IP address: available only for clusters that support this function. After this function is enabled, you can set the interval for reclaiming expired pod IP addresses. For details, see <a href="cce_10_0603.html">Configuring a Static IP Address for a Pod in a CCE Turbo Cluster</a>.</li><li id="cce_10_0048__li2082621214510">Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will use the subnet and security group defined in the configuration. For details, see <a href="cce_10_0196.html">Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration</a>.</li><li id="cce_10_0048__li582619127452">Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.</li><li id="cce_10_0048__li1826151234517">IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack network interfaces. For details, see <a href="cce_10_0604.html">Configuring a Shared Bandwidth for Dual-Stack Pods in a CCE Turbo Cluster</a>.</li></ul>
</td>
</tr>
</tbody>

29
docs/cce/umn/cce_10_0054.html
View File

@ -83,7 +83,7 @@
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.2.5.1.3 "><p id="cce_10_0054__p1864418479569">This operation cannot be undone.</p>
</td>
</tr>
<tr id="cce_10_0054__row273482911598"><td class="cellrowborder" rowspan="15" valign="top" width="14.42%" headers="mcps1.3.2.2.2.5.1.1 "><p id="cce_10_0054__p13120620202119">Worker node</p>
<tr id="cce_10_0054__row273482911598"><td class="cellrowborder" rowspan="16" valign="top" width="14.42%" headers="mcps1.3.2.2.2.5.1.1 "><p id="cce_10_0054__p13120620202119">Worker node</p>
</td>
<td class="cellrowborder" valign="top" width="23.72%" headers="mcps1.3.2.2.2.5.1.2 "><p id="cce_10_0054__p4512165465912">Modifying the security group of worker nodes in a cluster</p>
<div class="note" id="cce_10_0054__note733110531049"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="cce_10_0054__p153411953747">Naming rule of a worker node's security group: <em id="cce_10_0054__i143944160222">Cluster name</em>-<strong id="cce_10_0054__b1339915165227">cce-node</strong>-<em id="cce_10_0054__i18400171662214">{Random ID}</em></p>
@ -110,6 +110,13 @@
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.2.5.1.3 "><p id="cce_10_0054__p14512175415592">This operation cannot be undone.</p>
</td>
</tr>
<tr id="cce_10_0054__row1342344942611"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.2.5.1.1 "><p id="cce_10_0054__p442424915264">Deleting the elastic network interface used by the node</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.2.5.1.2 "><p id="cce_10_0054__p1442464913266">The container network on the node is unavailable.</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.2.5.1.3 "><p id="cce_10_0054__p10424134982619">This operation cannot be undone.</p>
</td>
</tr>
<tr id="cce_10_0054__row127351729155916"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.2.5.1.1 "><p id="cce_10_0054__p95135548591">Reinstalling the OS</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.2.5.1.2 "><p id="cce_10_0054__p185132543597">Node components are deleted, and the node becomes unavailable.</p>
@ -123,7 +130,7 @@
<div class="note" id="cce_10_0054__note1791614419108"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="cce_10_0054__p17926741111013">Node running depends on the system kernel version. Do not use the <strong id="cce_10_0054__b513114494419">yum update</strong> command to update or reinstall the kernel of a node unless necessary. (Reinstalling the operating system kernel using the original image or other images is a risky operation.)</p>
</div></div>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.2.5.1.3 "><p id="cce_10_0054__p10947153121219">For details, see <a href="cce_10_0003.html">Resetting a Node</a>.</p>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.2.5.1.3 "><p id="cce_10_0054__p10947153121219">Reset the node. For details, see <a href="cce_10_0003.html">Resetting a Node</a>.</p>
</td>
</tr>
<tr id="cce_10_0054__row473542920590"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.2.5.1.1 "><p id="cce_10_0054__p3513054165919">Changing the IP address of a node</p>
@ -137,7 +144,7 @@
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.2.5.1.2 "><p id="cce_10_0054__p125135541599">The node may become unavailable, and components may be insecure if security-related configurations are modified.</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.2.5.1.3 "><p id="cce_10_0054__p851395416595">Restore the parameter settings to the recommended values. For details, see <a href="cce_10_0652.html">Modifying Node Pool Configurations</a>.</p>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.2.5.1.3 "><p id="cce_10_0054__p851395416595">Restore the parameter settings to the recommended values. For details, see <a href="cce_10_0652.html">Managing Node Pool Configurations</a>.</p>
</td>
</tr>
<tr id="cce_10_0054__row9442141061414"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.2.5.1.1 "><p id="cce_10_0054__p5513115415911">Modifying OS configuration</p>
@ -295,7 +302,7 @@
</div>
</div>
<div class="section" id="cce_10_0054__section1128213033113"><h4 class="sectiontitle">Load Balancing</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0054__table5358155303116" frame="border" border="1" rules="all"><caption><b>Table 4 </b>Load balancing (operations on the ELB console)</caption><thead align="left"><tr id="cce_10_0054__row5358155363115"><th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.5.2.2.4.1.1"><p id="cce_10_0054__p7358105312312">Operation</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0054__table5358155303116" frame="border" border="1" rules="all"><caption><b>Table 4 </b>Load balancing</caption><thead align="left"><tr id="cce_10_0054__row5358155363115"><th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.5.2.2.4.1.1"><p id="cce_10_0054__p7358105312312">Operation</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.5.2.2.4.1.2"><p id="cce_10_0054__p10358153113116">Impact</p>
</th>
@ -347,9 +354,9 @@
</tr>
<tr id="cce_10_0054__row7358353163114"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.5.2.2.4.1.1 "><p id="cce_10_0054__p13142103103818">Modifying the basic configurations such as the name, access control, timeout, or description of a listener added by CCE</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.5.2.2.4.1.2 "><p id="cce_10_0054__p1078191016329">After master nodes are restarted due to reasons such as a cluster upgrade, all your modifications will be reset by CCE if the listener is deleted.</p>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.5.2.2.4.1.2 "><p id="cce_10_0054__p1078191016329">After master nodes are restarted due to reasons such as a cluster upgrade, all your modifications will be reset by CCE.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.5.2.2.4.1.3 "><p id="cce_10_0054__p5130319377">Do not modify the basic configurations of the listener created by CCE. Restore the configurations if they have been modified.</p>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.5.2.2.4.1.3 "><p id="cce_10_0054__p5130319377">Do not modify the permissions. Restore the permissions if they have been modified.</p>
</td>
</tr>
<tr id="cce_10_0054__row735925323112"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.5.2.2.4.1.1 "><p id="cce_10_0054__p349604319388">Modifying the backend server group of a listener added by CCE, including adding or deleting backend servers to or from the server group</p>
@ -371,14 +378,14 @@
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.5.2.2.4.1.2 "><ul id="cce_10_0054__ul114412211467"><li id="cce_10_0054__li101446294619">Accessing the target Service or ingress will fail.</li><li id="cce_10_0054__li71441421464">After master nodes are restarted due to reasons such as a cluster upgrade, all your modifications will be reset by CCE if the forwarding rules are added using an ingress.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.5.2.2.4.1.3 "><p id="cce_10_0054__p729721213310">Do not modify the forwarding policy of such a listener. Restore the configurations if they have been modified.</p>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.5.2.2.4.1.3 "><p id="cce_10_0054__p729721213310">Do not modify the permissions. Restore the permissions if they have been modified.</p>
</td>
</tr>
<tr id="cce_10_0054__row15812153403"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.5.2.2.4.1.1 "><p id="cce_10_0054__p101421931163814">Changing the certificate for a load balancer managed by CCE</p>
<tr id="cce_10_0054__row15812153403"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.5.2.2.4.1.1 "><p id="cce_10_0054__p1636993511434">Replacing the certificate of the listener created by CCE on the ELB console or modifying the server certificate created by CCE using a TLS key on the <strong id="cce_10_0054__b1634518183194">Certificates</strong> page of ELB</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.5.2.2.4.1.2 "><p id="cce_10_0054__p478313106320">After master nodes are restarted due to reasons such as a cluster upgrade, all servers in the backend server group will be reset by CCE.</p>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.5.2.2.4.1.2 "><p id="cce_10_0054__p478313106320">In scenarios where a master node needs to be restarted, such as during a cluster upgrade, the modification will be reset by CCE. As a result, the Service or ingress may become inaccessible.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.5.2.2.4.1.3 "><p id="cce_10_0054__p111421438153818">Use the YAML file of the ingress to automatically manage certificates.</p>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.5.2.2.4.1.3 "><p id="cce_10_0054__p739943924515">Use the CCE console or YAML to update the certificate associated with the Service or ingress, or update the TLS key resources associated with the Service or ingress.</p>
</td>
</tr>
</tbody>
@ -421,7 +428,7 @@
</th>
</tr>
</thead>
<tbody><tr id="cce_10_0054__row91492471212"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.7.2.2.4.1.1 "><p id="cce_10_0054__p28241823172215">Configuring a larger number of collection shards in Cloud Native Cluster Monitoring than the recommended value (one collection shards per 50 nodes)</p>
<tbody><tr id="cce_10_0054__row91492471212"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.7.2.2.4.1.1 "><p id="cce_10_0054__p28241823172215">Configuring a larger number of collection shards in Cloud Native Cluster Monitoring than the recommended value (one collection shard per 50 nodes)</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.7.2.2.4.1.2 "><p id="cce_10_0054__p10149144762117">Excessive shards may overload the master node's memory, affecting system stability.</p>
</td>

79
docs/cce/umn/cce_10_0059.html
View File

File diff suppressed because it is too large Load Diff

2
docs/cce/umn/cce_10_0064.html
View File

@ -16,6 +16,8 @@
</li>
<li class="ulchildlink"><strong><a href="cce_10_0911.html">Container Storage Add-ons</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="cce_10_1060.html">Add-on Upgrade Checks</a></strong><br>
</li>
</ul>
</div>

12
docs/cce/umn/cce_10_0066.html
View File

@ -320,10 +320,10 @@
</td>
<td class="cellrowborder" valign="top" width="10.12%" headers="mcps1.3.5.4.2.6.1.2 "><p id="cce_10_0066__p82450271168">Counter</p>
</td>
<td class="cellrowborder" valign="top" width="22.49%" headers="mcps1.3.5.4.2.6.1.3 "><p id="cce_10_0066__p824592712168">Invoking of different functions</p>
<td class="cellrowborder" valign="top" width="22.49%" headers="mcps1.3.5.4.2.6.1.3 "><p id="cce_10_0066__p824592712168">Invocation of different functions</p>
</td>
<td class="cellrowborder" valign="top" width="23.76%" headers="mcps1.3.5.4.2.6.1.4 "><p id="cce_10_0066__p168613353175"><strong id="cce_10_0066__b14332131371115">action</strong>: indicates different functions. For details, see <a href="#cce_10_0066__table195218413174">Table 6</a>.</p>
<p id="cce_10_0066__p224515270169"><strong id="cce_10_0066__b223519159117">result</strong>: indicates that the invoking is successful or fails.</p>
<p id="cce_10_0066__p224515270169"><strong id="cce_10_0066__b223519159117">result</strong>: indicates that the invocation is successful or fails.</p>
</td>
<td class="cellrowborder" valign="top" width="24.52%" headers="mcps1.3.5.4.2.6.1.5 "><p id="cce_10_0066__p8245122711617">everest_action_result_total{action="create_snapshot:disk.csi.everest.io",result="success"} 2</p>
</td>
@ -332,7 +332,7 @@
</td>
<td class="cellrowborder" valign="top" width="10.12%" headers="mcps1.3.5.4.2.6.1.2 "><p id="cce_10_0066__p122451279168">Histogram</p>
</td>
<td class="cellrowborder" valign="top" width="22.49%" headers="mcps1.3.5.4.2.6.1.3 "><p id="cce_10_0066__p1724542710163">Number of times that different functions are executed at different time</p>
<td class="cellrowborder" valign="top" width="22.49%" headers="mcps1.3.5.4.2.6.1.3 "><p id="cce_10_0066__p1724542710163">Number of times that different functions are executed at different times</p>
</td>
<td class="cellrowborder" valign="top" width="23.76%" headers="mcps1.3.5.4.2.6.1.4 "><p id="cce_10_0066__p12451027161615"><strong id="cce_10_0066__b454411901110">function</strong>: indicates different functions. For details, see <a href="#cce_10_0066__table195218413174">Table 6</a>.</p>
</td>
@ -343,7 +343,7 @@
</td>
<td class="cellrowborder" valign="top" width="10.12%" headers="mcps1.3.5.4.2.6.1.2 "><p id="cce_10_0066__p13245152717163">Histogram</p>
</td>
<td class="cellrowborder" valign="top" width="22.49%" headers="mcps1.3.5.4.2.6.1.3 "><p id="cce_10_0066__p10245152711164">Total invoking time of different functions</p>
<td class="cellrowborder" valign="top" width="22.49%" headers="mcps1.3.5.4.2.6.1.3 "><p id="cce_10_0066__p10245152711164">Total invocation time of different functions</p>
</td>
<td class="cellrowborder" valign="top" width="23.76%" headers="mcps1.3.5.4.2.6.1.4 "><p id="cce_10_0066__p724542711612"><strong id="cce_10_0066__b1351992431116">function</strong>: indicates different functions. For details, see <a href="#cce_10_0066__table195218413174">Table 6</a>.</p>
</td>
@ -354,7 +354,7 @@
</td>
<td class="cellrowborder" valign="top" width="10.12%" headers="mcps1.3.5.4.2.6.1.2 "><p id="cce_10_0066__p224512720167">Histogram</p>
</td>
<td class="cellrowborder" valign="top" width="22.49%" headers="mcps1.3.5.4.2.6.1.3 "><p id="cce_10_0066__p132456272163">Number of invoking times of different functions</p>
<td class="cellrowborder" valign="top" width="22.49%" headers="mcps1.3.5.4.2.6.1.3 "><p id="cce_10_0066__p132456272163">Number of invocation times of different functions</p>
</td>
<td class="cellrowborder" valign="top" width="23.76%" headers="mcps1.3.5.4.2.6.1.4 "><p id="cce_10_0066__p1524518273169"><strong id="cce_10_0066__b131652915114">function</strong>: indicates different functions. For details, see <a href="#cce_10_0066__table195218413174">Table 6</a>.</p>
</td>
@ -595,7 +595,7 @@
<td class="cellrowborder" valign="top" width="25.172517251725175%" headers="mcps1.3.6.2.2.4.1.2 "><p id="cce_10_0066__en-us_topic_0000001559534258_p44954271494">v1.15</p>
<p id="cce_10_0066__en-us_topic_0000001559534258_p24959271396">v1.17</p>
</td>
<td class="cellrowborder" valign="top" width="59.31593159315932%" headers="mcps1.3.6.2.2.4.1.3 "><ul id="cce_10_0066__en-us_topic_0000001559534258_ul19520915152314"><li id="cce_10_0066__en-us_topic_0000001559534258_li9847025248">Supported security hardening.</li><li id="cce_10_0066__en-us_topic_0000001559534258_li18326612411">Supported third-party OBS storage.</li><li id="cce_10_0066__en-us_topic_0000001559534258_li17624128102414">Switched to the EVS query API with better performance.</li><li id="cce_10_0066__en-us_topic_0000001559534258_li473891016242">Disks can be created from snapshots using clone by default.</li><li id="cce_10_0066__en-us_topic_0000001559534258_li63131310242">Optimized and enhanced disk status detection and log output for attaching and detaching operations.</li><li id="cce_10_0066__en-us_topic_0000001559534258_li552091512313">Improved the reliability of determining authentication expiration.</li></ul>
<td class="cellrowborder" valign="top" width="59.31593159315932%" headers="mcps1.3.6.2.2.4.1.3 "><ul id="cce_10_0066__en-us_topic_0000001559534258_ul19520915152314"><li id="cce_10_0066__en-us_topic_0000001559534258_li9847025248">Supported security hardening.</li><li id="cce_10_0066__en-us_topic_0000001559534258_li18326612411">Supported third-party OBS storage.</li><li id="cce_10_0066__en-us_topic_0000001559534258_li17624128102414">Switched to the EVS query API with better performance.</li><li id="cce_10_0066__en-us_topic_0000001559534258_li473891016242">Disks can be created from snapshots using cloning by default.</li><li id="cce_10_0066__en-us_topic_0000001559534258_li63131310242">Optimized and enhanced disk status detection and log output for attaching and detaching operations.</li><li id="cce_10_0066__en-us_topic_0000001559534258_li552091512313">Improved the reliability of determining authentication expiration.</li></ul>
</td>
</tr>
</tbody>

2
docs/cce/umn/cce_10_0068.html
View File

@ -4,6 +4,8 @@
<div id="body8662426"></div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="cce_bulletin_0105.html">Kubernetes 1.33 Release Notes</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="cce_bulletin_0104.html">Kubernetes 1.32 Release Notes</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="cce_bulletin_0099.html">Kubernetes 1.31 Release Notes</a></strong><br>

34
docs/cce/umn/cce_10_0081.html
View File

@ -1,13 +1,13 @@
<a name="cce_10_0081"></a><a name="cce_10_0081"></a>
<h1 class="topictitle1">Node Pool Overview</h1>
<div id="body1508466102634"><div class="section" id="cce_10_0081__section11993204511284"><h4 class="sectiontitle">Introduction</h4><p id="cce_10_0081__p2093113017548">CCE introduces node pools to help you better manage nodes in Kubernetes clusters. A node pool contains one node or a group of nodes with identical configuration in a cluster.</p>
<p id="cce_10_0081__p65145218311">You can create custom node pools on the CCE console. With node pools, you can quickly create, manage, and destroy nodes without affecting the cluster. All nodes in a custom node pool have identical parameters and node type. You cannot configure a single node in a node pool; any configuration changes affect all nodes in the node pool.</p>
<div id="body1508466102634"><div class="section" id="cce_10_0081__section11993204511284"><h4 class="sectiontitle">Introduction</h4><p id="cce_10_0081__p2093113017548">CCE introduces node pools to help you better manage nodes in Kubernetes clusters. A node pool contains one node or a group of nodes with identical configurations in a cluster.</p>
<p id="cce_10_0081__p65145218311">You can create custom node pools on the CCE console. With node pools, you can quickly create, manage, and destroy nodes without affecting the cluster. All nodes in a custom node pool share the same type and configurations. You cannot configure a single node in a node pool. Any change applies to every node in the node pool.</p>
<p id="cce_10_0081__p991420571436">You can also use node pools for auto scaling.</p>
<ul id="cce_10_0081__ul145866101445"><li id="cce_10_0081__li1158619101146">When a pod in a cluster cannot be scheduled due to insufficient resources, scale-out can be automatically triggered.</li><li id="cce_10_0081__li1558617108417">When there is an idle node or a monitoring metric threshold is met, scale-in can be automatically triggered.</li></ul>
<p id="cce_10_0081__p19802113820588">This section describes how node pools work in CCE and how to create and manage node pools.</p>
</div>
<div class="section" id="cce_10_0081__section1486732122217"><h4 class="sectiontitle">Node Pool Architecture</h4><p id="cce_10_0081__p2480134412214">Generally, all nodes in a node pool have the following same attributes:</p>
<div class="section" id="cce_10_0081__section1486732122217"><h4 class="sectiontitle">Node Pool Architecture</h4><p id="cce_10_0081__p2480134412214">All nodes in a pool typically share:</p>
<ul id="cce_10_0081__ul134808449226"><li id="cce_10_0081__li1848004422220">Node OS</li><li id="cce_10_0081__li730814322334">Node login mode</li><li id="cce_10_0081__li3978937183319">Node container runtime</li><li id="cce_10_0081__li20480184419225">Startup parameters of Kubernetes components on a node</li><li id="cce_10_0081__li17480104411227">Custom startup script of a node</li><li id="cce_10_0081__li84806446229">Kubernetes labels and taints</li></ul>
<p id="cce_10_0081__p1048019444223">CCE provides the following extended attributes for node pools:</p>
<ul id="cce_10_0081__ul84801544162219"><li id="cce_10_0081__li1480184410229">Node pool OS</li><li id="cce_10_0081__li114801944112213">Maximum number of pods on each node in a node pool</li></ul>
@ -118,9 +118,31 @@
</table>
</div>
</div>
<div class="section" id="cce_10_0081__section12603142443319"><h4 class="sectiontitle"><span class="keyword" id="cce_10_0081__keyword134411635193118">Deploying a Workload in a Specified Node Pool</span></h4><p id="cce_10_0081__p554031713358">When configuring a workload, you can set the workload affinity and node affinity on the <strong id="cce_10_0081__b65991804713">Scheduling</strong> tab to forcibly deploy the workload to a specific node pool. This way, the workload runs only on nodes in that node pool. To better control where the workload is to be scheduled, you can use affinity or anti-affinity policies between workloads and nodes described in <a href="cce_10_0892.html">Configuring Node Affinity Scheduling (nodeAffinity)</a>.</p>
<p id="cce_10_0081__p614655184910">For example, you can use container's resource request as a nodeSelector so that workloads will run only on the nodes that meet the resource request.</p>
<p id="cce_10_0081__p1854041717353">If the workload definition file defines a container that requires four CPUs, the scheduler will not choose the nodes with two CPUs to run workloads.</p>
<div class="section" id="cce_10_0081__section12603142443319"><h4 class="sectiontitle"><span class="keyword" id="cce_10_0081__keyword134411635193118">Deploying a Workload in a Specified Node Pool</span></h4><p id="cce_10_0081__p554031713358">All nodes within a node pool carry the <span class="uicontrol" id="cce_10_0081__uicontrol32167437336"><b>cce.cloud.com/cce-nodepool</b></span> label. To ensure that a workload is scheduled onto nodes from a specific node pool, you can use the <strong id="cce_10_0081__b1426633799">nodeSelector</strong> field in the workload settings. An example is as follows:</p>
<pre class="screen" id="cce_10_0081__screen2577434195617">apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
nodeSelector:
cce.cloud.com/cce-nodepool: <i><span class="varname" id="cce_10_0081__varname172931459115712">"nodepool_name"</span></i> # The label value is the node pool name.
containers:
- image: nginx:latest
imagePullPolicy: IfNotPresent
name: nginx
imagePullSecrets:
- name: default-secret</pre>
<p id="cce_10_0081__p18381948125813">For more complex scheduling, you can define custom affinity rules, such as hard constraints, where scheduling occurs only if all specified conditions are met, and soft constraints, where scheduling may proceed even if some conditions are not met. For details, see <a href="cce_10_0892.html">Configuring Node Affinity Scheduling (nodeAffinity)</a>.</p>
<p id="cce_10_0081__p614655184910">Additionally, you can specify resource requests for containers to ensure workloads are scheduled only on nodes that meet the required resource criteria. For details, see <a href="https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" target="_blank" rel="noopener noreferrer">Resource Management for Pods and Containers</a>. For example, if a workload pod requests four CPU cores, it will not be scheduled on a node that offers only two.</p>
</div>
<div class="section" id="cce_10_0081__section17716744163316"><h4 class="sectiontitle">Helpful Links</h4><p id="cce_10_0081__p12284195854916">You can log in to the CCE console and refer to the following sections to perform operations on node pools:</p>
<ul id="cce_10_0081__ul713912219920"><li id="cce_10_0081__li168801331326"><a href="cce_10_0012.html">Creating a Node Pool</a></li><li id="cce_10_0081__li1688010311326"><a href="cce_10_0222.html">Managing Node Pools</a></li><li id="cce_10_0081__li1720114577918"><a href="cce_10_0047.html">Creating a Deployment</a></li><li id="cce_10_0081__li1849316127104"><a href="cce_10_0892.html">Configuring Node Affinity Scheduling (nodeAffinity)</a></li></ul>

10
docs/cce/umn/cce_10_0094.html
View File

@ -3,7 +3,7 @@
<h1 class="topictitle1">Ingress Overview</h1>
<div id="body0000001159453456"><div class="section" id="cce_10_0094__section17868123416122"><h4 class="sectiontitle">Why We Need Ingresses?</h4><p id="cce_10_0094__p19813582419">A Service is generally used to forward access requests based on TCP and UDP and provide layer-4 load balancing for clusters. However, in actual scenarios, if there is a large number of HTTP/HTTPS access requests on the application layer, the Service cannot meet the forwarding requirements. Therefore, the Kubernetes cluster provides an HTTP-based access mode, ingress.</p>
<p id="cce_10_0094__p168757241679">An ingress is an independent resource in the Kubernetes cluster and defines rules for forwarding external access traffic. As shown in <a href="#cce_10_0094__fig18155819416">Figure 1</a>, you can customize forwarding rules based on domain names and URLs to implement fine-grained distribution of access traffic.</p>
<div class="fignone" id="cce_10_0094__fig18155819416"><a name="cce_10_0094__fig18155819416"></a><a name="fig18155819416"></a><span class="figcap"><b>Figure 1 </b>Ingress diagram</span><br><span><img class="eddx" id="cce_10_0094__image98185817414" src="en-us_image_0000002434240944.png"></span></div>
<div class="fignone" id="cce_10_0094__fig18155819416"><a name="cce_10_0094__fig18155819416"></a><a name="fig18155819416"></a><span class="figcap"><b>Figure 1 </b>Ingress diagram</span><br><span><img class="eddx" id="cce_10_0094__image98185817414" src="en-us_image_0000002516079671.png"></span></div>
</div>
<div class="section" id="cce_10_0094__section195431917247"><h4 class="sectiontitle">Ingress Overview</h4><p id="cce_10_0094__p128258846">Kubernetes uses ingress resources to define how incoming traffic should be handled, while the Ingress Controller is responsible for processing the actual traffic.</p>
<ul id="cce_10_0094__ul2875811411"><li id="cce_10_0094__li78145815413"><strong id="cce_10_0094__b1561012463389">Ingress object</strong>: a set of access rules that forward requests to specified Services based on domain names or paths. It can be added, deleted, modified, and queried by calling APIs.</li><li id="cce_10_0094__li148115817417"><strong id="cce_10_0094__b289514915381">Ingress Controller</strong>: an executor for forwarding requests. It monitors the changes of resource objects such as ingresses, Services, endpoints, secrets (mainly TLS certificates and keys), nodes, and ConfigMaps in real time, parses rules defined by ingresses, and forwards requests to the target backend Services.<div class="p" id="cce_10_0094__p37234233412">The way of implementing Ingress Controllers varies depending on their vendors. CCE supports LoadBalancer Ingress Controllers and NGINX Ingress Controllers.<ul id="cce_10_0094__ul852429154112"><li id="cce_10_0094__li1274314520414">LoadBalancer Ingress Controllers are deployed on master nodes and forward traffic based on the ELB. All policy configurations and forwarding behaviors are managed on the ELB.</li><li id="cce_10_0094__li1218142764120">NGINX Ingress Controllers are deployed in clusters using charts and images maintained by the Kubernetes community. They provide external access through NodePort and forward external traffic to other services in the cluster through Nginx. All traffic forwarding behaviors and forwarding objects are within the cluster.</li></ul>
@ -83,19 +83,19 @@
<p id="cce_10_0094__p4254124831218">LoadBalancer Ingress Controllers are deployed on master nodes and bound to load balancers in the cluster's VPC. You can configure different domain names, ports, and forwarding policies for the same load balancer (with the same IP address). The working rules of LoadBalancer Ingress Controllers are as follows:</p>
<ol id="cce_10_0094__ol525410483123"><li id="cce_10_0094__li8254184813127">A user creates an ingress and configures a traffic access rule in the ingress, including the load balancer, access path, SSL, and backend Service port.</li><li id="cce_10_0094__li1225474817126">When Ingress Controller detects that the ingress changes, it reconfigures the listener and backend server route on the ELB according to the traffic access rule.</li><li id="cce_10_0094__li115615167193">When a user attempts to access a workload, the ELB forwards the traffic to the target workload according to the configured forwarding rule.</li></ol>
</div>
<div class="section" id="cce_10_0094__section192736230432"><h4 class="sectiontitle">CCE Standard Clusters</h4><div class="fignone" id="cce_10_0094__fig122542486129"><span class="figcap"><b>Figure 2 </b>Working flow of a LoadBalancer ingress in a CCE standard cluster</span><br><span><img class="eddx" id="cce_10_0094__image719893318176" src="en-us_image_0000002434081112.png"></span></div>
<div class="section" id="cce_10_0094__section192736230432"><h4 class="sectiontitle">CCE Standard Clusters</h4><div class="fignone" id="cce_10_0094__fig122542486129"><span class="figcap"><b>Figure 2 </b>Working flow of a LoadBalancer ingress in a CCE standard cluster</span><br><span><img class="eddx" id="cce_10_0094__image719893318176" src="en-us_image_0000002516079667.png"></span></div>
</div>
<div class="section" id="cce_10_0094__section37915441111"><h4 class="sectiontitle">CCE Turbo Clusters Where a Shared Load Balancer Is Used</h4><div class="fignone" id="cce_10_0094__fig1775293011117"><span class="figcap"><b>Figure 3 </b>Working flow of a LoadBalancer ingress in a CCE Turbo cluster where a shared load balancer is used</span><br><span><img class="eddx" id="cce_10_0094__image82441664451" src="en-us_image_0000002434081116.png"></span></div>
<div class="section" id="cce_10_0094__section37915441111"><h4 class="sectiontitle">CCE Turbo Clusters Where a Shared Load Balancer Is Used</h4><div class="fignone" id="cce_10_0094__fig1775293011117"><span class="figcap"><b>Figure 3 </b>Working flow of a LoadBalancer ingress in a CCE Turbo cluster where a shared load balancer is used</span><br><span><img class="eddx" id="cce_10_0094__image82441664451" src="en-us_image_0000002483959718.png"></span></div>
</div>
<div class="section" id="cce_10_0094__section1136916519430"><h4 class="sectiontitle">CCE Turbo Clusters Where a Dedicated Load Balancer Is Used</h4><p id="cce_10_0094__p3662933103112">When a <strong id="cce_10_0094__b91242035143310">CCE Turbo cluster</strong> is used, pod IP addresses are directly allocated from the VPC. <strong id="cce_10_0094__b1611815531919">Dedicated load balancers</strong> enable passthrough networking to pods. When creating an ingress for external cluster access, you can use ELB to access a ClusterIP Service and use pods as the backend server of the ELB listener. In this way, external traffic can directly access the pods in the cluster without being forwarded by node ports.</p>
<div class="fignone" id="cce_10_0094__fig44531612193618"><span class="figcap"><b>Figure 4 </b>Working flow of a LoadBalancer ingress in a CCE Turbo cluster where a dedicated load balancer is used</span><br><span><img class="eddx" id="cce_10_0094__image6906154516408" src="en-us_image_0000002434081124.png"></span></div>
<div class="fignone" id="cce_10_0094__fig44531612193618"><span class="figcap"><b>Figure 4 </b>Working flow of a LoadBalancer ingress in a CCE Turbo cluster where a dedicated load balancer is used</span><br><span><img class="eddx" id="cce_10_0094__image6906154516408" src="en-us_image_0000002483959720.png"></span></div>
</div>
<div class="section" id="cce_10_0094__section1973674703410"><h4 class="sectiontitle">Working Rules of NGINX Ingress Controller</h4><p id="cce_10_0094__p34261911121314">Nginx Ingress uses ELB as the traffic ingress. The <a href="cce_10_0034.html">NGINX Ingress Controller</a> add-on is deployed in a cluster to balance traffic and control access.</p>
<div class="note" id="cce_10_0094__note342691161311"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0094__p1742714117138">NGINX Ingress Controller uses the charts and images provided by the <a href="https://github.com/kubernetes/ingress-nginx" target="_blank" rel="noopener noreferrer">open-source community</a>, and issues may occur during usage. CCE periodically synchronizes the community version to fix known vulnerabilities. Check whether your service requirements can be met.</p>
</div></div>
<p id="cce_10_0094__p94276112138">NGINX Ingress Controller is deployed on worker nodes through pods, which will result in O&amp;M costs and Nginx component running overheads. <a href="#cce_10_0094__fig2042781115133">Figure 5</a> shows the working rules of NGINX Ingress Controller.</p>
<ol id="cce_10_0094__ol8427111151315"><li id="cce_10_0094__li1942701121313">After you update ingress resources, NGINX Ingress Controller writes a forwarding rule defined in the ingress resources into the <strong id="cce_10_0094__b14941113124320">nginx.conf</strong> configuration file of Nginx.</li><li id="cce_10_0094__li13427101181313">The built-in Nginx component reloads the updated configuration file to modify and update the Nginx forwarding rule.</li><li id="cce_10_0094__li11427201113138">When traffic accesses a cluster, the traffic is first forwarded by the created load balancer to the Nginx component in the cluster. Then, the Nginx component forwards the traffic to each workload based on the forwarding rule.</li></ol>
<div class="fignone" id="cce_10_0094__fig2042781115133"><a name="cce_10_0094__fig2042781115133"></a><a name="fig2042781115133"></a><span class="figcap"><b>Figure 5 </b>Working rules of NGINX Ingress Controller</span><br><span><img class="eddx" id="cce_10_0094__image45705134553" src="en-us_image_0000002434081132.png"></span></div>
<div class="fignone" id="cce_10_0094__fig2042781115133"><a name="cce_10_0094__fig2042781115133"></a><a name="fig2042781115133"></a><span class="figcap"><b>Figure 5 </b>Working rules of NGINX Ingress Controller</span><br><span><img class="eddx" id="cce_10_0094__image45705134553" src="en-us_image_0000002483959722.png"></span></div>
</div>
<div class="section" id="cce_10_0094__section3565202819276"><a name="cce_10_0094__section3565202819276"></a><a name="section3565202819276"></a><h4 class="sectiontitle">Services Supported by LoadBalancer Ingresses</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0094__table143264518141" width="100%" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Services supported by LoadBalancer ingresses</caption><thead align="left"><tr id="cce_10_0094__row1132645112145"><th align="left" class="cellrowborder" valign="top" width="15%" id="mcps1.3.9.2.2.5.1.1"><p id="cce_10_0094__p33261518148">Cluster Type</p>

2
docs/cce/umn/cce_10_0105.html
View File

@ -1,7 +1,7 @@
<a name="cce_10_0105"></a><a name="cce_10_0105"></a>
<h1 class="topictitle1">Configuring the Container Lifecycle</h1>
<div id="body1511833542433"><p id="cce_10_0105__p1924981715522">Container lifecycle hooks are core mechanisms provided by Kubernetes that enable you to insert custom logic at key phases throughout the container lifecycle. These hooks provide refined process controls over containerized applications, enabling applications to better adapt to the dynamic characteristics of the cloud native environment. CCE provides the following container lifecycle hooks. For more information, see <a href="https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/" target="_blank" rel="noopener noreferrer">Container Lifecycle Hooks</a>.</p>
<div id="body1511833542433"><p id="cce_10_0105__p1924981715522">Container lifecycle hooks are core mechanisms provided by Kubernetes. They enable you to insert custom logic at key phases throughout the container lifecycle. These hooks provide refined process controls over containerized applications, enabling applications to better adapt to the dynamic characteristics of the cloud native environment. CCE provides the following container lifecycle hooks. For more information, see <a href="https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/" target="_blank" rel="noopener noreferrer">Container Lifecycle Hooks</a>.</p>
<ul id="cce_10_0105__ul113365287581"><li id="cce_10_0105__li833612282588"><strong id="cce_10_0105__b1251992618244"><a href="#cce_10_0105__section54912655316">Startup Command</a></strong>: the command executed when a container starts. <strong id="cce_10_0105__b208731126142320">It is used to define the main process of a container.</strong> The main process is the default entry after the container starts, and its status determines the container lifecycle. This kind of hook is applicable to initialization scenarios where the application entry, environment variables, mount points, or port mapping needs to be specified.</li><li id="cce_10_0105__li121585497562"><strong id="cce_10_0105__b224815296245"><a href="#cce_10_0105__section15243544163715">PostStart Hook</a></strong>: <strong id="cce_10_0105__b456814374131">used to execute initialization tasks, such as service registration and dynamic configuration generation, immediately after the main process of a container starts.</strong> Such a hook is asynchronously triggered by kubelet and runs in parallel with the main process, preventing the container startup process from being blocked and accelerating the container readiness. This kind of hook is applicable to the scenario where the environment needs to be configured or the initialization logic needs to be executed immediately after the application process starts.</li><li id="cce_10_0105__li88731643115820"><strong id="cce_10_0105__b476653142419"><a href="#cce_10_0105__section2334114473712">PreStop Hook</a></strong>: <strong id="cce_10_0105__b19441632131310">used to execute predefined cleanup logic before a container is terminated.</strong> When a pod is deleted or updated, kubelet triggers this hook to perform operations (such as deregistering services and refreshing status), and then sends the SIGTERM signal to the main process of a container for the application to shut down gracefully. This kind of hook is applicable to the scenario where safe shutdown is required to avoid data loss or there are service exceptions.</li></ul>
<div class="section" id="cce_10_0105__section54912655316"><a name="cce_10_0105__section54912655316"></a><a name="section54912655316"></a><h4 class="sectiontitle">Startup Command</h4><p id="cce_10_0105__p16447124362315">A startup command is executed when a container starts. It is used to define the main process of a container. The main process status determines the container lifecycle. If the command fails to be executed and no restart policy is configured, the container will be terminated.</p>
<p id="cce_10_0105__p198271342105918">By default, the default command is executed during image start. To run a specific command or rewrite the default image setting, you must perform specific operations. By default, the container executes the startup command preset in the image. Docker images contain a set of metadata fields for defining the startup behavior, including <strong id="cce_10_0105__b347753915329">ENTRYPOINT</strong> and <strong id="cce_10_0105__b147907449321">CMD</strong>. If the commands and arguments (specified by <strong id="cce_10_0105__b6840122723613">Command</strong> and <strong id="cce_10_0105__b6840527123620">Args</strong>) are not configured in the container specifications, the default values during image build are used.</p>

24
docs/cce/umn/cce_10_0107.html
View File

@ -1,22 +1,22 @@
<a name="cce_10_0107"></a><a name="cce_10_0107"></a>
<h1 class="topictitle1">Accessing a Cluster Using kubectl</h1>
<div id="body1512462600292"><div class="p" id="cce_10_0107__p0127151145214">kubectl is a command-line tool provided by Kubernetes, enabling you to manage cluster resources, view cluster status, deploy applications, and debug issues through the CLI. To access a CCE cluster using kubectl, you can use either of the following methods:<ul id="cce_10_0107__ul16126613529"><li id="cce_10_0107__li412611114529"><span class="keyword" id="cce_10_0107__keyword1012618112529">Intranet access</span>: Clients access the cluster's API server via an intranet IP address, keeping data traffic internal and enhancing security.</li><li id="cce_10_0107__li81871653123713"><span class="keyword" id="cce_10_0107__keyword121871453103711">Internet access</span>: The cluster's API server exposes a public API, allowing clients to access the Kubernetes cluster over the Internet. When using Internet access, you can choose whether to enable <span class="uicontrol" id="cce_10_0107__uicontrol91674111684"><b>two-way domain name trust</b></span>.<ul id="cce_10_0107__ul103339253814"><li id="cce_10_0107__li194141522181">If <span class="uicontrol" id="cce_10_0107__uicontrol127891531205716"><b>two-way domain name trust</b></span> is disabled, kubectl and the API server use one-way certificate authentication, which is less secure. In this mode, only kubectl verifies the API server's certificate, while the API server does not verify kubectl's certificate.</li><li id="cce_10_0107__li1390334492416">If <span class="uicontrol" id="cce_10_0107__uicontrol3444144218127"><b>two-way domain name trust</b></span> is enabled, kubectl and the API server use mutual certificate authentication, which is more secure. In this mode, kubectl verifies the API server's certificate, and the API server verifies kubectl's certificate (specified in the <strong id="cce_10_0107__b1093610538198">client-certificate-data</strong> field in the kubeconfig file). For more details, see <a href="#cce_10_0107__section1559919152711">Two-Way Domain Name Trust</a>.</li></ul>
<div id="body1512462600292"><div class="p" id="cce_10_0107__p0127151145214">kubectl is a command-line tool provided by Kubernetes, enabling you to manage cluster resources, view cluster status, deploy applications, and debug issues through the CLI. To access a CCE cluster using kubectl, you can use either of the following methods:<ul id="cce_10_0107__ul16126613529"><li id="cce_10_0107__li412611114529"><span class="keyword" id="cce_10_0107__keyword1012618112529">Private access</span>: Clients access the cluster's API server via an intranet IP address, keeping data traffic internal and enhancing security.</li><li id="cce_10_0107__li81871653123713"><span class="keyword" id="cce_10_0107__keyword121871453103711">Public access</span>: The cluster's API server exposes a public API, allowing clients to access the Kubernetes cluster over the Internet. When using the Internet for access, you can choose whether to enable <span class="uicontrol" id="cce_10_0107__uicontrol91674111684"><b>two-way domain name trust</b></span>.<ul id="cce_10_0107__ul103339253814"><li id="cce_10_0107__li194141522181">If <span class="uicontrol" id="cce_10_0107__uicontrol127891531205716"><b>two-way domain name trust</b></span> is disabled, kubectl and the API server use one-way certificate authentication, which is less secure. In this mode, only kubectl verifies the API server's certificate, while the API server does not verify kubectl's certificate.</li><li id="cce_10_0107__li1390334492416">If <span class="uicontrol" id="cce_10_0107__uicontrol3444144218127"><b>two-way domain name trust</b></span> is enabled, kubectl and the API server use mutual certificate authentication, which is more secure. In this mode, kubectl verifies the API server's certificate, and the API server verifies kubectl's certificate (specified in the <strong id="cce_10_0107__b1093610538198">client-certificate-data</strong> field in the kubeconfig file). For more details, see <a href="#cce_10_0107__section1559919152711">Two-Way Domain Name Trust</a>.</li></ul>
</li></ul>
</div>
<p id="cce_10_0107__p2187801381">This section uses a CCE standard cluster as an example to describe how to access a CCE cluster using <span class="keyword" id="cce_10_0107__keyword11231175094718">kubectl</span>.</p>
<div class="section" id="cce_10_0107__section1869110616271"><h4 class="sectiontitle">How It Works</h4><p id="cce_10_0107__p81651612272">kubectl retrieves cluster information from a kubeconfig file and communicates with the Kubernetes API server. The <a href="https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/" target="_blank" rel="noopener noreferrer">kubeconfig</a> file is the identity credential for kubectl to access the Kubernetes cluster. It contains the API server address, user authentication credentials, and other configuration details. With these details, kubectl can interact with the Kubernetes cluster to perform management tasks.</p>
<div class="fignone" id="cce_10_0107__fig11237152914531"><span class="figcap"><b>Figure 1 </b>Using kubectl to access a cluster</span><br><span><img class="eddx" id="cce_10_0107__image8556152111515" src="en-us_image_0000002434240904.png"></span></div>
<div class="fignone" id="cce_10_0107__fig11237152914531"><span class="figcap"><b>Figure 1 </b>Using kubectl to access a cluster</span><br><span><img class="eddx" id="cce_10_0107__image8556152111515" src="en-us_image_0000002516079611.png"></span></div>
</div>
<div class="section" id="cce_10_0107__section7659174519354"><h4 class="sectiontitle">Prerequisites</h4><ul id="cce_10_0107__ul161915555354"><li id="cce_10_0107__li61271527102">A client computer that can access the Internet is available.</li><li id="cce_10_0107__li141955553511">Before using <span class="keyword" id="cce_10_0107__keyword154819653616">intranet access</span>, ensure that the client and the cluster to be accessed are in the same VPC.</li><li id="cce_10_0107__li6314379366">Before using <span class="keyword" id="cce_10_0107__keyword6569106123810">Internet access</span>, ensure the cluster to be accessed has an EIP bound. For details about how to bind an EIP, see <a href="cce_10_0864.html#cce_10_0864__section128889371044">Procedure</a>.<div class="note" id="cce_10_0107__note11736104173716"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0107__p273610412376">In a cluster with an EIP bound, kube-apiserver will be exposed to the Internet and may be attacked. To resolve this issue, you can configure Advanced Anti-DDoS for the EIP of the node on which kube-apiserver runs or <a href="cce_faq_00417.html">configure security group rules</a>.</p>
<div class="section" id="cce_10_0107__section7659174519354"><h4 class="sectiontitle">Prerequisites</h4><ul id="cce_10_0107__ul161915555354"><li id="cce_10_0107__li61271527102">A client that can access the Internet is available.</li><li id="cce_10_0107__li141955553511">If <span class="keyword" id="cce_10_0107__keyword154819653616">private access</span> is used, the client and the cluster to be accessed must be in the same VPC.</li><li id="cce_10_0107__li6314379366">If <span class="keyword" id="cce_10_0107__keyword6569106123810">public access</span> is used, the cluster to be accessed has an EIP bound. For details about how to bind an EIP, see <a href="cce_10_0864.html#cce_10_0864__section128889371044">Procedure</a>.<div class="note" id="cce_10_0107__note11736104173716"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0107__p273610412376">In a cluster with an EIP bound, kube-apiserver will be exposed to the Internet and may be attacked. To resolve this issue, you can configure Advanced Anti-DDoS for the EIP of the node on which kube-apiserver runs or <a href="cce_faq_00417.html">configure security group rules</a>.</p>
</div></div>
</li></ul>
</div>
<div class="section" id="cce_10_0107__section17352373317"><h4 class="sectiontitle">Notes and Constraints</h4><p id="cce_10_0107__p11579729195710">A kubeconfig file contains user authentication credentials. When you use this file to access a cluster, kubectl accesses the cluster based on the credentials and permissions specified in the file.</p>
<div class="section" id="cce_10_0107__section17352373317"><h4 class="sectiontitle">Constraints</h4><p id="cce_10_0107__p11579729195710">A kubeconfig file contains user authentication credentials. When you use this file to access a cluster, kubectl accesses the cluster based on the credentials and permissions specified in the file.</p>
<p id="cce_10_0107__p142391810113">For details about user permissions, see <a href="cce_10_0187.html#cce_10_0187__section1464135853519">Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based)</a>.</p>
</div>
<div class="section" id="cce_10_0107__section37321625113110"><a name="cce_10_0107__section37321625113110"></a><a name="section37321625113110"></a><h4 class="sectiontitle">Step 1: Download kubectl</h4><p id="cce_10_0107__p1431163120129">Before using kubectl to access a cluster, install kubectl on the client. Run the <strong id="cce_10_0107__b043193121216">kubectl version</strong> command to check whether kubectl is installed. If it is, skip this step. This section uses Linux as an example to describe how to install and configure kubectl. For details, see <a href="https://kubernetes.io/docs/tasks/tools/#kubectl" target="_blank" rel="noopener noreferrer">Installing kubectl</a>.</p>
<ol id="cce_10_0107__ol6469105613170"><li id="cce_10_0107__li194691356201712"><span id="cce_10_0107__p47744111134">Log in to your client computer and download kubectl. <em id="cce_10_0107__i13371157202">v1.25.0</em> specifies the version. Replace it as needed.</span><p><pre class="screen" id="cce_10_0107__screen8511142418352">cd /home
<div class="section" id="cce_10_0107__section37321625113110"><a name="cce_10_0107__section37321625113110"></a><a name="section37321625113110"></a><h4 class="sectiontitle">Step 1: Download kubectl</h4><p id="cce_10_0107__p1431163120129">Before using kubectl to access a cluster, install kubectl on the client. Run the <strong id="cce_10_0107__b043193121216">kubectl version</strong> command to check whether kubectl is installed. If it is installed, skip this step. This section uses Linux as an example to describe how to install and configure kubectl. For details, see <a href="https://kubernetes.io/docs/tasks/tools/#kubectl" target="_blank" rel="noopener noreferrer">Installing kubectl</a>.</p>
<ol id="cce_10_0107__ol6469105613170"><li id="cce_10_0107__li194691356201712"><span id="cce_10_0107__p47744111134">Log in to your client and download kubectl. <em id="cce_10_0107__i13371157202">v1.25.0</em> specifies the version. Replace it as needed.</span><p><pre class="screen" id="cce_10_0107__screen8511142418352">cd /home
curl -LO https://dl.k8s.io/release/<i><span class="varname" id="cce_10_0107__varname1988715394132">v1.25.0</span></i>/bin/linux/amd64/kubectl</pre>
</p></li><li id="cce_10_0107__li9776161517148"><span>Run the following command to install kubectl:</span><p><pre class="screen" id="cce_10_0107__screen10369122021418">chmod +x kubectl
mv -f kubectl /usr/local/bin</pre>
@ -27,20 +27,20 @@ Kustomize Version: xxx
Server Version: xxx</pre>
</p></li></ol>
</div>
<div class="section" id="cce_10_0107__section1388915135311"><a name="cce_10_0107__section1388915135311"></a><a name="section1388915135311"></a><h4 class="sectiontitle">Step 2: Obtain the kubectl Configuration File (kubeconfig)</h4><p id="cce_10_0107__p1995411562513">Obtain the kubeconfig file from the cluster for access.</p>
<ol id="cce_10_0107__ol1152820543369"><li id="cce_10_0107__li752814547369"><a name="cce_10_0107__li752814547369"></a><a name="li752814547369"></a><span>On the <strong id="cce_10_0107__b123551143134017"><span id="cce_10_0107__text3471194015364">Overview</span></strong> page, locate the <strong id="cce_10_0107__b1355134324011">Connection Information</strong> area, and click <strong id="cce_10_0107__b035520436405">Configure</strong> next to <strong id="cce_10_0107__b2035512437408">kubectl</strong>.</span><p><p id="cce_10_0107__p1821100203719"></p>
<div class="section" id="cce_10_0107__section1388915135311"><a name="cce_10_0107__section1388915135311"></a><a name="section1388915135311"></a><h4 class="sectiontitle">Step 2: Obtain the kubectl Configuration File (kubeconfig)</h4><p id="cce_10_0107__p1995411562513">Obtain kubeconfig (the kubectl configuration file) from the cluster for access.</p>
<ol id="cce_10_0107__ol1152820543369"><li id="cce_10_0107__li752814547369"><a name="cce_10_0107__li752814547369"></a><a name="li752814547369"></a><span>On the <strong id="cce_10_0107__b123551143134017"><span id="cce_10_0107__text3471194015364">Overview</span></strong> page of the cluster console, locate the <strong id="cce_10_0107__b1355134324011">Connection Information</strong> area, and click <strong id="cce_10_0107__b035520436405">Configure</strong> next to <strong id="cce_10_0107__b2035512437408">kubectl</strong>.</span><p><p id="cce_10_0107__p1821100203719"></p>
</p></li><li id="cce_10_0107__li15257117153716"><a name="cce_10_0107__li15257117153716"></a><a name="li15257117153716"></a><span>In the window that slides out from the right, locate the <strong id="cce_10_0107__b748212191358">Download the kubeconfig file</strong> area, select <strong id="cce_10_0107__b1248217190352">Private access</strong> or <strong id="cce_10_0107__b1648231983518">Public access</strong> for <strong id="cce_10_0107__b184831196358">Current data</strong>, and copy the configuration file.</span><p><p id="cce_10_0107__p15611105816329"></p>
<div class="note" id="cce_10_0107__note74711640203618"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="cce_10_0107__ul10471104014368"><li id="cce_10_0107__li447134083619">The kubectl configuration file <strong id="cce_10_0107__b11741123981418">kubeconfig</strong> is used for cluster authentication. If the file is leaked, your clusters may be attacked.</li><li id="cce_10_0107__li15471440113616">The Kubernetes permissions assigned by the configuration file downloaded by IAM users are the same as those assigned to the IAM users on the CCE console.</li><li id="cce_10_0107__li164718404363">In Linux, if the KUBECONFIG environment variable is set, kubectl will load it instead of <strong id="cce_10_0107__b148951611427">$home/.kube/config</strong>.</li><li id="cce_10_0107__li193993573192">An issued kubeconfig certificate remains valid even if the user who requested it is deleted. To ensure cluster security, manually revoke the user's cluster access credentials. For details, see <a href="cce_10_0744.html">Revoking a Cluster Access Credential</a>.</li></ul>
<div class="note" id="cce_10_0107__note74711640203618"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="cce_10_0107__ul10471104014368"><li id="cce_10_0107__li447134083619">kubeconfig is used for cluster authentication. If the file is leaked, your cluster may be attacked.</li><li id="cce_10_0107__li15471440113616">The Kubernetes permissions assigned by the configuration file downloaded by IAM users are the same as those assigned to the IAM users on the CCE console.</li><li id="cce_10_0107__li164718404363">In Linux, if the KUBECONFIG environment variable is set, kubectl will load it instead of <strong id="cce_10_0107__b148951611427">$home/.kube/config</strong>.</li><li id="cce_10_0107__li193993573192">An issued kubeconfig certificate remains valid even if the user who requested it is deleted. To ensure cluster security, manually revoke the user's cluster access credentials. For details, see <a href="cce_10_0744.html">Revoking a Cluster Access Credential</a>.</li></ul>
</div></div>
</p></li></ol>
</div>
<div class="section" id="cce_10_0107__section431017301451"><h4 class="sectiontitle">Step 3: Configure kubectl</h4><p id="cce_10_0107__p119781811806">The kubeconfig file is stored on the client, and kubectl uses it to access and interact with the cluster.</p>
<ol id="cce_10_0107__ol2058262755818"><li id="cce_10_0107__li1858282712581"><span>Log in to your client.</span></li><li id="cce_10_0107__li13981375511"><span>Create the <strong id="cce_10_0107__b67356429214">kubeconfig.yaml</strong> file, the name of which is customizable. The file is used to store the configuration file information obtained in <a href="#cce_10_0107__li15257117153716">2</a>.</span><p><pre class="screen" id="cce_10_0107__screen196071725013">vim <i><span class="varname" id="cce_10_0107__varname1739414511020">kubeconfig.yaml</span></i></pre>
<ol id="cce_10_0107__ol2058262755818"><li id="cce_10_0107__li1858282712581"><span>Log in to your client.</span></li><li id="cce_10_0107__li13981375511"><span>Create the <strong id="cce_10_0107__b67356429214">kubeconfig.yaml</strong> file. You can change the file name as needed. The file is used to store the configuration file information obtained in <a href="#cce_10_0107__li15257117153716">2</a>.</span><p><pre class="screen" id="cce_10_0107__screen196071725013">vim <i><span class="varname" id="cce_10_0107__varname1739414511020">kubeconfig.yaml</span></i></pre>
<p id="cce_10_0107__p175201659006">Copy the configuration file information obtained in <a href="#cce_10_0107__li15257117153716">2</a> to <strong id="cce_10_0107__b178541835122418">kubeconfig.yaml</strong> and save the file.</p>
</p></li><li id="cce_10_0107__li10582162715587"><span>Save the <strong id="cce_10_0107__b14972114520244">kubeconfig.yaml</strong> file to <span class="uicontrol" id="cce_10_0107__uicontrol4676130182017"><b>$HOME/.kube/config</b></span>. kubectl will automatically read from it. If you save the <strong id="cce_10_0107__b7164165372511">kubeconfig.yaml</strong> file in a different path, set the KUBECONFIG environment variable to point to that path.</span><p><pre class="screen" id="cce_10_0107__screen19550142345811">cd /home
mkdir -p $HOME/.kube
mv -f ~/<i><span class="varname" id="cce_10_0107__varname255012305814">kubeconfig.yaml</span></i> $HOME/.kube/config # Change <strong id="cce_10_0107__b75561240132611">kubeconfig.yaml</strong> to the file name.</pre>
</p></li><li id="cce_10_0107__li25821727175810"><span>Switch the kubectl access mode based on service scenarios.</span><p><ul id="cce_10_0107__ul175501023135814"><li id="cce_10_0107__li20550423105820">If private access is used via a VPC, run the following command:<pre class="screen" id="cce_10_0107__screen5550122395819">kubectl config use-context internal</pre>
</p></li><li id="cce_10_0107__li25821727175810"><span>Switch the kubectl access mode based on service scenarios.</span><p><ul id="cce_10_0107__ul175501023135814"><li id="cce_10_0107__li20550423105820">If private access is used through a VPC, run the following command:<pre class="screen" id="cce_10_0107__screen5550122395819">kubectl config use-context internal</pre>
</li><li id="cce_10_0107__li4550112395814">If public access is enabled and two-way domain name trust is not required, ensure the cluster is bound to an EIP. Then, run the following command:<pre class="screen" id="cce_10_0107__screen055092319586">kubectl config use-context external</pre>
</li><li id="cce_10_0107__li1550142305811">If public access is enabled and two-way domain name trust is required, ensure the cluster is bound to an EIP. Then, run the following command:<pre class="screen" id="cce_10_0107__screen15550152317587">kubectl config use-context externalTLSVerify</pre>
<p id="cce_10_0107__p755062315813">For more details, see <a href="#cce_10_0107__section1559919152711">Two-Way Domain Name Trust</a>.</p>
@ -53,7 +53,7 @@ To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
</p></li></ol>
</div>
<div class="section" id="cce_10_0107__section1559919152711"><a name="cce_10_0107__section1559919152711"></a><a name="section1559919152711"></a><h4 class="sectiontitle"><span class="keyword" id="cce_10_0107__keyword311020376452">Two-Way Domain Name Trust</span></h4><p id="cce_10_0107__p138948491274">Two-way domain name trust is a mutual authentication mechanism that verifies the identities of both the client and server. This mode enhances security between clusters and clients, preventing unauthorized access.</p>
<ul id="cce_10_0107__ul88981331482"><li id="cce_10_0107__li1705116151915">After an EIP is bound to an API server, two-way domain name trust is disabled by default if kubectl is used to access the cluster. You can run <strong id="cce_10_0107__b198732542582">kubectl config use-context externalTLSVerify</strong> to enable the two-way domain name trust.</li><li id="cce_10_0107__li1807459174818">When an EIP is bound to or unbound from a cluster, or a custom domain name is configured or updated, the cluster server certificate will be added the latest cluster access address (including the EIP bound to the cluster and all custom domain names configured for the cluster).</li><li id="cce_10_0107__li17898153310483">Asynchronous cluster synchronization takes about 5 to 10 minutes. You can view the synchronization result in <strong id="cce_10_0107__b196404619200">Synchronize Certificate</strong> in <strong id="cce_10_0107__b364620682012">Operation Records</strong>.</li><li id="cce_10_0107__li614337712">For a cluster that has been bound to an EIP, if the authentication fails (x509: certificate is valid) when two-way trust is used, bind the EIP again and download <strong id="cce_10_0107__b121611451417">kubeconfig.yaml</strong> again.</li><li id="cce_10_0107__li5950658165414">If the two-way domain name trust is not supported, <strong id="cce_10_0107__b56091346184712">kubeconfig.yaml</strong> contains the <strong id="cce_10_0107__b1961534614476">"insecure-skip-tls-verify": true</strong> field, as shown in <a href="#cce_10_0107__fig1941342411">Figure 2</a>. To use two-way trust, download the <strong id="cce_10_0107__b549311585216">kubeconfig.yaml</strong> file again and enable two-way domain name trust.<div class="fignone" id="cce_10_0107__fig1941342411"><a name="cce_10_0107__fig1941342411"></a><a name="fig1941342411"></a><span class="figcap"><b>Figure 2 </b>Two-way trust disabled for domain names</span><br><span><img id="cce_10_0107__image3414621613" src="en-us_image_0000002434081108.png"></span></div>
<ul id="cce_10_0107__ul88981331482"><li id="cce_10_0107__li1705116151915">After an EIP is bound to an API server, two-way domain name trust is disabled by default if kubectl is used to access the cluster. You can run <strong id="cce_10_0107__b198732542582">kubectl config use-context externalTLSVerify</strong> to enable the two-way domain name trust.</li><li id="cce_10_0107__li1807459174818">When an EIP is bound to or unbound from a cluster, or a custom domain name is configured or updated, the cluster access address (including the EIP bound to the cluster and all custom domain names configured for the cluster) will be added to the cluster server certificate.</li><li id="cce_10_0107__li17898153310483">Asynchronous cluster synchronization takes about 5 to 10 minutes. You can view the synchronization result in <strong id="cce_10_0107__b196404619200">Synchronize Certificate</strong> in <strong id="cce_10_0107__b364620682012">Operation Records</strong>.</li><li id="cce_10_0107__li614337712">For a cluster that has an EIP bound, if the authentication fails (x509: certificate is valid) when two-way domain name trust is used, bind the EIP again and download <strong id="cce_10_0107__b121611451417">kubeconfig.yaml</strong> again.</li><li id="cce_10_0107__li5950658165414">If the two-way domain name trust is not supported, <strong id="cce_10_0107__b56091346184712">kubeconfig.yaml</strong> contains the <strong id="cce_10_0107__b1961534614476">"insecure-skip-tls-verify": true</strong> field, as shown in <a href="#cce_10_0107__fig1941342411">Figure 2</a>. To use two-way domain name trust, download the <strong id="cce_10_0107__b549311585216">kubeconfig.yaml</strong> file again and enable two-way domain name trust.<div class="fignone" id="cce_10_0107__fig1941342411"><a name="cce_10_0107__fig1941342411"></a><a name="fig1941342411"></a><span class="figcap"><b>Figure 2 </b>Two-way trust disabled for domain names</span><br><span><img id="cce_10_0107__image3414621613" src="en-us_image_0000002483959672.png"></span></div>
</li></ul>
</div>
<div class="section" id="cce_10_0107__section1628510591883"><h4 class="sectiontitle">Common Issues</h4><ul id="cce_10_0107__ul1374831051115"><li id="cce_10_0107__li4748810121112"><strong id="cce_10_0107__b456677171119"><span class="keyword" id="cce_10_0107__keyword0702458114510">Error from server Forbidden</span></strong><p id="cce_10_0107__p75241832114916">When you use kubectl to create or query Kubernetes resources, the following output is returned:</p>

22
docs/cce/umn/cce_10_0112.html
View File

@ -17,7 +17,9 @@
<tbody><tr id="cce_10_0112__row1318412302425"><td class="cellrowborder" valign="top" width="15.110000000000001%" headers="mcps1.3.2.2.3.2.2.2.3.1.1 "><p id="cce_10_0112__p9184113016421">Check Method</p>
</td>
<td class="cellrowborder" valign="top" width="84.89%" headers="mcps1.3.2.2.3.2.2.2.3.1.2 "><p id="cce_10_0112__p6430321202019">There are four options. Select one based on your service scenario. For details about the specific parameters of each check method, see "Specific Parameters" in this section. <strong id="cce_10_0112__b132315516538">For details about common parameters such as the check period and delay, see <a href="#cce_10_0112__section2050653544516">Common Parameters</a>.</strong></p>
<ul id="cce_10_0112__ul125811387376"><li id="cce_10_0112__li1025873812377"><strong id="cce_10_0112__b17810103324317"><a href="#cce_10_0112__li19505918465">HTTP</a></strong>: applies to a container that provides services over HTTP/HTTPS. The cluster will periodically initiate an HTTP/HTTPS GET request to the container. If the HTTP/HTTPS response status code is within 200399, the probe is successful. Otherwise, the probe fails. You must specify the port that the container listens on.</li><li id="cce_10_0112__li20408135315378"><strong id="cce_10_0112__b1433134216439"><a href="#cce_10_0112__li92491637166">TCP</a></strong>: applies to a container that provides services over TCP (such as databases, caches, and custom TCP services). The cluster will periodically establish a TCP connection to the container. If the connection is successful, the probe is successful. Otherwise, the probe fails. You must specify the port that the container listens on.</li><li id="cce_10_0112__li57264113381"><strong id="cce_10_0112__b18370647124320"><a href="#cce_10_0112__li104061647154310">Command</a></strong>: You must specify an executable command in a container. The cluster will periodically run the command in the container. If the command output is <strong id="cce_10_0112__b17741111301">0</strong>, the health check is successful. Otherwise, the health check fails.</li><li id="cce_10_0112__li323814118385"><strong id="cce_10_0112__b169719203387"><a href="#cce_10_0112__li198471623132818">GRPC Check</a></strong>: applies to gRPC applications. You do not need to expose HTTP ports or depend on external executable scripts. The container health check can be implemented through standard gRPC APIs.</li></ul>
<ul id="cce_10_0112__ul125811387376"><li id="cce_10_0112__li1025873812377"><strong id="cce_10_0112__b17810103324317"><a href="#cce_10_0112__li19505918465">HTTP</a></strong>: applies to a container that provides services over HTTP/HTTPS. The cluster will periodically initiate an HTTP/HTTPS GET request to the container. If the HTTP/HTTPS response status code is within 200399, the probe is successful. Otherwise, the probe fails. You must specify the port that the container listens on.</li><li id="cce_10_0112__li20408135315378"><strong id="cce_10_0112__b1433134216439"><a href="#cce_10_0112__li92491637166">TCP</a></strong>: applies to a container that provides services over TCP (such as databases, caches, and custom TCP services). The cluster will periodically establish a TCP connection to the container. If the connection is successful, the probe is successful. Otherwise, the probe fails. You must specify the port that the container listens on.</li><li id="cce_10_0112__li57264113381"><strong id="cce_10_0112__b1845541567"><a href="#cce_10_0112__li104061647154310">Command</a></strong>: You must specify an executable command in a container. The cluster will periodically run the command in the container. If the exit code status is <strong id="cce_10_0112__b15451741063">0</strong>, the health check is successful. Otherwise, the health check fails.<div class="caution" id="cce_10_0112__note252213442814"><span class="cautiontitle"> CAUTION: </span><div class="cautionbody"><p id="cce_10_0112__p4403134720813">In a high-load environment, you are advised not to run commands to check the health status. Running commands consumes system resources. If system resources are not enough (for example, when the CPU load is high or the file system is locked), the health check may fail due to a timeout. If you need to run a command to check the health status, you are advised to increase the number of allowed failures and extend the timeout interval to prevent the health check from failing due to unexpected resource competition.</p>
</div></div>
</li><li id="cce_10_0112__li323814118385"><strong id="cce_10_0112__b169719203387"><a href="#cce_10_0112__li198471623132818">GRPC Check</a></strong>: applies to gRPC applications. You do not need to expose HTTP ports or depend on external executable scripts. The container health check can be implemented through standard gRPC APIs.</li></ul>
</td>
</tr>
</tbody>
@ -91,25 +93,27 @@
</tbody>
</table>
</div>
</li><li id="cce_10_0112__li104061647154310"><a name="cce_10_0112__li104061647154310"></a><a name="li104061647154310"></a><strong id="cce_10_0112__b84235270695818"><span class="keyword" id="cce_10_0112__keyword1395397266173145">Command</span></strong><p id="cce_10_0112__p19850152911571">This option is a flexible health check method that allows you to specify the command in a container. The cluster will periodically run the command in the container to check the container status. If the command output is <strong id="cce_10_0112__b162382102298">0</strong>, the health check is successful. Otherwise, the health check fails.</p>
</li><li id="cce_10_0112__li104061647154310"><a name="cce_10_0112__li104061647154310"></a><a name="li104061647154310"></a><strong id="cce_10_0112__b84235270695818"><span class="keyword" id="cce_10_0112__keyword1395397266173145">Command</span></strong><p id="cce_10_0112__p19850152911571">This option is a flexible health check method that allows you to specify the command in a container. The cluster will periodically run the command in the container to check the container status. If the exit code status is <strong id="cce_10_0112__b162382102298">0</strong>, the health check is successful. Otherwise, the health check fails.</p>
<p id="cce_10_0112__p6675541152316">For TCP port- and HTTP request-based checks, you can also specify commands to achieve similar effects. For example, the example values in <a href="#cce_10_0112__table95424917398">Table 4</a> can achieve the effect of HTTP request-based checks.</p>
<div class="caution" id="cce_10_0112__note13848202611287"><span class="cautiontitle"><img src="public_sys-resources/caution_3.0-en-us.png"> </span><div class="cautionbody"><p id="cce_10_0112__cce_10_0112_p4403134720813">In a high-load environment, you are advised not to run commands to check the health status. Running commands consumes system resources. If system resources are not enough (for example, when the CPU load is high or the file system is locked), the health check may fail due to a timeout. If you need to run a command to check the health status, you are advised to increase the number of allowed failures and extend the timeout interval to prevent the health check from failing due to unexpected resource competition.</p>
</div></div>
<p id="cce_10_0112__p478612128572"></p>
<div class="tablenoborder"><a name="cce_10_0112__table95424917398"></a><a name="table95424917398"></a><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0112__table95424917398" frame="border" border="1" rules="all"><caption><b>Table 4 </b>Parameters specific to the command-based check</caption><thead align="left"><tr id="cce_10_0112__row854124917391"><th align="left" class="cellrowborder" valign="top" width="9.080908090809082%" id="mcps1.3.3.2.3.5.2.4.1.1"><p id="cce_10_0112__p154149153917">Parameter</p>
<div class="tablenoborder"><a name="cce_10_0112__table95424917398"></a><a name="table95424917398"></a><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0112__table95424917398" frame="border" border="1" rules="all"><caption><b>Table 4 </b>Parameters specific to the command-based check</caption><thead align="left"><tr id="cce_10_0112__row854124917391"><th align="left" class="cellrowborder" valign="top" width="9.080908090809082%" id="mcps1.3.3.2.3.6.2.4.1.1"><p id="cce_10_0112__p154149153917">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33.16331633163316%" id="mcps1.3.3.2.3.5.2.4.1.2"><p id="cce_10_0112__p18546491391">Example Value</p>
<th align="left" class="cellrowborder" valign="top" width="33.16331633163316%" id="mcps1.3.3.2.3.6.2.4.1.2"><p id="cce_10_0112__p18546491391">Example Value</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="57.755775577557756%" id="mcps1.3.3.2.3.5.2.4.1.3"><p id="cce_10_0112__p9541249153917">Description</p>
<th align="left" class="cellrowborder" valign="top" width="57.755775577557756%" id="mcps1.3.3.2.3.6.2.4.1.3"><p id="cce_10_0112__p9541249153917">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="cce_10_0112__row75444993917"><td class="cellrowborder" valign="top" width="9.080908090809082%" headers="mcps1.3.3.2.3.5.2.4.1.1 "><p id="cce_10_0112__p1154104933918">Command</p>
<tbody><tr id="cce_10_0112__row75444993917"><td class="cellrowborder" valign="top" width="9.080908090809082%" headers="mcps1.3.3.2.3.6.2.4.1.1 "><p id="cce_10_0112__p1154104933918">Command</p>
</td>
<td class="cellrowborder" valign="top" width="33.16331633163316%" headers="mcps1.3.3.2.3.5.2.4.1.2 "><p id="cce_10_0112__p854194914396">/bin/sh</p>
<td class="cellrowborder" valign="top" width="33.16331633163316%" headers="mcps1.3.3.2.3.6.2.4.1.2 "><p id="cce_10_0112__p854194914396">/bin/sh</p>
<p id="cce_10_0112__p773248184010">-c</p>
<p id="cce_10_0112__p24707511409">curl -sf http://172.16.0.186:80/health-check || exit 1</p>
</td>
<td class="cellrowborder" valign="top" width="57.755775577557756%" headers="mcps1.3.3.2.3.5.2.4.1.3 "><p id="cce_10_0112__p9541049123911">Command executed in the container to check the container status.</p>
<td class="cellrowborder" valign="top" width="57.755775577557756%" headers="mcps1.3.3.2.3.6.2.4.1.3 "><p id="cce_10_0112__p9541049123911">Command executed in the container to check the container status.</p>
<div class="note" id="cce_10_0112__note65304450568"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="cce_10_0112__ul49351119144319"><li id="cce_10_0112__li1551314319458">Before using this method, you must pack the program or tool into the container image. The cluster will directly execute the command in the container, so the file systems of the host machine or other containers cannot be accessed. If the program or tool (such as <strong id="cce_10_0112__b1721791215497">curl</strong>, <strong id="cce_10_0112__b9818111454911">nc</strong>, or a custom script) that the command depends on is not included in the image, "Command not found" is displayed.</li><li id="cce_10_0112__li1193513197432">If the command is a shell script, you must specify the script parser. The cluster does not execute probes in an interactive terminal environment. For this reason, you cannot directly execute the script as a command. You must use the script editor to invoke the script. For example, if the script is located in <strong id="cce_10_0112__b1070441835112">/data/scripts/health_check.sh</strong>, you need to execute <strong id="cce_10_0112__b180141585115">sh /data/scripts/health_check.sh</strong>.</li></ul>
</div></div>
</td>
@ -228,7 +232,7 @@ spec:
periodSeconds: 5
startupProbe: # Startup probe
httpGet: # An HTTP request is used to check the containers.
path: /healthz # The HTTP check path is <strong id="cce_10_0112__b821614484">/healthz</strong>.
path: /healthz # The HTTP check path is <strong id="cce_10_0112__b1054805760">/healthz</strong>.
port: 80 # The health check port is <strong id="cce_10_0112__b561594217264">80</strong>.
failureThreshold: 30
periodSeconds: 10</pre>

2
docs/cce/umn/cce_10_0113.html
View File

@ -6,7 +6,7 @@
<p id="cce_10_0113__p76801550153812">You can modify environment variables even after workloads are deployed, increasing flexibility in workload configuration. Configuring environment variables on CCE has the same function as specifying <span class="parmname" id="cce_10_0113__parmname6156912755"><b>ENV</b></span> in a Dockerfile. For more information, see <a href="https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/" target="_blank" rel="noopener noreferrer">Defining Environment Variables for a Container</a>.</p>
<div class="section" id="cce_10_0113__section13829152011595"><h4 class="sectiontitle">Adding Environment Variables on the Console</h4><p id="cce_10_0113__p12699859193614">Before using a ConfigMap or secret as an environment variable, ensure that the ConfigMap and secret have been created in the cluster. For details about how to create a ConfigMap and secret, see <a href="cce_10_0152.html">Creating a ConfigMap</a> and <a href="cce_10_0153.html">Creating a Secret</a>.</p>
<ol id="cce_10_0113__ol4904646935"><li id="cce_10_0113__li9293104917265"><span>Log in to the <span id="cce_10_0113__cce_10_0047_ph1519791153812">CCE console</span>.</span></li><li id="cce_10_0113__li330462393220"><span>Click the cluster name to go to the cluster console, choose <strong id="cce_10_0113__b101681021152811">Workloads</strong> in the navigation pane, and click <strong id="cce_10_0113__b1716942111284">Create Workload</strong> in the upper right corner.</span></li><li id="cce_10_0113__li190412461831"><span>In <strong id="cce_10_0113__b6199193616107">Container Information</strong> (<strong id="cce_10_0113__b197453419108">Container Settings</strong> &gt; <strong id="cce_10_0113__b1485784481018">Container Information</strong>), choose <span class="uicontrol" id="cce_10_0113__uicontrol121895317612"><b>Environment Variables</b></span>.</span></li><li id="cce_10_0113__li468251942720"><span>Configure environment variables as needed. CCE clusters support multiple types of environment variables. For details, see <a href="#cce_10_0113__table12941439155317">Table 1</a>.</span><p><ul id="cce_10_0113__ul825183111398"><li id="cce_10_0113__li8251203123915">To add environment variables one by one, click <span class="uicontrol" id="cce_10_0113__uicontrol1280917944713"><b>Add Variable</b></span> and set <span class="parmname" id="cce_10_0113__parmname1445564894613"><b>Type</b></span>, <span class="parmname" id="cce_10_0113__parmname18900115716467"><b>Variable Name</b></span>, and <span class="parmname" id="cce_10_0113__parmname15699107473"><b>Variable Value/Reference</b></span>.</li><li id="cce_10_0113__li12438193416413">To add environment variables in batches, click <span class="uicontrol" id="cce_10_0113__uicontrol185881419472"><b>Batch Edit Custom Variables</b></span>. Then, in the displayed dialog box, enter environment variables in the format of "Variable name=Variable value or variable reference".</li></ul>
<div class="fignone" id="cce_10_0113__fig164568529317"><a name="cce_10_0113__fig164568529317"></a><a name="fig164568529317"></a><span class="figcap"><b>Figure 1 </b>Configuring environment variables</span><br><span><img id="cce_10_0113__image131385146481" src="en-us_image_0000002434239996.png"></span></div>
<div class="fignone" id="cce_10_0113__fig164568529317"><a name="cce_10_0113__fig164568529317"></a><a name="fig164568529317"></a><span class="figcap"><b>Figure 1 </b>Configuring environment variables</span><br><span><img id="cce_10_0113__image131385146481" src="en-us_image_0000002484119078.png"></span></div>
<div class="tablenoborder"><a name="cce_10_0113__table12941439155317"></a><a name="table12941439155317"></a><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0113__table12941439155317" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Environment variables</caption><thead align="left"><tr id="cce_10_0113__row202957395538"><th align="left" class="cellrowborder" valign="top" width="13.38%" id="mcps1.3.4.3.4.2.3.2.3.1.1"><p id="cce_10_0113__p1629512394539">Parameter</p>
</th>

2
docs/cce/umn/cce_10_0125.html
View File

@ -13,7 +13,7 @@
</li>
<li class="ulchildlink"><strong><a href="cce_10_0839.html">(Recommended) Creating an SFS Turbo Subdirectory Using a Dynamic PV</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="cce_bestpractice_00253_0.html">Dynamically Creating an SFS Turbo Subdirectory Using StorageClass</a></strong><br>
<li class="ulchildlink"><strong><a href="cce_bestpractice_00253.html">Dynamically Creating an SFS Turbo Subdirectory Using StorageClass</a></strong><br>
</li>
</ul>

8
docs/cce/umn/cce_10_0129.html
View File

@ -1,9 +1,9 @@
<a name="cce_10_0129"></a><a name="cce_10_0129"></a>
<h1 class="topictitle1">CoreDNS</h1>
<div id="body1541044564596"><div class="section" id="cce_10_0129__section25311744154917"><h4 class="sectiontitle">Introduction</h4><p id="cce_10_0129__p02839134271"><span class="keyword" id="cce_10_0129__keyword17422121235720">CoreDNS</span> is a DNS server that provides domain name resolution for Kubernetes clusters through a chain add-on.</p>
<p id="cce_10_0129__p8277141265310">CoreDNS is an open-source software and has been a part of CNCF. It provides a means for cloud services to discover each other in cloud native deployments. Each of the plugins chained by CoreDNS provides a particular DNS function. You can integrate CoreDNS with only the plugins you need to make it fast, efficient, and flexible. When used in a Kubernetes cluster, CoreDNS can automatically discover services in the cluster and provide domain name resolution for these services. By working with DNS server, CoreDNS can resolve external domain names for workloads in a cluster.</p>
<p id="cce_10_0129__p297442816531"><strong id="cce_10_0129__b6319132843011">This add-on is installed by default during cluster creation.</strong></p>
<div id="body1541044564596"><div class="section" id="cce_10_0129__section25311744154917"><h4 class="sectiontitle">Introduction</h4><p id="cce_10_0129__p02839134271"><span class="keyword" id="cce_10_0129__keyword137397193284">CoreDNS</span> is a DNS server that provides domain name resolution for Kubernetes clusters through chained plugins.</p>
<p id="cce_10_0129__p8277141265310">CoreDNS is an open-source software and has been a part of CNCF. It provides a means for cloud services to discover each other in cloud native deployments. Each of the plugins chained by CoreDNS provides a particular DNS function. You can integrate CoreDNS with only the plugins you need to make it fast, efficient, and flexible. When used in a Kubernetes cluster, CoreDNS can automatically discover services in the cluster and provide domain name resolution for these services. By working with DNS servers, CoreDNS can resolve external domain names for workloads in a cluster.</p>
<p id="cce_10_0129__p297442816531"><strong id="cce_10_0129__b1659919264718">This add-on is installed by default during cluster creation.</strong></p>
<p id="cce_10_0129__p1574910495496">Kubernetes backs CoreDNS as the official default DNS for all clusters going forward.</p>
<p id="cce_10_0129__p1228518291395">CoreDNS official website: <a href="https://coredns.io/" target="_blank" rel="noopener noreferrer">https://coredns.io/</a></p>
<p id="cce_10_0129__p195944210105">Open-source community: <a href="https://github.com/coredns/coredns" target="_blank" rel="noopener noreferrer">https://github.com/coredns/coredns</a></p>
@ -361,7 +361,7 @@ $configBlock
<ol id="cce_10_0129__ol1895815493314"><li id="cce_10_0129__li29576413330">The query is first sent to the DNS caching layer in CoreDNS.</li><li id="cce_10_0129__li79589463318">From the caching layer, the suffix of the request is examined and then the request is forwarded to the corresponding DNS:<ul id="cce_10_0129__ul29582417338"><li id="cce_10_0129__li495814453313">Names with the cluster suffix, for example, <strong id="cce_10_0129__b11610940133413">.cluster.local</strong>: The request is sent to CoreDNS.</li></ul>
<ul id="cce_10_0129__ul189581349330"><li id="cce_10_0129__li169582413313">Names with the stub domain suffix, for example, <strong id="cce_10_0129__b208218633511">.acme.local</strong>: The request is sent to the configured custom DNS resolver that listens, for example, on 1.2.3.4.</li><li id="cce_10_0129__li195815453320">Names that do not match the suffix (for example, <strong id="cce_10_0129__b13519452133513">widget.com</strong>): The request is forwarded to the upstream DNS.</li></ul>
</li></ol>
<div class="fignone" id="cce_10_0129__fig7582181514118"><span class="figcap"><b>Figure 1 </b>Routing</span><br><span><img id="cce_10_0129__image23305161015" src="en-us_image_0000002434080192.png"></span></div>
<div class="fignone" id="cce_10_0129__fig7582181514118"><span class="figcap"><b>Figure 1 </b>Routing</span><br><span><img id="cce_10_0129__image23305161015" src="en-us_image_0000002484119088.png"></span></div>
</div>
<div class="section" id="cce_10_0129__section183121449435"><h4 class="sectiontitle">Release History</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0129__table88489551792" frame="border" border="1" rules="all"><caption><b>Table 6 </b>CoreDNS add-on</caption><thead align="left"><tr id="cce_10_0129__en-us_topic_0000001608265441_row139251455994"><th align="left" class="cellrowborder" valign="top" width="17.64%" id="mcps1.3.7.2.2.5.1.1"><p id="cce_10_0129__en-us_topic_0000001608265441_p1969103105514">Add-on Version</p>

18
docs/cce/umn/cce_10_0132.html
View File

@ -100,7 +100,7 @@
<p id="cce_10_0132__p2317112419618">Typical scenario: Disk I/O suspension causes process suspension.</p>
</td>
<td class="cellrowborder" valign="top" width="33%" headers="mcps1.3.6.4.1.2.2.4.1.3 "><p id="cce_10_0132__p16872758114011">Warning event</p>
<p id="cce_10_0132__p173071159247">Listening object: <strong id="cce_10_0132__b468310868">/dev/kmsg</strong></p>
<p id="cce_10_0132__p173071159247">Listening object: <strong id="cce_10_0132__b1554731857">/dev/kmsg</strong></p>
<p id="cce_10_0132__p153079591241">Matching rule: "task \\S+:\\w+ blocked for more than \\w+ seconds\\."</p>
</td>
</tr>
@ -112,7 +112,7 @@
</div></div>
</td>
<td class="cellrowborder" valign="top" width="33%" headers="mcps1.3.6.4.1.2.2.4.1.3 "><p id="cce_10_0132__p944535317711">Warning event</p>
<p id="cce_10_0132__p183981710948">Listening object: <strong id="cce_10_0132__b1521016897">/dev/kmsg</strong></p>
<p id="cce_10_0132__p183981710948">Listening object: <strong id="cce_10_0132__b2024021539">/dev/kmsg</strong></p>
<p id="cce_10_0132__p83993101042">Matching rule: <strong id="cce_10_0132__b15200817134219">Remounting filesystem read-only</strong></p>
</td>
</tr>
@ -146,14 +146,14 @@
<td class="cellrowborder" valign="top" width="36.28%" headers="mcps1.3.6.4.2.3.2.4.1.3 "><p id="cce_10_0132__p1954154717105">Check object: Docker or containerd</p>
</td>
</tr>
<tr id="cce_10_0132__row133983316414"><td class="cellrowborder" valign="top" width="29.75%" headers="mcps1.3.6.4.2.3.2.4.1.1 "><p id="cce_10_0132__p1273874481418">Frequent restarts of Kubelet</p>
<tr id="cce_10_0132__row133983316414"><td class="cellrowborder" valign="top" width="29.75%" headers="mcps1.3.6.4.2.3.2.4.1.1 "><p id="cce_10_0132__p1273874481418">Frequent restarts of kubelet</p>
<p id="cce_10_0132__p260214517150">FrequentKubeletRestart</p>
</td>
<td class="cellrowborder" valign="top" width="33.97%" headers="mcps1.3.6.4.2.3.2.4.1.2 "><p id="cce_10_0132__p187251156226">Periodically backtrack system logs to check whether the key component Kubelet restarts frequently.</p>
<td class="cellrowborder" valign="top" width="33.97%" headers="mcps1.3.6.4.2.3.2.4.1.2 "><p id="cce_10_0132__p187251156226">Periodically backtrack system logs to check whether the key component kubelet restarts frequently.</p>
</td>
<td class="cellrowborder" rowspan="3" valign="top" width="36.28%" headers="mcps1.3.6.4.2.3.2.4.1.3 "><ul id="cce_10_0132__ul15361156122"><li id="cce_10_0132__li14361515126">Default threshold: 10 restarts within 10 minutes<p id="cce_10_0132__p9122024101116"><a name="cce_10_0132__li14361515126"></a><a name="li14361515126"></a>If Kubelet restarts for 10 times within 10 minutes, it indicates that the system restarts frequently and a fault alarm is generated.</p>
<td class="cellrowborder" rowspan="3" valign="top" width="36.28%" headers="mcps1.3.6.4.2.3.2.4.1.3 "><ul id="cce_10_0132__ul15361156122"><li id="cce_10_0132__li14361515126">Default threshold: 10 restarts within 10 minutes<p id="cce_10_0132__p9122024101116"><a name="cce_10_0132__li14361515126"></a><a name="li14361515126"></a>If kubelet restarts 10 times within 10 minutes, it indicates that the system restarts frequently and a fault alarm is generated.</p>
</li><li id="cce_10_0132__li33695151213">Listening object: logs in the <strong id="cce_10_0132__b745058162910">/run/log/journal</strong> directory</li></ul>
<div class="note" id="cce_10_0132__note755113461253"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="cce_10_0132__p159646492519">The Ubuntu and HCE 2.0 OSs do not support the preceding check items due to incompatible log formats.</p>
<div class="note" id="cce_10_0132__note755113461253"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="cce_10_0132__p159646492519">Ubuntu and <span id="cce_10_0132__ph159972370253">HCE OS 2.0</span> do not support the preceding check items due to incompatible log formats.</p>
</div></div>
</td>
</tr>
@ -172,7 +172,7 @@
<tr id="cce_10_0132__row639123312418"><td class="cellrowborder" valign="top" width="29.75%" headers="mcps1.3.6.4.2.3.2.4.1.1 "><p id="cce_10_0132__p1237611179529">kubelet error</p>
<p id="cce_10_0132__p59951012101515">KubeletProblem</p>
</td>
<td class="cellrowborder" valign="top" width="33.97%" headers="mcps1.3.6.4.2.3.2.4.1.2 "><p id="cce_10_0132__p1639233134114">Check the status of the key component Kubelet.</p>
<td class="cellrowborder" valign="top" width="33.97%" headers="mcps1.3.6.4.2.3.2.4.1.2 "><p id="cce_10_0132__p1639233134114">Check the status of the key component kubelet.</p>
</td>
<td class="cellrowborder" valign="top" width="36.28%" headers="mcps1.3.6.4.2.3.2.4.1.3 "><p id="cce_10_0132__p1239133334118">None</p>
</td>
@ -255,7 +255,7 @@
<tbody><tr id="cce_10_0132__row34978752711"><td class="cellrowborder" valign="top" width="24.2%" headers="mcps1.3.6.4.2.5.2.4.1.1 "><p id="cce_10_0132__p1520151125414">Disk read-only</p>
<p id="cce_10_0132__p13529143342016">DiskReadonly</p>
</td>
<td class="cellrowborder" valign="top" width="39.550000000000004%" headers="mcps1.3.6.4.2.5.2.4.1.2 "><p id="cce_10_0132__p249713713271">Periodically perform write tests on the system disk and CCE data disks (including the CRI logical disk and Kubelet logical disk) of the node to check the availability of key disks.</p>
<td class="cellrowborder" valign="top" width="39.550000000000004%" headers="mcps1.3.6.4.2.5.2.4.1.2 "><p id="cce_10_0132__p249713713271">Periodically perform write tests on the system disk and CCE data disks (including the CRI logical disk and kubelet logical disk) of the node to check the availability of key disks.</p>
</td>
<td class="cellrowborder" valign="top" width="36.25%" headers="mcps1.3.6.4.2.5.2.4.1.3 "><p id="cce_10_0132__p164974742711">Detection paths:</p>
<ul id="cce_10_0132__ul15871334132818"><li id="cce_10_0132__li19587234112815">/mnt/paas/kubernetes/kubelet/</li><li id="cce_10_0132__li19808033154415">/var/lib/docker/</li><li id="cce_10_0132__li1232314353441">/var/lib/containerd/</li><li id="cce_10_0132__li445844115448">/var/paas/sys/log/cceaddon-npd/</li></ul>
@ -474,7 +474,7 @@
<div class="note" id="cce_10_0132__note103331531195320"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0132__p1733593118531">If the NPD add-on version is earlier than 1.16.5, the exposed port of Prometheus metrics is <strong id="cce_10_0132__b176723287178">20257</strong>.</p>
</div></div>
<p id="cce_10_0132__p207808271140">The metric data includes <strong id="cce_10_0132__b1792921517142">problem_counter</strong> and <strong id="cce_10_0132__b17930115181419">problem_gauge</strong>, as shown below.</p>
<pre class="screen" id="cce_10_0132__screen1898505318417"># HELP problem_counter Number of times a specific type of problem have occurred.
<pre class="screen" id="cce_10_0132__screen1898505318417"># HELP problem_counter Number of times a specific type of problem has occurred.
# TYPE problem_counter counter
problem_counter{reason="DockerHung"} 0
problem_counter{reason="DockerStart"} 0

92
docs/cce/umn/cce_10_0141.html
View File

File diff suppressed because it is too large Load Diff

10
docs/cce/umn/cce_10_0142.html
View File

@ -3,7 +3,7 @@
<h1 class="topictitle1">NodePort</h1>
<div id="body1553224785332"><p id="cce_10_0142__p208441873161">NodePort is a basic Service type in Kubernetes. It adds node port mapping to intra-cluster access. This means the Service is exposed on each node's IP address at a static port. When you create a NodePort Service, Kubernetes automatically allocates a cluster-scoped IP address (ClusterIP). When clients outside the cluster access <em id="cce_10_0142__i1633141917353">&lt;node-IP&gt;:&lt;node-port&gt;</em>, the traffic will be forwarded to the target pod through the ClusterIP of the NodePort Service.</p>
<p id="cce_10_0142__p1190217314375">If pods require temporary access or the traffic is low, you can create a NodePort Service. For example, in a testing environment, you can use a NodePort Service when deploying and debugging a web application.</p>
<div class="fignone" id="cce_10_0142__fig9844373162"><span class="figcap"><b>Figure 1 </b>NodePort Service access</span><br><span><img id="cce_10_0142__image188446714168" src="en-us_image_0000002434240328.png"></span></div>
<div class="fignone" id="cce_10_0142__fig9844373162"><span class="figcap"><b>Figure 1 </b>NodePort Service access</span><br><span><img id="cce_10_0142__image188446714168" src="en-us_image_0000002484119254.png"></span></div>
<div class="section" id="cce_10_0142__section8501151104219"><h4 class="sectiontitle">Constraints</h4><ul id="cce_10_0142__ul1685519569431"><li id="cce_10_0142__li1585575616436">By default, a NodePort Service is accessed within a VPC. To use an EIP to access a NodePort Service through public networks, bind an EIP to the node in the cluster in advance.</li><li id="cce_10_0142__li128551156114310">After a Service is created, if the affinity setting is switched from the cluster level to the node level, the connection tracing table will not be cleared. Do not modify the Service affinity setting after the Service is created. To modify it, create a Service again.</li><li id="cce_10_0142__li62831358182017">In a CCE Turbo cluster, node-level affinity is supported only when the Service backend is connected to a hostNetwork pod.</li><li id="cce_10_0142__li217783916207">In VPC network mode, when container A is published through a NodePort service and the service affinity is set to the node level (that is, <strong id="cce_10_0142__b1291203218520">externalTrafficPolicy</strong> is set to <strong id="cce_10_0142__b11911632135217">local</strong>), container B deployed on the same node cannot access container A through the node IP address and NodePort service.</li><li id="cce_10_0142__li14613571073">When a NodePort service is created in a cluster of v1.21.7 or later, the port on the node is not displayed using <strong id="cce_10_0142__b13256143512525">netstat</strong> by default. If the cluster forwarding mode is <strong id="cce_10_0142__b42563350522">iptables</strong>, run the <strong id="cce_10_0142__b62561135115212">iptables -t nat -L</strong> command to view the port. If the cluster forwarding mode is <strong id="cce_10_0142__b925763515218">IPVS</strong>, run the <strong id="cce_10_0142__b23917223106">ipvsadm -Ln</strong> command to view the port.</li></ul>
</div>
<div class="section" id="cce_10_0142__section1325012312139"><h4 class="sectiontitle">Using the CCE Console</h4><ol id="cce_10_0142__ol751935681319"><li id="cce_10_0142__li139101423718"><span>Log in to the <span id="cce_10_0142__cce_10_0004_ph18314322182">CCE console</span> and click the cluster name to access the cluster console.</span></li><li id="cce_10_0142__li1651955651312"><span>In the navigation pane, choose <strong id="cce_10_0142__b169702128151"><span id="cce_10_0142__text9765124722315">Services &amp; Ingresses</span></strong>. In the upper right corner, click <span class="uicontrol" id="cce_10_0142__uicontrol69701128153"><b>Create Service</b></span>.</span></li><li id="cce_10_0142__li185190567138"><span>Configure the parameters.</span><p>
@ -15,7 +15,7 @@
</thead>
<tbody><tr id="cce_10_0142__row1038821923616"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.5.2.3.2.1.1.3.1.1 "><p id="cce_10_0142__p103881619143614">Service Name</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.5.2.3.2.1.1.3.1.2 "><p id="cce_10_0142__p338971913618">Enter a name, which be can be the same as the workload name.</p>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.5.2.3.2.1.1.3.1.2 "><p id="cce_10_0142__p338971913618">Enter a name, which can be the same as the workload name.</p>
</td>
</tr>
<tr id="cce_10_0142__row133899198363"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.5.2.3.2.1.1.3.1.1 "><p id="cce_10_0142__p738971923615">Service Type</p>
@ -48,14 +48,14 @@
</tr>
<tr id="cce_10_0142__row1961420125396"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.5.2.3.2.1.1.3.1.1 "><p id="cce_10_0142__p14614141216391">Port</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.5.2.3.2.1.1.3.1.2 "><ul id="cce_10_0142__ul56583215504"><li id="cce_10_0142__cce_10_0011_li2289619143917"><strong id="cce_10_0142__cce_10_0011_b914900566">Protocol</strong>: the protocol supported by the Service.</li><li id="cce_10_0142__cce_10_0011_li628915191395"><strong id="cce_10_0142__cce_10_0011_b569396568">Container Port</strong>: the listening port of the service containers. The port ranges from 1 to 65535. You need to determine the port based on the container image. For example, the default port of Nginx is 80, and the default port of MySQL is 3306.</li><li id="cce_10_0142__cce_10_0011_li86391810174111"><strong id="cce_10_0142__cce_10_0011_b1066262561">Service Port</strong>: the port used to access the ClusterIP Service. You can customize the port as required. The port ranges from 1 to 65535.</li></ul>
<ul id="cce_10_0142__ul23221836104214"><li id="cce_10_0142__li7322136154213"><strong id="cce_10_0142__b693691577">Node Port</strong>: the port used for accessing the node using the node IP address. You are advised to select <span class="uicontrol" id="cce_10_0142__uicontrol954022186"><b>Auto</b></span>. You can also specify a port. The default port range is 30000 to 32767.</li></ul>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.5.2.3.2.1.1.3.1.2 "><ul id="cce_10_0142__ul56583215504"><li id="cce_10_0142__cce_10_0011_li2289619143917"><strong id="cce_10_0142__cce_10_0011_b97693479">Protocol</strong>: the protocol supported by the Service.</li><li id="cce_10_0142__cce_10_0011_li628915191395"><strong id="cce_10_0142__cce_10_0011_b1279989584">Container Port</strong>: the listening port of the service containers. The port ranges from 1 to 65535. You need to determine the port based on the container image. For example, the default port of Nginx is 80, and the default port of MySQL is 3306.</li><li id="cce_10_0142__cce_10_0011_li86391810174111"><strong id="cce_10_0142__cce_10_0011_b732021731">Service Port</strong>: the port used to access the ClusterIP Service. You can customize the port as required. The port ranges from 1 to 65535.</li></ul>
<ul id="cce_10_0142__ul23221836104214"><li id="cce_10_0142__li7322136154213"><strong id="cce_10_0142__b1313356258">Node Port</strong>: the port used for accessing the node using the node IP address. You are advised to select <span class="uicontrol" id="cce_10_0142__uicontrol259288764"><b>Auto</b></span>. You can also specify a port. The default port range is 30000 to 32767.</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="cce_10_0142__li552017569135"><span>Click <strong id="cce_10_0142__b1012031216378">OK</strong>. After creating the Service, access it through <em id="cce_10_0142__i334217722">&lt;node-IP-address&gt;</em><strong id="cce_10_0142__b1128753521">:</strong><em id="cce_10_0142__i202169268">&lt;node-port&gt;</em>. Cloud servers within the same VPC as the cluster or containers within the cluster can access this IP address. If an EIP is bound to a node, you can also use the EIP for access.</span><p><p id="cce_10_0142__p13244205819556"></p>
</p></li><li id="cce_10_0142__li552017569135"><span>Click <strong id="cce_10_0142__b1012031216378">OK</strong>. After creating the Service, access it through <em id="cce_10_0142__i1631637970">&lt;node-IP-address&gt;</em><strong id="cce_10_0142__b1380548623">:</strong><em id="cce_10_0142__i1722293842">&lt;node-port&gt;</em>. Cloud servers within the same VPC as the cluster or containers within the cluster can access this IP address. If an EIP is bound to a node, you can also use the EIP for access.</span><p><p id="cce_10_0142__p13244205819556"></p>
<p id="cce_10_0142__p204101123115612"></p>
</p></li></ol>
</div>

2
docs/cce/umn/cce_10_0146.html
View File

@ -33,7 +33,7 @@
</td>
<td class="cellrowborder" valign="top" width="78%" headers="mcps1.3.3.3.2.4.2.2.3.1.2 "><p id="cce_10_0146__p1678472115013">Describes configuration parameters required by templates.</p>
<div class="notice" id="cce_10_0146__note11415171194911"><span class="noticetitle"> NOTICE: </span><div class="noticebody"><p id="cce_10_0146__p394216481648">Make sure that the image address set in the <strong id="cce_10_0146__b169837156417">values.yaml</strong> file is the same as the image address in the container image repository. Otherwise, an exception occurs when you create a workload, and the system displays a message indicating that the image fails to be pulled.</p>
<p id="cce_10_0146__p04177113498">To obtain the image address, perform the following operations: Log in to the CCE console. In the navigation pane, choose <strong id="cce_10_0146__b860412174116">Image Repository</strong> to access the SWR console. Choose <strong id="cce_10_0146__b10171926114117">My Images</strong> &gt; <strong id="cce_10_0146__b12372684119">Private Images</strong> and click the name of the uploaded image. On the <strong id="cce_10_0146__b223726104111">Image Tags</strong> tab page, obtain the image address from the pull command. You can click <span><img id="cce_10_0146__image292113414153" src="en-us_image_0000002467679301.png"></span> to copy the command in the <strong id="cce_10_0146__b723192619418">Image Pull Command</strong> column.</p>
<p id="cce_10_0146__p04177113498">To obtain the image address, perform the following operations: Log in to the CCE console. In the navigation pane, choose <strong id="cce_10_0146__b860412174116">Image Repository</strong> to access the SWR console. Choose <strong id="cce_10_0146__b10171926114117">My Images</strong> &gt; <strong id="cce_10_0146__b12372684119">Private Images</strong> and click the name of the uploaded image. On the <strong id="cce_10_0146__b223726104111">Image Tags</strong> tab page, obtain the image address from the pull command. You can click <span><img id="cce_10_0146__image292113414153" src="en-us_image_0000002516199315.png"></span> to copy the command in the <strong id="cce_10_0146__b723192619418">Image Pull Command</strong> column.</p>
</div></div>
</td>
</tr>

4
docs/cce/umn/cce_10_0150.html
View File

@ -132,13 +132,13 @@
</tr>
<tr id="cce_10_0150__row1653314122189"><td class="cellrowborder" valign="top" width="23%" headers="mcps1.3.5.2.5.2.1.1.3.1.1 "><p id="cce_10_0150__p997043531614">Job Settings</p>
</td>
<td class="cellrowborder" valign="top" width="77%" headers="mcps1.3.5.2.5.2.1.1.3.1.2 "><ul id="cce_10_0150__ul043125115168"><li id="cce_10_0150__li643165151619"><strong id="cce_10_0150__b159839015110">Parallel Pods</strong>: Maximum number of pods that can run in parallel during job execution. The value cannot be greater than the total number of pods in the job.</li><li id="cce_10_0150__li184315514161"><strong id="cce_10_0150__b143534522119">Timeout (s)</strong>: Once a job reaches this time, the job status becomes failed and all pods in this job will be deleted. If you leave this parameter blank, the job will never time out.</li><li id="cce_10_0150__li3431155151611">Completion Mode<ul id="cce_10_0150__ul1343110513168"><li id="cce_10_0150__li243175114164"><strong id="cce_10_0150__b699913411252">Non-indexed</strong>: A job is considered complete when all the pods are successfully executed. Each pod completion is homologous to each other.</li><li id="cce_10_0150__li243145191611"><strong id="cce_10_0150__b19864151111213">Indexed</strong>: Each pod gets an associated completion index from 0 to the number of pods minus 1. The job is considered complete when every pod allocated with an index is successfully executed. For an indexed job, pods are named in the format of $(job-name)-$(index).</li></ul>
<td class="cellrowborder" valign="top" width="77%" headers="mcps1.3.5.2.5.2.1.1.3.1.2 "><ul id="cce_10_0150__ul043125115168"><li id="cce_10_0150__li643165151619"><strong id="cce_10_0150__b159839015110">Parallel Pods</strong>: Maximum number of pods that can run in parallel during job execution. The value cannot be greater than the total number of pods in the job.</li><li id="cce_10_0150__li184315514161"><strong id="cce_10_0150__b143534522119">Timeout (s)</strong>: Once a job reaches this time, the job status becomes failed and all pods in this job will be deleted. If you leave this parameter blank, the job will never time out.</li><li id="cce_10_0150__li3431155151611">Completion Mode<ul id="cce_10_0150__ul1343110513168"><li id="cce_10_0150__li243175114164"><strong id="cce_10_0150__b699913411252">Non-indexed</strong>: A job completes once all of its identical, independent pods finish successfully.</li><li id="cce_10_0150__li243145191611"><strong id="cce_10_0150__b19864151111213">Indexed</strong>: Each pod gets an associated completion index from 0 to the number of pods minus 1. The job is considered complete when every pod allocated with an index is successfully executed. For an indexed job, pods are named in the format of $(job-name)-$(index).</li></ul>
</li><li id="cce_10_0150__li1243135111163"><strong id="cce_10_0150__b28515464300">Suspend Job</strong>: By default, a job is executed immediately after being created. The job's execution will be suspended if you enable this option, and resumed after you disable it.</li></ul>
</td>
</tr>
<tr id="cce_10_0150__row7534151220182"><td class="cellrowborder" valign="top" width="23%" headers="mcps1.3.5.2.5.2.1.1.3.1.1 "><p id="cce_10_0150__p55339125183">Network Configuration</p>
</td>
<td class="cellrowborder" valign="top" width="77%" headers="mcps1.3.5.2.5.2.1.1.3.1.2 "><ul id="cce_10_0150__ul1582631234511"><li id="cce_10_0150__li11826612114513">Pod ingress/egress bandwidth limit: You can set ingress and egress bandwidth limits for pods. For details, see <a href="cce_10_0382.html">Configuring QoS for a Pod</a>.</li><li id="cce_10_0150__li2082621214510">Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will be created using the container subnet and security group in the configuration. For details, see <a href="cce_10_0196.html">Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration</a>.</li><li id="cce_10_0150__li582619127452">Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.</li><li id="cce_10_0150__li1826151234517">IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack network interfaces. For details, see <a href="cce_10_0604.html">Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack Network Interfaces</a>.</li></ul>
<td class="cellrowborder" valign="top" width="77%" headers="mcps1.3.5.2.5.2.1.1.3.1.2 "><ul id="cce_10_0150__ul1582631234511"><li id="cce_10_0150__li11826612114513">Pod ingress/egress bandwidth limit: You can set ingress and egress bandwidth limits for pods. For details, see <a href="cce_10_0382.html">Configuring QoS for a Pod</a>.</li><li id="cce_10_0150__li2082621214510">Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will use the subnet and security group defined in the configuration. For details, see <a href="cce_10_0196.html">Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration</a>.</li><li id="cce_10_0150__li582619127452">Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.</li><li id="cce_10_0150__li1826151234517">IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack network interfaces. For details, see <a href="cce_10_0604.html">Configuring a Shared Bandwidth for Dual-Stack Pods in a CCE Turbo Cluster</a>.</li></ul>
</td>
</tr>
</tbody>

4
docs/cce/umn/cce_10_0151.html
View File

@ -6,7 +6,7 @@
<ul id="cce_10_0151__ul1014216486439"><li id="cce_10_0151__li97907396546"><strong id="cce_10_0151__b3790203912540">Periodic backups</strong>: There is a need to periodically execute backup tasks, such as database backups and file system backups.</li><li id="cce_10_0151__li379020396542"><strong id="cce_10_0151__b079193985412">Data synchronization</strong>: Data is periodically synchronized from the primary node to a secondary node or cloud storage.</li><li id="cce_10_0151__li14791133912542"><strong id="cce_10_0151__b679173975410">Log clearing</strong>: There is a need to periodically clear old log files to free up storage space.</li><li id="cce_10_0151__li1879143975417"><strong id="cce_10_0151__b5791123935418">Periodic report</strong>: There is a need to periodically generate and send reports, such as system status reports and performance reports.</li><li id="cce_10_0151__li19791163995417"><strong id="cce_10_0151__b177911395546">Maintenance tasks</strong>: There is a need to execute regular system maintenance tasks, such as cache clearing and component updates.</li><li id="cce_10_0151__li179193985417"><strong id="cce_10_0151__b1679115391549">Scheduled tasks</strong>: There is a need to execute specific tasks at a specific time point or within a period, such as service restarts and health checks.</li></ul>
<div class="section" id="cce_10_0151__s50bf087555b1437aa249c1259138706c"><h4 class="sectiontitle">Prerequisites</h4><ul id="cce_10_0151__ul1685719423426"><li id="cce_10_0151__cce_10_0047_li596019263145">A cluster is available. For details about how to create a cluster, see <a href="cce_10_0028.html">Creating a CCE Standard/Turbo Cluster</a>.</li><li id="cce_10_0151__cce_10_0047_li1132215015415">There are some available nodes in the cluster. If no node is available, create one by referring to <a href="cce_10_0363.html">Creating a Node</a>.</li></ul>
</div>
<div class="section" id="cce_10_0151__section345135735520"><h4 class="sectiontitle">Using the CCE Console</h4><ol id="cce_10_0151__ol2012902601117"><li id="cce_10_0151__li1570412534517"><span>Log in to the <span id="cce_10_0151__cce_10_0047_ph1519791153812">CCE console</span>.</span></li><li id="cce_10_0151__li2075471341"><span>Click the cluster name to go to the cluster console, choose <strong id="cce_10_0151__b1885417579613">Workloads</strong> in the navigation pane, and click the <strong id="cce_10_0151__b1685418571868">Create Workload</strong> in the upper right corner.</span></li><li id="cce_10_0151__li67891737151520"><span>Configure <strong id="cce_10_0151__b146692367408">basic information</strong> about the workload.</span><p>
<div class="section" id="cce_10_0151__section345135735520"><h4 class="sectiontitle">Using the CCE Console</h4><ol id="cce_10_0151__ol2012902601117"><li id="cce_10_0151__li1570412534517"><span>Log in to the <span id="cce_10_0151__cce_10_0047_ph1519791153812">CCE console</span>.</span></li><li id="cce_10_0151__li2075471341"><span>Click the cluster name to go to the cluster console, choose <strong id="cce_10_0151__b1885417579613">Workloads</strong> in the navigation pane, and click <strong id="cce_10_0151__b1685418571868">Create Workload</strong> in the upper right corner.</span></li><li id="cce_10_0151__li67891737151520"><span>Configure <strong id="cce_10_0151__b146692367408">basic information</strong> about the workload.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0151__table18732191924816" frame="border" border="1" rules="all"><thead align="left"><tr id="cce_10_0151__row147328197481"><th align="left" class="cellrowborder" valign="top" width="23%" id="mcps1.3.5.2.3.2.1.1.3.1.1"><p id="cce_10_0151__p11733619164811">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="77%" id="mcps1.3.5.2.3.2.1.1.3.1.2"><p id="cce_10_0151__p13733201964812">Description</p>
@ -158,7 +158,7 @@
</tr>
<tr id="cce_10_0151__row7534151220182"><td class="cellrowborder" valign="top" width="23%" headers="mcps1.3.5.2.6.2.1.1.3.1.1 "><p id="cce_10_0151__p55339125183">Network Configuration</p>
</td>
<td class="cellrowborder" valign="top" width="77%" headers="mcps1.3.5.2.6.2.1.1.3.1.2 "><ul id="cce_10_0151__ul1582631234511"><li id="cce_10_0151__li11826612114513">Pod ingress/egress bandwidth limit: You can set ingress and egress bandwidth limits for pods. For details, see <a href="cce_10_0382.html">Configuring QoS for a Pod</a>.</li><li id="cce_10_0151__li2082621214510">Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will be created using the container subnet and security group in the configuration. For details, see <a href="cce_10_0196.html">Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration</a>.</li><li id="cce_10_0151__li582619127452">Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.</li><li id="cce_10_0151__li1826151234517">IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack network interfaces. For details, see <a href="cce_10_0604.html">Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack Network Interfaces</a>.</li></ul>
<td class="cellrowborder" valign="top" width="77%" headers="mcps1.3.5.2.6.2.1.1.3.1.2 "><ul id="cce_10_0151__ul1582631234511"><li id="cce_10_0151__li11826612114513">Pod ingress/egress bandwidth limit: You can set ingress and egress bandwidth limits for pods. For details, see <a href="cce_10_0382.html">Configuring QoS for a Pod</a>.</li><li id="cce_10_0151__li2082621214510">Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will use the subnet and security group defined in the configuration. For details, see <a href="cce_10_0196.html">Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration</a>.</li><li id="cce_10_0151__li582619127452">Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.</li><li id="cce_10_0151__li1826151234517">IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack network interfaces. For details, see <a href="cce_10_0604.html">Configuring a Shared Bandwidth for Dual-Stack Pods in a CCE Turbo Cluster</a>.</li></ul>
</td>
</tr>
</tbody>

13
docs/cce/umn/cce_10_0152.html
View File

@ -108,13 +108,20 @@ cce-configmap 3 7m</pre>
</tr>
<tr id="cce_10_0152__row12740103016592"><td class="cellrowborder" valign="top" width="17%" headers="mcps1.3.5.2.2.2.3.1.1 "><p id="cce_10_0152__p4740153012590">Updating a ConfigMap</p>
</td>
<td class="cellrowborder" valign="top" width="83%" headers="mcps1.3.5.2.2.2.3.1.2 "><ol id="cce_10_0152__ol187401330145919"><li id="cce_10_0152__li57402030165918">Select the name of the ConfigMap to be updated and click <strong id="cce_10_0152__b842352706114220">Update</strong>.</li><li id="cce_10_0152__li20740730145912">Modify the secret data. For more information, see <a href="#cce_10_0152__table16321825732">Table 1</a>.</li><li id="cce_10_0152__li15740930135911">Click <strong id="cce_10_0152__b15991746667">OK</strong>.</li></ol>
<td class="cellrowborder" valign="top" width="83%" headers="mcps1.3.5.2.2.2.3.1.2 "><ol id="cce_10_0152__ol187401330145919"><li id="cce_10_0152__li57402030165918">Select the name of the ConfigMap to be updated and click <strong id="cce_10_0152__b842352706114220">Update</strong>.</li><li id="cce_10_0152__li20740730145912">Modify the secret data. For more information, see <a href="#cce_10_0152__table16321825732">Table 1</a>.<div class="note" id="cce_10_0152__note5465854131919"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="cce_10_0152__p16232623202511">If you enable <span class="uicontrol" id="cce_10_0152__uicontrol15513205913254"><b>Version Management</b></span> during the ConfigMap update, CCE automatically generates a historical version for the ConfigMap before modification for data management and rollback.</p>
</div></div>
</li><li id="cce_10_0152__li15740930135911">Click <strong id="cce_10_0152__b15991746667">OK</strong>.</li></ol>
</td>
</tr>
<tr id="cce_10_0152__row874013304597"><td class="cellrowborder" valign="top" width="17%" headers="mcps1.3.5.2.2.2.3.1.1 "><p id="cce_10_0152__p17740330175915">Deleting a ConfigMap</p>
</td>
<td class="cellrowborder" valign="top" width="83%" headers="mcps1.3.5.2.2.2.3.1.2 "><p id="cce_10_0152__p13740630165914">Select the configuration you want to delete and click <strong id="cce_10_0152__b84235270613133">Delete</strong>.</p>
<p id="cce_10_0152__p1574020307590">Follow the prompts to delete the ConfigMap.</p>
<td class="cellrowborder" valign="top" width="83%" headers="mcps1.3.5.2.2.2.3.1.2 "><p id="cce_10_0152__p13740630165914">Select the target ConfigMap and choose <span class="menucascade" id="cce_10_0152__menucascade4302151263714"><b><span class="uicontrol" id="cce_10_0152__uicontrol1630213129374">More</span></b> &gt; <b><span class="uicontrol" id="cce_10_0152__uicontrol1130221243716">Delete</span></b></span>.</p>
<p id="cce_10_0152__p1574020307590">Delete the ConfigMap as instructed.</p>
</td>
</tr>
<tr id="cce_10_0152__row16725172102812"><td class="cellrowborder" valign="top" width="17%" headers="mcps1.3.5.2.2.2.3.1.1 "><p id="cce_10_0152__p177251827286">Rolling back a ConfigMap</p>
</td>
<td class="cellrowborder" valign="top" width="83%" headers="mcps1.3.5.2.2.2.3.1.2 "><p id="cce_10_0152__p157251625284">Select the target ConfigMap and choose <span class="menucascade" id="cce_10_0152__menucascade1271915586282"><b><span class="uicontrol" id="cce_10_0152__uicontrol1571916583287">More</span></b> &gt; <b><span class="uicontrol" id="cce_10_0152__uicontrol17263184132919">Rollback</span></b></span> to roll back it to the specified historical version as instructed. This function is available only when the ConfigMap has a historical version.</p>
</td>
</tr>
</tbody>

10
docs/cce/umn/cce_10_0153.html
View File

@ -84,11 +84,11 @@ data:
kind: Secret
metadata:
name: mysecret #Secret name
namespace: default #Namespace. The default value is <strong id="cce_10_0153__b1621939981">default</strong>.
namespace: default #Namespace. The default value is <strong id="cce_10_0153__b769227910">default</strong>.
data:
<strong id="cce_10_0153__b196671430132319">.dockerconfigjson: eyJh</strong><strong id="cce_10_0153__b1052142752319">*****</strong> # Content encoded using Base64.
<strong id="cce_10_0153__b18496153310233">type: kubernetes.io/dockerconfigjson</strong></pre>
<p id="cce_10_0153__p7733255143113">To obtain the <strong id="cce_10_0153__b1413319345816">.dockerconfigjson</strong> content, perform the following steps:</p>
<p id="cce_10_0153__p7733255143113">To obtain the <strong id="cce_10_0153__b1413319345816">.dockerconfigjson</strong> content, take the following steps:</p>
<ol id="cce_10_0153__ol6261351113320"><li id="cce_10_0153__li279611343415">Obtain the following login information of the image repository.<ul id="cce_10_0153__ul75924182344"><li id="cce_10_0153__li65922018193415">Image repository address: The section uses <em id="cce_10_0153__i9383862044">address</em> as an example. Replace it with the actual address.</li><li id="cce_10_0153__li913814208346">Username: The section uses <em id="cce_10_0153__i913416142420">username</em> as an example. Replace it with the actual username.</li><li id="cce_10_0153__li4879162443411">Password: The section uses <em id="cce_10_0153__i612916191847">password</em> as an example. Replace it with the actual password.</li></ul>
</li><li id="cce_10_0153__li1425171823615">Use Base64 to encode the key-value pair <em id="cce_10_0153__i259618118414">username:password</em> and fill the encoded content in <a href="#cce_10_0153__li157901847113720">3</a>.<pre class="screen" id="cce_10_0153__screen19278135783712">echo -n "<i><span class="varname" id="cce_10_0153__varname89741718193812">username:password</span></i>" | base64</pre>
<p id="cce_10_0153__p108321734154813">Command output:</p>
@ -103,7 +103,7 @@ data:
apiVersion: v1
metadata:
name: mysecret #Secret name
namespace: default #Namespace. The default value is <strong id="cce_10_0153__b1905902859">default</strong>.
namespace: default #Namespace. The default value is <strong id="cce_10_0153__b1561050801">default</strong>.
data:
tls.crt: <strong id="cce_10_0153__b1479454093611">LS0tLS1CRU*****FURS0tLS0t</strong> # Certificate content, which must be encoded using Base64.
tls.key: <strong id="cce_10_0153__b3794134014361">LS0tLS1CRU*****VZLS0tLS0=</strong> # Private key content, which must be encoded using Base64.
@ -113,7 +113,7 @@ data:
apiVersion: v1
metadata:
name: mysecret #Secret name
namespace: default #Namespace. The default value is <strong id="cce_10_0153__b1384441518">default</strong>.
namespace: default #Namespace. The default value is <strong id="cce_10_0153__b1744056100">default</strong>.
data:
tls.crt: <strong id="cce_10_0153__b4259755912">LS0tLS1CRU*****FURS0tLS0t</strong> # Certificate content, which must be encoded using Base64.
tls.key: <strong id="cce_10_0153__b1522022111010">LS0tLS1CRU*****VZLS0tLS0=</strong> # Private key content, which must be encoded using Base64.
@ -140,7 +140,7 @@ data:
</tr>
<tr id="cce_10_0153__row8412185010116"><td class="cellrowborder" valign="top" width="32%" headers="mcps1.3.7.2.3.2.3.1.1 "><p id="cce_10_0153__p1541213501611">Updating a secret</p>
</td>
<td class="cellrowborder" valign="top" width="68%" headers="mcps1.3.7.2.3.2.3.1.2 "><ol id="cce_10_0153__ol1341225020114"><li id="cce_10_0153__li74121507113">Select the name of the secret to be updated and click <strong id="cce_10_0153__b842352706114220">Update</strong>.</li><li id="cce_10_0153__li104127501214">Modify the secret data. For more information, see <a href="#cce_10_0153__table16321825732">Table 1</a>.</li><li id="cce_10_0153__li184127501617">Click <strong id="cce_10_0153__b462312572612">OK</strong>.</li></ol>
<td class="cellrowborder" valign="top" width="68%" headers="mcps1.3.7.2.3.2.3.1.2 "><ol id="cce_10_0153__ol1341225020114"><li id="cce_10_0153__li74121507113">Select the name of the secret to be updated and click <strong id="cce_10_0153__b842352706114220">Update</strong>.</li><li id="cce_10_0153__li104127501214">Modify the information by referring to <a href="#cce_10_0153__table16321825732">Table 1</a>.</li><li id="cce_10_0153__li184127501617">Click <strong id="cce_10_0153__b462312572612">OK</strong>.</li></ol>
</td>
</tr>
<tr id="cce_10_0153__row1541219508112"><td class="cellrowborder" valign="top" width="32%" headers="mcps1.3.7.2.3.2.3.1.1 "><p id="cce_10_0153__p141245010120">Deleting a secret</p>

53
docs/cce/umn/cce_10_0154.html
View File

File diff suppressed because it is too large Load Diff

6
docs/cce/umn/cce_10_0164.html
View File

@ -6,7 +6,7 @@
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="cce_10_0187.html">Permissions Overview</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="cce_10_0188.html">Granting Cluster Permissions to an IAM User</a></strong><br>
<li class="ulchildlink"><strong><a href="cce_10_0188.html">Cluster Permissions (IAM-based Authorization)</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="cce_10_0189.html">Namespace Permissions (Kubernetes RBAC-based)</a></strong><br>
</li>
@ -18,6 +18,10 @@
</li>
<li class="ulchildlink"><strong><a href="cce_10_0477.html">Service Account Token Security Improvement</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="cce_10_0556.html">System Agencies</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="cce_10_1069.html">Custom Agencies</a></strong><br>
</li>
</ul>
</div>

2
docs/cce/umn/cce_10_0175.html
View File

@ -2,7 +2,7 @@
<h1 class="topictitle1">Accessing a Cluster Using an X.509 Certificate</h1>
<div id="body1556615866530"><p id="cce_10_0175__p776312512519">X.509 certificates are essential for verifying identities and encrypting communication within CCE clusters. These certificates enable authorized clients to access target clusters while encrypting data transmission between them. This prevents threats like eavesdropping and tampering, ensuring secure communication, authenticated identities, and valid access. To initiate a connection using X.509 certificates, obtain the cluster certificate from the CCE console and use it to configure the client accordingly.</p>
<div class="section" id="cce_10_0175__section1590914113306"><h4 class="sectiontitle">Procedure</h4><ol id="cce_10_0175__ol898314521505"><li id="cce_10_0175__li4829928181812"><span>Log in to the <span id="cce_10_0175__ph1519791153812">CCE console</span> and click the cluster name to access the cluster console.</span></li><li id="cce_10_0175__li179831852301"><span>On the <strong id="cce_10_0175__b1562014204338"><span id="cce_10_0175__text999619481471">Overview</span></strong> page, locate the <strong id="cce_10_0175__b15595218133311">Connection Information</strong> area, and click <strong id="cce_10_0175__b17735142393311">Download</strong> next to <strong id="cce_10_0175__b11788192563319">X.509 certificate</strong>.</span></li><li id="cce_10_0175__li1979910715109"><span>In the <span class="uicontrol" id="cce_10_0175__uicontrol13516511412"><b>Obtain Certificate</b></span> dialog box displayed, select the certificate expiration time and download the <span class="keyword" id="cce_10_0175__keyword2331112794610">X.509 certificate</span> of the cluster as prompted.</span><p><div class="fignone" id="cce_10_0175__fig873583013712"><span class="figcap"><b>Figure 1 </b>Downloading a certificate</span><br><span><img id="cce_10_0175__image5191162792910" src="en-us_image_0000002434080488.png"></span></div>
<div class="section" id="cce_10_0175__section1590914113306"><h4 class="sectiontitle">Procedure</h4><ol id="cce_10_0175__ol898314521505"><li id="cce_10_0175__li4829928181812"><span>Log in to the <span id="cce_10_0175__ph1519791153812">CCE console</span> and click the cluster name to access the cluster console.</span></li><li id="cce_10_0175__li179831852301"><span>On the <strong id="cce_10_0175__b1562014204338"><span id="cce_10_0175__text999619481471">Overview</span></strong> page, locate the <strong id="cce_10_0175__b15595218133311">Connection Information</strong> area, and click <strong id="cce_10_0175__b17735142393311">Download</strong> next to <strong id="cce_10_0175__b11788192563319">X.509 certificate</strong>.</span></li><li id="cce_10_0175__li1979910715109"><span>In the <span class="uicontrol" id="cce_10_0175__uicontrol13516511412"><b>Obtain Certificate</b></span> dialog box, select the validity period and download the <span class="keyword" id="cce_10_0175__keyword2331112794610">X.509 certificate</span> of the cluster as prompted.</span><p><div class="fignone" id="cce_10_0175__fig873583013712"><span class="figcap"><b>Figure 1 </b>Downloading a certificate</span><br><span><img id="cce_10_0175__image5191162792910" src="en-us_image_0000002483959374.png"></span></div>
<div class="notice" id="cce_10_0175__note21816913343"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><ul id="cce_10_0175__ul45041635102414"><li id="cce_10_0175__li050403542411">The downloaded certificate contains three files: <strong id="cce_10_0175__b1790092752911">client.key</strong>, <strong id="cce_10_0175__b990002710298">client.crt</strong>, and <strong id="cce_10_0175__b690015272292">ca.crt</strong>. Keep these files secure.</li><li id="cce_10_0175__li150414359248">Certificates are not required for mutual access between containers in a cluster.</li><li id="cce_10_0175__li193993573192">An issued X.509 certificate remains valid even if the user who requested it is deleted. To ensure cluster security, manually revoke the user's cluster access credentials. For details, see <a href="cce_10_0744.html">Revoking a Cluster Access Credential</a>.</li></ul>
</div></div>
</p></li><li id="cce_10_0175__li067115818495"><span>Import the X.509 certificate to the client and use the certificate to call Kubernetes native APIs.</span><p><p id="cce_10_0175__p1870145813497">For example, run the <strong id="cce_10_0175__b19239134672614">curl</strong> command to call an API to obtain the pod information. The following is an example:</p>

38
docs/cce/umn/cce_10_0178.html
View File

File diff suppressed because it is too large Load Diff

6
docs/cce/umn/cce_10_0180.html
View File

@ -15,7 +15,7 @@
<p id="cce_10_0180__p775411518716"><strong id="cce_10_0180__b165551257173713">containerd</strong></p>
<p id="cce_10_0180__p66721751084">Nodes running on containerd use the ext4 file storage system.</p>
</div>
<div class="section" id="cce_10_0180__section1163534412367"><h4 class="sectiontitle">paas User and User Group</h4><p id="cce_10_0180__p2431914163714">When you create a node in a cluster, the <span class="keyword" id="cce_10_0180__keyword12385114255216">paas</span> user or a <span class="keyword" id="cce_10_0180__keyword12946151191711">user group</span> will be created on the node by default. CCE components and CCE add-ons on a node run as a non-root user (user <strong id="cce_10_0180__b1169194817229">paas</strong> or a user group) to minimize the running permission. If the paas user or user group is modified, CCE components and pods may fail to run properly.</p>
<div class="section" id="cce_10_0180__section1163534412367"><h4 class="sectiontitle">paas User and User Group</h4><p id="cce_10_0180__p2431914163714">When you create a node in a cluster, the <strong id="cce_10_0180__b839533143313">paas</strong> user or <span class="keyword" id="cce_10_0180__keyword12946151191711">user group</span> will be created on the node by default. CCE components and CCE add-ons on a node run as a non-root user (the <strong id="cce_10_0180__b1169194817229">paas</strong> <strong id="cce_10_0180__b757161573315">paas</strong> or user group) to minimize the running permission. If the <strong id="cce_10_0180__b1977614447333">paas</strong> user or user group is modified, CCE components and pods may fail to run properly.</p>
<div class="notice" id="cce_10_0180__note1649203844910"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="cce_10_0180__p7884254523">The normal running of CCE components depends on the paas user or user group. Pay attention to the following requirements:</p>
<ul id="cce_10_0180__ul82821025145111"><li id="cce_10_0180__li17775102813171">Do not modify the directory permission and container directory permission on a node.</li><li id="cce_10_0180__li1980170112013">Do not change the GID and UID of the paas user or user group.</li><li id="cce_10_0180__li86012816535">Do not directly use the paas user or user group to set the user and group to which the service file belongs.</li></ul>
</div></div>
@ -43,7 +43,7 @@
<td class="cellrowborder" valign="top" width="21%" headers="mcps1.3.5.3.2.4.1.2 "><p id="cce_10_0180__p338181615362">Stable state</p>
</td>
<td class="cellrowborder" valign="top" width="62%" headers="mcps1.3.5.3.2.4.1.3 "><p id="cce_10_0180__p438161693614">The node is not functioning correctly, which includes being in a stopped state.</p>
<p id="cce_10_0180__p17861683368">Instances in this state cannot provide services.</p>
<p id="cce_10_0180__p17861683368">Nodes in this state cannot provide services.</p>
</td>
</tr>
<tr id="cce_10_0180__row4425127202910"><td class="cellrowborder" valign="top" width="17%" headers="mcps1.3.5.3.2.4.1.1 "><p id="cce_10_0180__p114251477299">Creating</p>
@ -80,7 +80,7 @@
<td class="cellrowborder" valign="top" width="21%" headers="mcps1.3.5.3.2.4.1.2 "><p id="cce_10_0180__p61811496382">Stable state</p>
</td>
<td class="cellrowborder" valign="top" width="62%" headers="mcps1.3.5.3.2.4.1.3 "><p id="cce_10_0180__p9930111744220">The node is abnormal.</p>
<p id="cce_10_0180__p1573815398352">Instances in this state no longer provide services. In this case, perform the operations in <a href="cce_10_0003.html">Resetting a Node</a>.</p>
<p id="cce_10_0180__p1573815398352">Nodes in this state no longer provide services. In this case, perform the operations in <a href="cce_10_0003.html">Resetting a Node</a>.</p>
</td>
</tr>
</tbody>

8
docs/cce/umn/cce_10_0184.html
View File

@ -1,12 +1,12 @@
<a name="cce_10_0184"></a><a name="cce_10_0184"></a>
<h1 class="topictitle1">Synchronizing the Data of Cloud Servers</h1>
<div id="body1559203372010"><div class="section" id="cce_10_0184__section2175132617712"><h4 class="sectiontitle">Scenario</h4><p id="cce_10_0184__p179715213166">Each node in a cluster is a cloud server or physical machine. After a cluster node is created, you can change the cloud server name or specifications as required. Modifying node specifications will affect services. Perform the operation on nodes one by one.</p>
<p id="cce_10_0184__p116412521617">Some CCE node information is maintained independently of the ECS console. After changing an ECS's name, EIP, or specifications on the ECS console, <span class="keyword" id="cce_10_0184__keyword1089112476574">synchronize it</span> with the target node on the CCE console to ensure consistency.</p>
<div id="body1559203372010"><div class="section" id="cce_10_0184__section2175132617712"><h4 class="sectiontitle">Scenario</h4><p id="cce_10_0184__p179715213166">Each node in a cluster is a cloud server. After a cluster node is created, you can change the cloud server name or specifications as required. Modifying node specifications will affect services. Perform the operation on nodes one by one.</p>
<p id="cce_10_0184__p116412521617">Some CCE node information is maintained independently of the cloud server console. After changing a cloud server's name, EIP, or specifications on the cloud server console, <span class="keyword" id="cce_10_0184__keyword1089112476574">synchronize it</span> with the target node on the CCE console to ensure consistency.</p>
</div>
<div class="section" id="cce_10_0184__section299918342346"><h4 class="sectiontitle">Notes and Constraints</h4><ul id="cce_10_0184__ul121015107312"><li id="cce_10_0184__li3101810193119">Data, including the VM status, ECS names, number of CPUs, size of memory, ECS specifications, and public IP addresses, can be synchronized.</li><li id="cce_10_0184__li8102110103118">The following data cannot be synchronized: OS, image ID, and disk configuration.</li></ul>
<div class="section" id="cce_10_0184__section299918342346"><h4 class="sectiontitle">Constraints</h4><ul id="cce_10_0184__ul121015107312"><li id="cce_10_0184__li3101810193119">Data, including the statuses, names, number of CPUs, memory, specifications, and public IP addresses of cloud servers, can be synchronized.</li><li id="cce_10_0184__li8102110103118">The following data cannot be synchronized: OS, image ID, and disk configuration.</li></ul>
</div>
<div class="section" id="cce_10_0184__section2076543461216"><h4 class="sectiontitle">Synchronizing the Data of a Cloud Server</h4><ol id="cce_10_0184__ol1882502762811"><li id="cce_10_0184__li849281818811"><span>Log in to the <span id="cce_10_0184__ph19642061398">CCE console</span> and click the cluster name to access the cluster console.</span></li><li id="cce_10_0184__li159521745431"><span>In the navigation pane, choose <span class="uicontrol" id="cce_10_0184__uicontrol1978089788103633"><b>Nodes</b></span>. On the displayed page, click the <strong id="cce_10_0184__b885336996103633">Nodes</strong> tab.</span></li><li id="cce_10_0184__li224719151931"><span>Locate the target node and choose <strong id="cce_10_0184__b2771271665">More</strong> &gt; <strong id="cce_10_0184__b765915477612">Sync Server Data</strong> in the <strong id="cce_10_0184__b294212552617">Operation</strong> column.</span><p><p id="cce_10_0184__p17635154314012">After the synchronization is complete, the <strong id="cce_10_0184__b52353142615">ECS data synchronization requested</strong> message is displayed in the upper right corner.</p>
<div class="section" id="cce_10_0184__section2076543461216"><h4 class="sectiontitle">Synchronizing the Data of a Cloud Server</h4><ol id="cce_10_0184__ol1882502762811"><li id="cce_10_0184__li849281818811"><span>Log in to the <span id="cce_10_0184__ph19642061398">CCE console</span> and click the cluster name to access the cluster console.</span></li><li id="cce_10_0184__li159521745431"><span>In the navigation pane, choose <span class="uicontrol" id="cce_10_0184__uicontrol1978089788103633"><b>Nodes</b></span>. On the displayed page, click the <strong id="cce_10_0184__b885336996103633">Nodes</strong> tab.</span></li><li id="cce_10_0184__li224719151931"><span>Locate the target node and choose <strong id="cce_10_0184__b2771271665">More</strong> &gt; <strong id="cce_10_0184__b765915477612">Sync Server Data</strong> in the <strong id="cce_10_0184__b294212552617">Operation</strong> column.</span><p><p id="cce_10_0184__p17635154314012">After the synchronization is complete, the "ECS data synchronization requested" message is displayed in the upper right corner.</p>
</p></li></ol>
</div>
</div>

31
docs/cce/umn/cce_10_0185.html
View File

@ -1,46 +1,47 @@
<a name="cce_10_0185"></a><a name="cce_10_0185"></a>
<h1 class="topictitle1">Logging In to a Node</h1>
<div id="body1559203372010"><div class="section" id="cce_10_0185__section1492661620507"><h4 class="sectiontitle">Prerequisites</h4><ul id="cce_10_0185__ul119041718185518"><li id="cce_10_0185__li12182723114411">Before you log in to a node using SSH, ensure the SSH port (22 by default) is enabled in the security group of the node. </li><li id="cce_10_0185__li490481815515">Before you log in to a node (an ECS) via SSH over the Internet, ensure the ECS already has an EIP bound.</li><li id="cce_10_0185__li16904121855510">Only a running ECS can be logged in to.</li><li id="cce_10_0185__li3827103362110">Only user <strong id="cce_10_0185__b197020279318"><span id="cce_10_0185__text12656192763716">linux</span></strong> can log in to a Linux server.</li></ul>
<div id="body1559203372010"><p id="cce_10_0185__p078132116213">You can log in to the target ECS node for troubleshooting, monitoring its performance, or executing custom scripts.</p>
<div class="section" id="cce_10_0185__section1492661620507"><h4 class="sectiontitle">Prerequisites</h4><ul id="cce_10_0185__ul119041718185518"><li id="cce_10_0185__li12182723114411">Before you log in to a node using SSH, ensure the SSH port (22 by default) is enabled in the security group of the node. </li><li id="cce_10_0185__li490481815515">Before you log in to a node (an ECS) via SSH over the Internet, ensure the ECS already has an EIP bound.</li><li id="cce_10_0185__li16904121855510">Only a running ECS can be logged in to.</li><li id="cce_10_0185__li3827103362110">Only user <strong id="cce_10_0185__b197020279318"><span id="cce_10_0185__text12656192763716">linux</span></strong> can log in to a Linux server.</li></ul>
</div>
<div class="section" id="cce_10_0185__section1391822316511"><h4 class="sectiontitle">Login Modes</h4><p id="cce_10_0185__p9647194820547">You can log in to an ECS in either of the following modes:</p>
<ul id="cce_10_0185__ul03289813567"><li id="cce_10_0185__li3821114685618">Management console (VNC)<p id="cce_10_0185__p957217278576"><a name="cce_10_0185__li3821114685618"></a><a name="li3821114685618"></a>If an ECS has no EIP, log in to the ECS console and click <strong id="cce_10_0185__b2647192473610">Remote Login</strong> in the same row as the ECS.</p>
<ul id="cce_10_0185__ul03289813567"><li id="cce_10_0185__li3821114685618">Management console (VNC)<p id="cce_10_0185__p957217278576"><a name="cce_10_0185__li3821114685618"></a><a name="li3821114685618"></a>If an ECS has no EIP, log in to the ECS console and click <strong id="cce_10_0185__b1813203065915">Remote Login</strong> in the <strong id="cce_10_0185__b9813163075911">Operation</strong> column of the ECS.</p>
<p id="cce_10_0185__p14616164455714">For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual/ecs/en-us_topic_0093263550.html" target="_blank" rel="noopener noreferrer">Login Using VNC</a>.</p>
</li><li id="cce_10_0185__li1893519588571">SSH<p id="cce_10_0185__p14702017584"><a name="cce_10_0185__li1893519588571"></a><a name="li1893519588571"></a>This mode applies only to ECSs running Linux. You can typically use a remote login tool like PuTTY, Xshell, or SecureCRT to log in to your ECS. If none of the remote login tools can be used, log in to the ECS console and click <strong id="cce_10_0185__b6609145220365">Remote Login</strong> in the same row as the ECS to view the connection status and running status of the ECS.</p>
</li><li id="cce_10_0185__li1893519588571">SSH<p id="cce_10_0185__p14702017584"><a name="cce_10_0185__li1893519588571"></a><a name="li1893519588571"></a>This mode applies only to ECSs running Linux. You can use a remote login tool like PuTTY, Xshell, or SecureCRT to log in to your ECS. If none of the remote login tools can be used, log in to the ECS console and click <strong id="cce_10_0185__b6609145220365">Remote Login</strong> in the <strong id="cce_10_0185__b164411222011">Operation</strong> column of the ECS to view the connection status and ECS status.</p>
<div class="note" id="cce_10_0185__note207919182211"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="cce_10_0185__ul1678102051"><li id="cce_10_0185__li980235455">When you log in to a Linux node from Windows, set <strong id="cce_10_0185__b16493233638">Auto-login username</strong> to <strong id="cce_10_0185__b19521524171510"><span id="cce_10_0185__text37277158556">linux</span></strong>.</li><li id="cce_10_0185__li17802205258">The CCE console does not support node OS upgrade. Do not upgrade the node OS using the <strong id="cce_10_0185__b1291344241719">yum update</strong> command. Otherwise, the container networking components will be unavailable. </li></ul>
</div></div>
</li></ul>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0185__table8204165071419" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Linux ECS login modes</caption><thead align="left"><tr id="cce_10_0185__row192061050201414"><th align="left" class="cellrowborder" valign="top" width="18.061806180618063%" id="mcps1.3.3.2.4.1.1"><p id="cce_10_0185__p8206135011143">EIP Binding</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0185__table8204165071419" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Linux ECS login modes</caption><thead align="left"><tr id="cce_10_0185__row192061050201414"><th align="left" class="cellrowborder" valign="top" width="18.061806180618063%" id="mcps1.3.4.2.4.1.1"><p id="cce_10_0185__p8206135011143">EIP Binding</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20.312031203120313%" id="mcps1.3.3.2.4.1.2"><p id="cce_10_0185__p15206250101419">On-Premises OS</p>
<th align="left" class="cellrowborder" valign="top" width="20.312031203120313%" id="mcps1.3.4.2.4.1.2"><p id="cce_10_0185__p15206250101419">On-Premises OS</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="61.626162616261624%" id="mcps1.3.3.2.4.1.3"><p id="cce_10_0185__p112061550171411">Connection Method</p>
<th align="left" class="cellrowborder" valign="top" width="61.626162616261624%" id="mcps1.3.4.2.4.1.3"><p id="cce_10_0185__p112061550171411">Connection Method</p>
</th>
</tr>
</thead>
<tbody><tr id="cce_10_0185__row2206125031417"><td class="cellrowborder" valign="top" width="18.061806180618063%" headers="mcps1.3.3.2.4.1.1 "><p id="cce_10_0185__p738113171515">Yes</p>
<tbody><tr id="cce_10_0185__row2206125031417"><td class="cellrowborder" valign="top" width="18.061806180618063%" headers="mcps1.3.4.2.4.1.1 "><p id="cce_10_0185__p738113171515">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20.312031203120313%" headers="mcps1.3.3.2.4.1.2 "><p id="cce_10_0185__p23827141513">Windows</p>
<td class="cellrowborder" valign="top" width="20.312031203120313%" headers="mcps1.3.4.2.4.1.2 "><p id="cce_10_0185__p23827141513">Windows</p>
</td>
<td class="cellrowborder" valign="top" width="61.626162616261624%" headers="mcps1.3.3.2.4.1.3 "><p id="cce_10_0185__p338221111510">Use a remote login tool, such as PuTTY or Xshell.</p>
<td class="cellrowborder" valign="top" width="61.626162616261624%" headers="mcps1.3.4.2.4.1.3 "><p id="cce_10_0185__p338221111510">Use a remote login tool, such as PuTTY or Xshell.</p>
<ul id="cce_10_0185__ul1838251121515"><li id="cce_10_0185__li2382511159">SSH key authentication: <a href="https://docs.otc.t-systems.com/usermanual/ecs/en-us_topic_0017955380.html" target="_blank" rel="noopener noreferrer">Logging In to a Linux ECS Using an SSH Key Pair</a></li></ul>
</td>
</tr>
<tr id="cce_10_0185__row320725051416"><td class="cellrowborder" valign="top" width="18.061806180618063%" headers="mcps1.3.3.2.4.1.1 "><p id="cce_10_0185__p1638214118155">Yes</p>
<tr id="cce_10_0185__row320725051416"><td class="cellrowborder" valign="top" width="18.061806180618063%" headers="mcps1.3.4.2.4.1.1 "><p id="cce_10_0185__p1638214118155">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20.312031203120313%" headers="mcps1.3.3.2.4.1.2 "><p id="cce_10_0185__p1138261181513">Linux</p>
<td class="cellrowborder" valign="top" width="20.312031203120313%" headers="mcps1.3.4.2.4.1.2 "><p id="cce_10_0185__p1138261181513">Linux</p>
</td>
<td class="cellrowborder" valign="top" width="61.626162616261624%" headers="mcps1.3.3.2.4.1.3 "><p id="cce_10_0185__p113834114153">Run commands.</p>
<td class="cellrowborder" valign="top" width="61.626162616261624%" headers="mcps1.3.4.2.4.1.3 "><p id="cce_10_0185__p113834114153">Run commands.</p>
<ul id="cce_10_0185__ul1038319116153"><li id="cce_10_0185__li53831118153">SSH key authentication: <a href="https://docs.otc.t-systems.com/usermanual/ecs/en-us_topic_0017955380.html" target="_blank" rel="noopener noreferrer">Logging In to a Linux ECS Using an SSH Key Pair</a></li></ul>
</td>
</tr>
<tr id="cce_10_0185__row0207145014149"><td class="cellrowborder" valign="top" width="18.061806180618063%" headers="mcps1.3.3.2.4.1.1 "><p id="cce_10_0185__p13383131101518">Yes/No</p>
<tr id="cce_10_0185__row0207145014149"><td class="cellrowborder" valign="top" width="18.061806180618063%" headers="mcps1.3.4.2.4.1.1 "><p id="cce_10_0185__p13383131101518">Yes/No</p>
</td>
<td class="cellrowborder" valign="top" width="20.312031203120313%" headers="mcps1.3.3.2.4.1.2 "><p id="cce_10_0185__p5383813159">Windows/Linux</p>
<td class="cellrowborder" valign="top" width="20.312031203120313%" headers="mcps1.3.4.2.4.1.2 "><p id="cce_10_0185__p5383813159">Windows/Linux</p>
</td>
<td class="cellrowborder" valign="top" width="61.626162616261624%" headers="mcps1.3.3.2.4.1.3 "><p id="cce_10_0185__p238317110159">Remote login using the management console: <a href="https://docs.otc.t-systems.com/usermanual/ecs/en-us_topic_0093263550.html" target="_blank" rel="noopener noreferrer">Logging In to a Linux ECS Using VNC</a></p>
<td class="cellrowborder" valign="top" width="61.626162616261624%" headers="mcps1.3.4.2.4.1.3 "><p id="cce_10_0185__p238317110159">Remote login using the management console: <a href="https://docs.otc.t-systems.com/usermanual/ecs/en-us_topic_0093263550.html" target="_blank" rel="noopener noreferrer">Login Using VNC</a></p>
</td>
</tr>
</tbody>

2
docs/cce/umn/cce_10_0187.html
View File

@ -9,7 +9,7 @@
</li></ul>
</div>
<p id="cce_10_0187__p7261627145419">In general, you configure CCE permissions in two scenarios. The first is creating and managing clusters and related resources, such as nodes. The second is creating and using Kubernetes resources in the cluster, such as workloads and Services.</p>
<div class="fignone" id="cce_10_0187__fig11818185173613"><span class="figcap"><b>Figure 1 </b>Illustration on CCE permissions</span><br><span><img id="cce_10_0187__image77663013375" src="en-us_image_0000002467679137.png"></span></div>
<div class="fignone" id="cce_10_0187__fig11818185173613"><span class="figcap"><b>Figure 1 </b>Illustration on CCE permissions</span><br><span><img id="cce_10_0187__image77663013375" src="en-us_image_0000002516079463.png"></span></div>
<p id="cce_10_0187__p791472435616">These permissions allow you to manage resource users at a finer granularity.</p>
</div>
<div class="section" id="cce_10_0187__section1464135853519"><a name="cce_10_0187__section1464135853519"></a><a name="section1464135853519"></a><h4 class="sectiontitle">Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based)</h4><p id="cce_10_0187__p5275251191113">Users with different cluster permissions (assigned using IAM) have different namespace permissions (assigned using Kubernetes RBAC). <a href="#cce_10_0187__table886210176509">Table 1</a> lists the namespace permissions of different users.</p>

Some files were not shown because too many files have changed in this diff Show More